Blue Team Cyber Defender

  Learn the basics of threat and vulnerability management using Open Vulnerability Assessment Scanning Link- https://tryhackme.com/room/openvas When did the scan start in Case 001? Feb 28, 00:04:46 When did the scan end in Case 001? Feb 28, 00:21:02 How many ports are open in Case 001? 3 How many total vulnerabilities were found in Case 001? 5 What is the highest severity vulnerability found? (MSxx-xxx) MS17–010 What is the first affected OS to this vulnerability? Microsoft Windows 10 x32/x64 Edition What is the recommended vulnerability detection method? Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability. That’s it! See you in the next Room :)

  Learn the basics of automated web scanning! Link - https://tryhackme.com/room/rpwebscanning First and foremost, what switch do we use to set the target host? -h Websites don’t always properly redirect to their secure transport port and can sometimes have different issues depending on the manner in which they are scanned. How do we disable secure transport? -nossl How about the opposite, how do we force secure transport? -ssl What if we want to set a specific port to scan? -p As the web is constantly evolving, so is Nikto. A database of vulnerabilities represents a core component to this web scanner, how do we verify that this database is working and free from error? -dbcheck If instructed to, Nikto will attempt to guess and test both files within directories as well as usernames. Which switch and numerical value do we use to set Nikto to enumerate usernames in Apache? Keep in mind, this option is deprecated in favor of plugins, however, it’s still a great option to be aware of fo...

  Learn how to detect and exploit SQL Injection vulnerabilities Link - https://tryhackme.com/room/sqlinjectionlm What does SQL stand for? Structured Query Language What is the acronym for the software that controls a database? DBMS What is the name of the grid-like structure which holds the data? table What SQL statement is used to retrieve data? SELECT What SQL clause can be used to retrieve data from multiple tables? UNION What SQL statement is used to add data? INSERT What character signifies the end of an SQL query? ; What is the flag after completing level 1? Login as Martin What is the flag after completing level two? (and moving to level 3) What is the flag after completing level three? Login as admin with the password What is the final flag after completing level four? Use the following referrer= admin123' UNION SELECT SLEEP(5),2 from users where username=’admin’ and password like ‘4961% login as admin with password 4961 Name a protocol beginning with D that can be used to ...

  Learn how to use Repeater to duplicate requests in Burp Suite Link - https://tryhackme.com/room/burpsuiterepeater Which view option displays the response in the same format as your browser would? Render Send the request. What is the flag you receive? See if you can get the server to error out with a “500 Internal Server Error” code by changing the number at the end of the request to extreme inputs. What is the flag you receive when you cause a 500 error in the endpoint? Exploit the union SQL injection vulnerability in the site. What is the flag? That’s it! See you in the next room :)

Learn about the essential tools for passive reconnaissance, such as whois, nslookup, and dig. Link - https://tryhackme.com/room/passiverecon You visit the Facebook page of the target company, hoping to get some of their employee names. What kind of reconnaissance activity is this? (A for active, P for passive) P You ping the IP address of the company webserver to check if ICMP traffic is blocked. What kind of reconnaissance activity is this? (A for active, P for passive) A You happen to meet the IT administrator of the target company at a party. You try to use social engineering to get more information about their systems and network infrastructure. What kind of reconnaissance activity is this? (A for active, P for passive) A When was TryHackMe.com registered? 20180705 What is the registrar of TryHackMe.com? namecheap.com Which company is TryHackMe.com using for name servers? cloudflare.com Check the TXT records of thmlabs.com. What is the flag there? Lookup tryhackme.com on DNSDumpste...

Learn the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities. Link - https://tryhackme.com/room/contentdiscovery What is the Content Discovery method that begins with M? Manually What is the Content Discovery method that begins with A? Automated What is the Content Discovery method that begins with O? OSINT What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers? Check the robots.txt file /staff-portal What framework did the favicon belong to? Download the file and upload to virustotal to get hash and then check the mentioned website for the hash. cgiirc What is the path of the secret area that can be found in the sitemap.xml file? Check the sitemap /s3cr3t-area What is the flag value from the X-FLAG header? Run the curl command What is the flag from the framework’s administration portal? Go to mentioned website and find the location /thm-framework-login and login with username and password “admin”...

Manually review a web application for security issues using only your browsers developer tools. Hacking with just your browser, no tools or scripts. Link- https://tryhackme.com/room/walkinganapplication Go to the website https://LAB_WEB_URL.p.thmlabs.com Right click and view page source What is the flag from the HTML comment? Go to /new-home-beta to find flag What is the flag from the secret link? Go to /secret-page What is the directory listing flag? Go to /assets and then read flag.txt What is the framework flag? Go to the above link Check the Change Log Go to /tmp.zip and download the file. It will have the flag What is the flag behind the paywall? Follow the instructions mentioned to reveal the flag What is the flag behind the paywall? Follow the instructions mentioned to reveal the flag What is the flag shown on the contact-msg network request? Follow the instructions mentioned to reveal the flag That’s it. See you in the next Room :)

  Learn how DNS works and how it helps you access internet services. Link- https://tryhackme.com/room/dnsindetail What does DNS stand for? Domain Name System What is the maximum length of a subdomain? 63 Which of the following characters cannot be used in a subdomain ( 3 b _ — )? _ What is the maximum length of a domain name? 253 What type of TLD is .co.uk? ccTLD What type of record would be used to advise where to send email? MX What type of record handles IPv6 addresses? AAAA What field specifies how long a DNS record should be cached for? TTL What type of DNS Server is usually provided by your ISP? recursive What type of server holds all the records for a domain? authoritative Follow the instructions on website for remaining questions:- What is the CNAME of shop.website.thm? shops.myshopify.com What is the value of the TXT record of website.thm? What is the numerical priority value for the MX record? 30 What is the IP address for the A record of www.website.thm? 10.10.10.1...

  An introduction to using Burp Suite for Web Application pentesting Link :- https://tryhackme.com/room/burpsuitebasics Which edition of Burp Suite will we be using in this module? Burp Suite Community Which edition of Burp Suite runs on a server and provides constant scanning for target web apps? Burp Suite Enterprise Burp Suite is frequently used when attacking web applications and ______ applications. Mobile Which Burp Suite feature allows us to intercept requests between ourselves and the target? Proxy Which Burp tool would we use if we wanted to bruteforce a login form? Intruder In which Project options sub-tab can you find reference to a “Cookie jar”? Sessions In which User options sub-tab can you change the Burp Suite update behaviour? Misc What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings? Hotkeys If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a...