Blue Team Cyber Defender

  Learn the basics of threat and vulnerability management using Open Vulnerability Assessment Scanning Link- https://tryhackme.com/room/openvas When did the scan start in Case 001? Feb 28, 00:04:46 When did the scan end in Case 001? Feb 28, 00:21:02 How many ports are open in Case 001? 3 How many total vulnerabilities were found in Case 001? 5 What is the highest severity vulnerability found? (MSxx-xxx) MS17–010 What is the first affected OS to this vulnerability? Microsoft Windows 10 x32/x64 Edition What is the recommended vulnerability detection method? Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability. That’s it! See you in the next Room :)

  Practice analyzing malicious traffic using Brim. Link - https://tryhackme.com/room/mastermindsxlq [Infection 1] Provide the victim’s IP address. Load infection1.pcap in Brim Check the source IP of “Http Requests” 192.168.75.249 The victim attempted to make HTTP connections to two suspicious domains with the status ‘404 Not Found’. Provide the hosts/domains requested. cambiasuhistoria.growlab.es, www.letscompareonline.com The victim made a successful HTTP connection to one of the domains and received the response_body_len of 1,309 (uncompressed content size of the data transferred from the server). Provide the domain and the destination IP address. Check the “Http Requests” ww25.gocphongthe.com,199.59.242.153 How many unique DNS requests were made to cab[.]myfkn[.]com domain (including the capitalized domain)? Check “Unique DNS Queries” 7 Provide the URI of the domain bhaktivrind[.]com that the victim reached out over HTTP. Check the “Http Requests” /cgi-bin/JBbb8/ Provide the IP addr

  An introduction to the main components of the Metasploit Framework. Link :- https://tryhackme.com/room/metasploitintro What is the name of the code taking advantage of a flaw on the target system? Exploit What is the name of the code that runs on the target system to achieve the attacker’s goal? Payload What are self-contained payloads called? Singles Is “windows/x64/pingback_reverse_tcp” among singles or staged payload? Singles How would you search for a module related to Apache? search apache Who provided the auxiliary/scanner/ssh/ssh_login module? todb How would you set the LPORT value to 6666? set LPORT 6666 How would you set the global value for RHOSTS to 10.10.19.23 ? setg RHOSTS 10.10.19.23 What command would you use to clear a set payload? unset PAYLOAD What command do you use to proceed with the exploitation phase? exploit That’s it. See you all in the next room :)

  Are you good enough to apply for this job? Link :- https://tryhackme.com/room/empline Get all the flags to complete the room. Run a nmap scan to check for open ports Port 80 is open. Let us visit it Since this room hints at applying for a job- Let us click on “Employment”. This does not lead anywhere. Check source code of page :- Seems it refers to job.empline.thm/careers Let change our /etc/hosts file and link the IP to this Now the url works:- Click on “Show all jobs” and the “mobile dev” position We can click on “Apply to Position” This page allows us to upload a file. Interesting… Let’s find the OpenCats version by going to jobs.empline.thm:- A google search for exploit for opencats 0.9.4 leads us to an article by doddsecurity(.)com . CVE-2019–13358 Following the exploit method. Create a .docx file using python or libreoffice with some text in the file. In my case the text is “Fun time”. unzip the .docx file and then edit word/document.xml Add the below after first line  <!DOC