Blue Team Cyber Defender

  Manipulating DNS queries to our advantage Link - https://tryhackme.com/room/dnsmanipulation If you were on Windows, what command could you use to query a txt record for ‘youtube.com’? nslookup -type=txt youtube.com If you were on Linux, what command could you use to query a txt record for ‘facebook.com’? dig facebook.com TXT AAAA stores what type of IP Address along with the hostname? IPv6 Maximum characters for a DNS TXT Record is 256. (Yay/Nay) Nay What DNS Record provides a domain name in reverse-lookup? (Research) PTR What would the reverse-lookup be for the following IPv4 Address? (192.168.203.2) (Research) 2.203.168.192.in-addr.arpa What is the maximum length of a DNS name? (Research) (Length includes dots!) 253 What is the Transaction name? (Type it as you see it) Network Equip. How much was the Firewall? (Without the $) 2500 Which file contains suspicious DNS queries? cap3.pcap Enter the plain-text after you have decoded the data using packetyGrabber.py found in ~/dns-exf...

Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information. Link - https://tryhackme.com/room/activerecon Browse to the following website and ensure that you have opened your Developer Tools on AttackBox Firefox, or the browser on your computer. Using the Developer Tools, figure out the total number of questions. Go to the website and right click and “Inspect” . Go to Sources and “script.js” 8 Which option would you use to set the size of the data carried by the ICMP echo request? -s What is the size of the ICMP header in bytes? 8 Does MS Windows Firewall block ping by default? (Y/N) Y Deploy the VM for this task and using the AttackBox terminal, issue the command ping -c 10 MACHINE_IP . How many ping replies did you get back? 10 In Traceroute A, what is the IP address of the last router/hop before reaching tryhackme.com? 172.67.69.208 In Traceroute B, what is the IP address of the last router/hop before reaching tryhackme.com? 104.26.1...

Learn about the essential tools for passive reconnaissance, such as whois, nslookup, and dig. Link - https://tryhackme.com/room/passiverecon You visit the Facebook page of the target company, hoping to get some of their employee names. What kind of reconnaissance activity is this? (A for active, P for passive) P You ping the IP address of the company webserver to check if ICMP traffic is blocked. What kind of reconnaissance activity is this? (A for active, P for passive) A You happen to meet the IT administrator of the target company at a party. You try to use social engineering to get more information about their systems and network infrastructure. What kind of reconnaissance activity is this? (A for active, P for passive) A When was TryHackMe.com registered? 20180705 What is the registrar of TryHackMe.com? namecheap.com Which company is TryHackMe.com using for name servers? cloudflare.com Check the TXT records of thmlabs.com. What is the flag there? Lookup tryhackme.com on DNSDumpste...

Find out what happened by analysing a .pcap file and hack your way back into the machine Link - https://tryhackme.com/room/h4cked Download the Task file The attacker is trying to log into a specific service. What service is this? FTP There is a very popular tool by Van Hauser which can be used to brute force a series of services. What is the name of this tool? Hydra The attacker is trying to log on with a specific username. What is the username? jenny What is the user’s password? password123 What is the current FTP working directory after the attacker logged in? /var/www/html The attacker uploaded a backdoor. What is the backdoor’s filename? shell.php The backdoor can be downloaded from a specific URL, as it is located inside the uploaded file. What is the full URL? Follow tcp stream http://pentestmonkey.net/tools/php-reverse-shell Which command did the attacker manually execute after getting a reverse shell? Follow tcp stream whoami What is the computer’s hostname? Follow tcp stre...

Learn the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities. Link - https://tryhackme.com/room/contentdiscovery What is the Content Discovery method that begins with M? Manually What is the Content Discovery method that begins with A? Automated What is the Content Discovery method that begins with O? OSINT What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers? Check the robots.txt file /staff-portal What framework did the favicon belong to? Download the file and upload to virustotal to get hash and then check the mentioned website for the hash. cgiirc What is the path of the secret area that can be found in the sitemap.xml file? Check the sitemap /s3cr3t-area What is the flag value from the X-FLAG header? Run the curl command What is the flag from the framework’s administration portal? Go to mentioned website and find the location /thm-framework-login and login with username and password “admin”...

Manually review a web application for security issues using only your browsers developer tools. Hacking with just your browser, no tools or scripts. Link- https://tryhackme.com/room/walkinganapplication Go to the website https://LAB_WEB_URL.p.thmlabs.com Right click and view page source What is the flag from the HTML comment? Go to /new-home-beta to find flag What is the flag from the secret link? Go to /secret-page What is the directory listing flag? Go to /assets and then read flag.txt What is the framework flag? Go to the above link Check the Change Log Go to /tmp.zip and download the file. It will have the flag What is the flag behind the paywall? Follow the instructions mentioned to reveal the flag What is the flag behind the paywall? Follow the instructions mentioned to reveal the flag What is the flag shown on the contact-msg network request? Follow the instructions mentioned to reveal the flag That’s it. See you in the next Room :)

  A Walkthrough room to teach you the basics of bash scripting Link - https://tryhackme.com/room/bashscripting What piece of code can we insert at the start of a line to comment out our code? # What will the following script output to the screen, echo “BishBashBosh” BishBashBosh What would this code return? Jammy is 21 years old How would you print out the city to the screen? echo $city How would you print out the country to the screen? echo $country How can we get the number of arguments supplied to a script? $# How can we get the filename of our current script(aka our first argument)? $0 How can we get the 4th argument supplied to the script? $4 If a script asks us for input how can we direct our input into a variable called ‘test’ using “read” read test What will the output of “echo $1 $3” if the script was ran with “./script.sh hello hola aloha” hello aloha What would be the command to print audi to the screen using indexing. echo “${cars[1]}” If we wanted to remove tesla from ...