Posts

Showing posts with the label pentester

TryHackMe | Red Team Fundamentals WriteUp

Image
  This room is an introduction to red teaming Link - https://tryhackme.com/room/redteamrecon Would vulnerability assessments prepare us to detect a real attacker on our networks? (Yay/Nay) Nay During a penetration test, are you concerned about being detected by the client? (Yay/Nay) Nay Highly organised groups of skilled attackers are nowadays referred to as … Advanced Persistent Threats The goals of a red team engagement will often be referred to as flags or… crown jewels During a red team engagement, common methods used by attackers are emulated against the target. Such methods are usually called TTPs. What does TTP stand for? Tactics, techniques and procedures The main objective of a red team engagement is to detect as many vulnerabilities in as many hosts as possible (Yay/Nay) Nay What cell is responsible for the offensive operations of an engagement? Red Cell What cell is the trusted agent considered part of? White Cell If an adversary deployed Mimikatz on a target machin...

TryHackMe | JavaScript Basics WriteUp

Image
  Learn JavaScript, the high-level, multi-paradigm language of the web. Link - https://tryhackme.com/room/javascriptbasics What type of data type is this: ‘Neo’? String What data type is true/false? boolean What is John’s occupation? Master Hacker What tag is used for linking a JavaScript file to HTML? script What type of brackets are used for arrays? [] What color pill did we choose? Red Pill What is the output of this code? Tyrell Loops repeat until the written code is finished running (true/false) true What loop doesn’t require the condition to be true for it execute at least once? do…while What is the DOM? Document Object Model What is it called when XSS is used to record keystrokes? Keylogging Sort the array [1,10,5,15,2,7,28,900,45,18,27] [1,2,5,7,10,15,18,27,28,45,900] That’s it! See you in the next Room :)

TryHackMe | Meltdown Explained WriteUp

Image
  This room explains the technical details behind the Meltdown vulnerability. Link - https://tryhackme.com/room/meltdownexplained what is it called when a program accesses a cache and finds the correct value? hit what is it called when a program accesses a cache and doesn’t find the correct value? miss What kind of memory does the virtual address contain(apart from user memory) kernel memory That’s it! See you in the next Room :)

TryHackMe | OpenVAS WriteUp

Image
  Learn the basics of threat and vulnerability management using Open Vulnerability Assessment Scanning Link- https://tryhackme.com/room/openvas When did the scan start in Case 001? Feb 28, 00:04:46 When did the scan end in Case 001? Feb 28, 00:21:02 How many ports are open in Case 001? 3 How many total vulnerabilities were found in Case 001? 5 What is the highest severity vulnerability found? (MSxx-xxx) MS17–010 What is the first affected OS to this vulnerability? Microsoft Windows 10 x32/x64 Edition What is the recommended vulnerability detection method? Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability. That’s it! See you in the next Room :)

TryHackMe | Web Scanning Walkthrough

Image
  Learn the basics of automated web scanning! Link - https://tryhackme.com/room/rpwebscanning First and foremost, what switch do we use to set the target host? -h Websites don’t always properly redirect to their secure transport port and can sometimes have different issues depending on the manner in which they are scanned. How do we disable secure transport? -nossl How about the opposite, how do we force secure transport? -ssl What if we want to set a specific port to scan? -p As the web is constantly evolving, so is Nikto. A database of vulnerabilities represents a core component to this web scanner, how do we verify that this database is working and free from error? -dbcheck If instructed to, Nikto will attempt to guess and test both files within directories as well as usernames. Which switch and numerical value do we use to set Nikto to enumerate usernames in Apache? Keep in mind, this option is deprecated in favor of plugins, however, it’s still a great option to be aware of fo...

TryHackMe | SQL Injection Walkthrough

Image
  Learn how to detect and exploit SQL Injection vulnerabilities Link - https://tryhackme.com/room/sqlinjectionlm What does SQL stand for? Structured Query Language What is the acronym for the software that controls a database? DBMS What is the name of the grid-like structure which holds the data? table What SQL statement is used to retrieve data? SELECT What SQL clause can be used to retrieve data from multiple tables? UNION What SQL statement is used to add data? INSERT What character signifies the end of an SQL query? ; What is the flag after completing level 1? Login as Martin What is the flag after completing level two? (and moving to level 3) What is the flag after completing level three? Login as admin with the password What is the final flag after completing level four? Use the following referrer= admin123' UNION SELECT SLEEP(5),2 from users where username=’admin’ and password like ‘4961% login as admin with password 4961 Name a protocol beginning with D that can be used to ...

TryHackMe | Bash Scripting

Image
  A Walkthrough room to teach you the basics of bash scripting Link - https://tryhackme.com/room/bashscripting What piece of code can we insert at the start of a line to comment out our code? # What will the following script output to the screen, echo “BishBashBosh” BishBashBosh What would this code return? Jammy is 21 years old How would you print out the city to the screen? echo $city How would you print out the country to the screen? echo $country How can we get the number of arguments supplied to a script? $# How can we get the filename of our current script(aka our first argument)? $0 How can we get the 4th argument supplied to the script? $4 If a script asks us for input how can we direct our input into a variable called ‘test’ using “read” read test What will the output of “echo $1 $3” if the script was ran with “./script.sh hello hola aloha” hello aloha What would be the command to print audi to the screen using indexing. echo “${cars[1]}” If we wanted to remove tesla from ...

TryHackMe | Burp Suite: The Basics WriteUp

Image
  An introduction to using Burp Suite for Web Application pentesting Link :- https://tryhackme.com/room/burpsuitebasics Which edition of Burp Suite will we be using in this module? Burp Suite Community Which edition of Burp Suite runs on a server and provides constant scanning for target web apps? Burp Suite Enterprise Burp Suite is frequently used when attacking web applications and ______ applications. Mobile Which Burp Suite feature allows us to intercept requests between ourselves and the target? Proxy Which Burp tool would we use if we wanted to bruteforce a login form? Intruder In which Project options sub-tab can you find reference to a “Cookie jar”? Sessions In which User options sub-tab can you change the Burp Suite update behaviour? Misc What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings? Hotkeys If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a...

Eonrec