Tryhackme-Complete Beginner Introduction

Complete Beginner Introduction

Leaning Cyber Security

task1 Web Application Security

1.Read the above and learn how to hack BookFace, TryHackMe’s vulnerable social media site.

无需回答

2.What is the username of the BookFace account you will be taking over?

Ben.Spring

2.Hack the BookFace account to reveal this task’s answer!

THM{BRUTEFORCING}

输入Ben.Spring，点击重置密码，验证码只有4位，尝试爆破，从0001-9999得到结果0187，得到flag

task2 Network Security

1.Read the above, and see how Target was hacked on the right hand side.

无需回答

2.How much did the data breach cost Target?

$300 million

task3 Learning Roadmap

无需回答

Tutorial

task1 Starting your first machine

flag{connection_verified}

启动机器后，打开火狐浏览器 输入IP得到flag

Starting Out In Cyber Sec

task1 Welcome To TryHackMe

无需回答

task2 Offensive Security

What is the name of the career role that is legally employed to find vulnerabilities in applications?

penetration tester

task3 Defensive Security

What is the name of the role who’s job is to identify attacks against an organisation?

security analyst

https://blog.csdn.net/weixin_45527786/article/details/106326510)

Introductory Researching

task1 Introduction

无需回答

task 2 Example Research Question

1.In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?

Repeater (burp的一个功能模块)

提示：manually send request burp suite

2.What hash format are modern Windows login passwords stored in?

NTLM

提示：hashing algorithm for windows

参考链接：https://www.sciencedirect.com/topics/computer-science/hashing-algorithm

windows放弃使用LANMAN，转而使用NTLM

3.What are automated tasks called in Linux?

Cron jobs

提示:automated tasks Linux

参考链接：https://www.linuxtechi.com/schedule-automate-tasks-linux-cron-jobs/

4.What number base could you use as a shorthand for base 2 (binary)?

base16

提示：Octal (base 8) is not the correct answer.

参考链接:Number Bases - Byte-Notes

5.If a password hash starts with $6$, what format is it (Unix variant)?

sha512crypt

提示:____cry

参考链接:https://github.com/frizb/Hashcat-Cheatsheet

task3 Vulnerability Searching

https://www.exploit-db.com/ 在漏洞数据库搜索

1.What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?

CVE-2020-10385

搜索关键词 2020, WPForms

2.There was a Local Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What’s the CVE for this vulnerability?

CVE-2016-1240

搜索关键词 2016, Debian, Apache Tomcat, Local Privilege

3.What is the very first CVE found in the VLC media player?

CVE-2007-0017

搜索关键词 VLC media player, very first

4.If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use?

CVE-2019-18634

搜索关键词 buffer overflow(缓冲区溢出)，sudo

task4 Manual Pages

1.SCP is a tool used to copy files from one computer to another.What switch would you use to copy an entire directory?

-r

cp -r:递归复制，用于目录

2.fdisk is a command used to view and alter the partitioning scheme used on your hard drive.What switch would you use to list the current partitions?

-l

fdisk -l 显示系统所有分区或指定分区

3.nano is an easy-to-use text editor for Linux. There are arguably better editors (Vim, being the obvious choice); however, nano is a great one to start with.Wnamhat switch would you use to make a backup when opening a file with nano?

-b

nano -B,–backup

4.Netcat is a basic tool used to manually send and receive network requests. What command would you use to start netcat in listen mode, using port 12345?

nc -l -p 12345

task5 Final Thoughts

send and receive network requests. What command would you use to start netcat in listen mode, using port 12345?

nc -l -p 12345

task5 Final Thoughts

无需回答