Blue Team Cyber Defender

  This room is an introduction to red teaming Link - https://tryhackme.com/room/redteamrecon Would vulnerability assessments prepare us to detect a real attacker on our networks? (Yay/Nay) Nay During a penetration test, are you concerned about being detected by the client? (Yay/Nay) Nay Highly organised groups of skilled attackers are nowadays referred to as … Advanced Persistent Threats The goals of a red team engagement will often be referred to as flags or… crown jewels During a red team engagement, common methods used by attackers are emulated against the target. Such methods are usually called TTPs. What does TTP stand for? Tactics, techniques and procedures The main objective of a red team engagement is to detect as many vulnerabilities in as many hosts as possible (Yay/Nay) Nay What cell is responsible for the offensive operations of an engagement? Red Cell What cell is the trusted agent considered part of? White Cell If an adversary deployed Mimikatz on a target machin...

  Learn the basics of threat and vulnerability management using Open Vulnerability Assessment Scanning Link- https://tryhackme.com/room/openvas When did the scan start in Case 001? Feb 28, 00:04:46 When did the scan end in Case 001? Feb 28, 00:21:02 How many ports are open in Case 001? 3 How many total vulnerabilities were found in Case 001? 5 What is the highest severity vulnerability found? (MSxx-xxx) MS17–010 What is the first affected OS to this vulnerability? Microsoft Windows 10 x32/x64 Edition What is the recommended vulnerability detection method? Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability. That’s it! See you in the next Room :)

  Learn the basics of automated web scanning! Link - https://tryhackme.com/room/rpwebscanning First and foremost, what switch do we use to set the target host? -h Websites don’t always properly redirect to their secure transport port and can sometimes have different issues depending on the manner in which they are scanned. How do we disable secure transport? -nossl How about the opposite, how do we force secure transport? -ssl What if we want to set a specific port to scan? -p As the web is constantly evolving, so is Nikto. A database of vulnerabilities represents a core component to this web scanner, how do we verify that this database is working and free from error? -dbcheck If instructed to, Nikto will attempt to guess and test both files within directories as well as usernames. Which switch and numerical value do we use to set Nikto to enumerate usernames in Apache? Keep in mind, this option is deprecated in favor of plugins, however, it’s still a great option to be aware of fo...

  Learn how to detect and exploit SQL Injection vulnerabilities Link - https://tryhackme.com/room/sqlinjectionlm What does SQL stand for? Structured Query Language What is the acronym for the software that controls a database? DBMS What is the name of the grid-like structure which holds the data? table What SQL statement is used to retrieve data? SELECT What SQL clause can be used to retrieve data from multiple tables? UNION What SQL statement is used to add data? INSERT What character signifies the end of an SQL query? ; What is the flag after completing level 1? Login as Martin What is the flag after completing level two? (and moving to level 3) What is the flag after completing level three? Login as admin with the password What is the final flag after completing level four? Use the following referrer= admin123' UNION SELECT SLEEP(5),2 from users where username=’admin’ and password like ‘4961% login as admin with password 4961 Name a protocol beginning with D that can be used to ...

  Understand the flaws of an application and apply your researching skills on some vulnerability databases. Link - https://tryhackme.com/room/vulnerabilities101 An attacker has been able to upgrade the permissions of their system account from “user” to “administrator”. What type of vulnerability is this? Operating System You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this? Application Logic What year was the first iteration of CVSS published? 2005 If you wanted to assess vulnerability based on the risk it poses to an organisation, what framework would you use? Note: We are looking for the acronym here. VPR If you wanted to use a framework that was free and open-source, what framework would that be? Note: We are looking for the acronym here. CVSS Using NVD, how many CVEs were submitted in July 2021? 1585 Who is the author of Exploit-DB? Offensive Security What type of vulnerability did we use to find the name and version of the applic...

  An introduction to using Burp Suite for Web Application pentesting Link :- https://tryhackme.com/room/burpsuitebasics Which edition of Burp Suite will we be using in this module? Burp Suite Community Which edition of Burp Suite runs on a server and provides constant scanning for target web apps? Burp Suite Enterprise Burp Suite is frequently used when attacking web applications and ______ applications. Mobile Which Burp Suite feature allows us to intercept requests between ourselves and the target? Proxy Which Burp tool would we use if we wanted to bruteforce a login form? Intruder In which Project options sub-tab can you find reference to a “Cookie jar”? Sessions In which User options sub-tab can you change the Burp Suite update behaviour? Misc What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings? Hotkeys If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a...

  Are you good enough to apply for this job? Link :- https://tryhackme.com/room/empline Get all the flags to complete the room. Run a nmap scan to check for open ports Port 80 is open. Let us visit it Since this room hints at applying for a job- Let us click on “Employment”. This does not lead anywhere. Check source code of page :- Seems it refers to job.empline.thm/careers Let change our /etc/hosts file and link the IP to this Now the url works:- Click on “Show all jobs” and the “mobile dev” position We can click on “Apply to Position” This page allows us to upload a file. Interesting… Let’s find the OpenCats version by going to jobs.empline.thm:- A google search for exploit for opencats 0.9.4 leads us to an article by doddsecurity(.)com . CVE-2019–13358 Following the exploit method. Create a .docx file using python or libreoffice with some text in the file. In my case the text is “Fun time”. unzip the .docx file and then edit word/document.xml Add the below af...