Posts

Showing posts with the label tryhackme writeup

TryHackMe | JavaScript Basics WriteUp

Image
  Learn JavaScript, the high-level, multi-paradigm language of the web. Link - https://tryhackme.com/room/javascriptbasics What type of data type is this: ‘Neo’? String What data type is true/false? boolean What is John’s occupation? Master Hacker What tag is used for linking a JavaScript file to HTML? script What type of brackets are used for arrays? [] What color pill did we choose? Red Pill What is the output of this code? Tyrell Loops repeat until the written code is finished running (true/false) true What loop doesn’t require the condition to be true for it execute at least once? do…while What is the DOM? Document Object Model What is it called when XSS is used to record keystrokes? Keylogging Sort the array [1,10,5,15,2,7,28,900,45,18,27] [1,2,5,7,10,15,18,27,28,45,900] That’s it! See you in the next Room :)

TryHackMe | Vulnerabilities 101 WriteUp

Image
  Understand the flaws of an application and apply your researching skills on some vulnerability databases. Link - https://tryhackme.com/room/vulnerabilities101 An attacker has been able to upgrade the permissions of their system account from “user” to “administrator”. What type of vulnerability is this? Operating System You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this? Application Logic What year was the first iteration of CVSS published? 2005 If you wanted to assess vulnerability based on the risk it poses to an organisation, what framework would you use? Note: We are looking for the acronym here. VPR If you wanted to use a framework that was free and open-source, what framework would that be? Note: We are looking for the acronym here. CVSS Using NVD, how many CVEs were submitted in July 2021? 1585 Who is the author of Exploit-DB? Offensive Security What type of vulnerability did we use to find the name and version of the applic...

TryHackMe | Nmap Live Host Discovery WriteUp

Image
  Learn how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan. Link - https://tryhackme.com/room/nmap01 Send a packet with the following: From computer1 To computer1 (to indicate it is broadcast) Packet Type: “ARP Request” Data: computer6 (because we are asking for computer6 MAC address using ARP Request) How many devices can see the ARP Request? 4 Did computer6 receive the ARP Request? (Y/N) N Send a packet with the following: From computer4 To computer4 (to indicate it is broadcast) Packet Type: “ARP Request” Data: computer6 (because we are asking for computer6 MAC address using ARP Request) How many devices can see the ARP Request? 4 Did computer6 reply to the ARP Request? (Y/N) Y What is the first IP address Nmap would scan if you provided 10.10.12.13/29 as your target? 10.10.12.8 How many IP addresses will Nmap scan if you provide the following range 10.10.0-255.101-125 ? 6400 Send a packet with the following: From computer1 To computer3 Pack...

TryHackMe | Bash Scripting

Image
  A Walkthrough room to teach you the basics of bash scripting Link - https://tryhackme.com/room/bashscripting What piece of code can we insert at the start of a line to comment out our code? # What will the following script output to the screen, echo “BishBashBosh” BishBashBosh What would this code return? Jammy is 21 years old How would you print out the city to the screen? echo $city How would you print out the country to the screen? echo $country How can we get the number of arguments supplied to a script? $# How can we get the filename of our current script(aka our first argument)? $0 How can we get the 4th argument supplied to the script? $4 If a script asks us for input how can we direct our input into a variable called ‘test’ using “read” read test What will the output of “echo $1 $3” if the script was ran with “./script.sh hello hola aloha” hello aloha What would be the command to print audi to the screen using indexing. echo “${cars[1]}” If we wanted to remove tesla from ...

TryHackMe | DNS in Detail WriteUp

Image
  Learn how DNS works and how it helps you access internet services. Link- https://tryhackme.com/room/dnsindetail What does DNS stand for? Domain Name System What is the maximum length of a subdomain? 63 Which of the following characters cannot be used in a subdomain ( 3 b _ — )? _ What is the maximum length of a domain name? 253 What type of TLD is .co.uk? ccTLD What type of record would be used to advise where to send email? MX What type of record handles IPv6 addresses? AAAA What field specifies how long a DNS record should be cached for? TTL What type of DNS Server is usually provided by your ISP? recursive What type of server holds all the records for a domain? authoritative Follow the instructions on website for remaining questions:- What is the CNAME of shop.website.thm? shops.myshopify.com What is the value of the TXT record of website.thm? What is the numerical priority value for the MX record? 30 What is the IP address for the A record of www.website.thm? 10.10.10.1...

TryHackMe | Pentesting Fundamentals WriteUp

Image
  Learn the important ethics and methodologies behind every pentest Link - https://tryhackme.com/room/pentestingfundamentals You are given permission to perform a security audit on an organisation; what type of hacker would you be? White Hat You attack an organisation and steal their data, what type of hacker would you be? Black Hat What document defines how a penetration testing engagement should be carried out? Rules of Engagement What stage of penetration testing involves using publicly available information? Information Gathering If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name. OSSTMM What framework focuses on the testing of web applications? OWASP You are asked to test an application but are not given access to its source code — what testing process is this? Black Box You are asked to test a website, and you are given access to the source code — what testing process...

Eonrec