本文主要是介绍Tryhackme-Complete Beginner Introduction,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
Complete Beginner Introduction
文章目录
- Complete Beginner Introduction
- Leaning Cyber Security
- task1 Web Application Security
- task2 Network Security
- task3 Learning Roadmap
- Tutorial
- task1 Starting your first machine
- Starting Out In Cyber Sec
- task1 Welcome To TryHackMe
- task2 Offensive Security
- task3 Defensive Security
- Introductory Researching
- task1 Introduction
- task 2 Example Research Question
- task3 Vulnerability Searching
- task5 Final Thoughts
- task5 Final Thoughts
Leaning Cyber Security
task1 Web Application Security
1.Read the above and learn how to hack BookFace, TryHackMe’s vulnerable social media site.
无需回答
2.What is the username of the BookFace account you will be taking over?
Ben.Spring
2.Hack the BookFace account to reveal this task’s answer!
THM{BRUTEFORCING}
输入Ben.Spring,点击重置密码,验证码只有4位,尝试爆破,从0001-9999得到结果0187,得到flag
task2 Network Security
1.Read the above, and see how Target was hacked on the right hand side.
无需回答
2.How much did the data breach cost Target?
$300 million
task3 Learning Roadmap
无需回答
Tutorial
task1 Starting your first machine
flag{connection_verified}
启动机器后,打开火狐浏览器 输入IP得到flag
Starting Out In Cyber Sec
task1 Welcome To TryHackMe
无需回答
task2 Offensive Security
What is the name of the career role that is legally employed to find vulnerabilities in applications?
penetration tester
task3 Defensive Security
What is the name of the role who’s job is to identify attacks against an organisation?
security analyst
https://blog.csdn.net/weixin_45527786/article/details/106326510)
Introductory Researching
task1 Introduction
无需回答
task 2 Example Research Question
1.In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?
Repeater (burp的一个功能模块)
提示:manually send request burp suite
2.What hash format are modern Windows login passwords stored in?
NTLM
提示:hashing algorithm for windows
参考链接:https://www.sciencedirect.com/topics/computer-science/hashing-algorithm
windows放弃使用LANMAN,转而使用NTLM
3.What are automated tasks called in Linux?
Cron jobs
提示:automated tasks Linux
参考链接:https://www.linuxtechi.com/schedule-automate-tasks-linux-cron-jobs/
4.What number base could you use as a shorthand for base 2 (binary)?
base16
提示:Octal (base 8) is not the correct answer.
参考链接:Number Bases - Byte-Notes
5.If a password hash starts with 6 6 6, what format is it (Unix variant)?
sha512crypt
提示:____cry
参考链接:https://github.com/frizb/Hashcat-Cheatsheet
task3 Vulnerability Searching
https://www.exploit-db.com/ 在漏洞数据库搜索
1.What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?
CVE-2020-10385
搜索关键词 2020, WPForms
2.There was a Local Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What’s the CVE for this vulnerability?
CVE-2016-1240
搜索关键词 2016, Debian, Apache Tomcat, Local Privilege
3.What is the very first CVE found in the VLC media player?
CVE-2007-0017
搜索关键词 VLC media player, very first
4.If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use?
CVE-2019-18634
搜索关键词 buffer overflow(缓冲区溢出),sudo
task4 Manual Pages
1.SCP is a tool used to copy files from one computer to another.What switch would you use to copy an entire directory?
-r
cp -r:递归复制,用于目录
2.fdisk is a command used to view and alter the partitioning scheme used on your hard drive.What switch would you use to list the current partitions?
-l
fdisk -l 显示系统所有分区或指定分区
3.nano is an easy-to-use text editor for Linux. There are arguably better editors (Vim, being the obvious choice); however, nano is a great one to start with.Wnamhat switch would you use to make a backup when opening a file with nano?
-b
nano -B,–backup
4.Netcat is a basic tool used to manually send and receive network requests. What command would you use to start netcat in listen mode, using port 12345?
nc -l -p 12345
task5 Final Thoughts
send and receive network requests. What command would you use to start netcat in listen mode, using port 12345?
nc -l -p 12345
task5 Final Thoughts
无需回答
这篇关于Tryhackme-Complete Beginner Introduction的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!