With practical exercises see how common attacks occur, and improve your cyber hygiene to stay safer online.
THM Room https://tryhackme.com/room/commonattacks
TASK 1 : Information Introduction
Let’s get started!0
No Answer
TASK 2 : Common Attacks Social Engineering
Read the task information and watch the attached videos
No Answer
What was the original target of Stuxnet?
Stuxnet
Answer : the Iran nuclear programme
TASK 3 : Common Attacks Social Engineering: Phishing
Click the green “View Site” button at the top of this task if you haven’t already done so.
No Answer.
What is the flag?
First phishing/safe email, link and showed-link are different :
Phshing 1
Phshing 1 link
Second one is phishing too. Misspelling in the email address and suspicious attachment ;
Phshing 2
Phshing 2 link
Third one is safe :
Phshing 3
Phshing 3 link
And last one is phishing because of file attachment from untrsuted sender or not expected :
Phshing 4
Phshing 4 link
Answer : THM{I_CAUGHT_ALL_THE_PHISH}
TASK 4 : Common Attacks Malware and Ransomware
[ Research ] What currency did the Wannacry attackers request payment in?
Wannacry
Answer : bitcoin
TASK 5 : Common Attacks Passwords and Authentication
Put yourself in the shoes of a malicious hacker. You have managed to dump the password database for an online service, but you still have to crack those hashes! Click the green button at the start of the task to deploy the interactive hash brute-forcer!
No Answer.
Copy the list of passwords into the “Password List” field of the hash cracker, then click “Go”!
No Answer.
The hash cracker should find the password that matches the target hash very quickly. What is the password?
Putting password list in the box, all MD5 will be computed and compared to the real password MD5 :
Hash Cracker
Flag password
Answer : TryHackMe123!
In the next task we will look at some of the common account protection measures, as well as how to generate secure passwords.
No Answer.
TASK 6 : Staying Safe Multi-Factor Authentication and Password Managers
Where you have the option, which should you use as a second authentication factor between SMS based TOTPs or Authenticator App based TOTPs (SMS or App)?
MFA
Answer : APP
TASK 7 : Staying Safe Public Network Safety
Deploy the interactive content by clicking the green button at the top of the task.
No Answer.
The interactive content for this task demonstrates what can happen if information is sent over a potentially unsafe network with various types of encryption (or lack thereof). There is no flag for this task, but you are encouraged to try each of the different scenarios, mixing and matching the options provided in the control box at the bottom right of the screen.
No VPN nor HTTPS :
No VPN nor HTTPS
HTTPS without VPN :
HTTPS without VPN
PN without HTTPS :
VPN without HTTPS
VPN and HTTPS :
VPN and HTTPS
No Answer.
TASK 8 : Staying Safe Backups
What is the minimum number of up-to-date backups you should make?
Backup golden rules
Answer : 3
Of these, how many (at minimum) should be stored in another location?
Answer : 1
TASK 9 : Staying Safe Updates and Patches
(Optional) Complete the Blue room on TryHackMe to see the brutal effects of the Eternal Blue exploit in action against an unpatched machine for yourself!
No Answer. ALready did eternal blue room from THM but unfortunetly, i didn’t do a write up for it. Maybe later…
TASK 10 : Information Conclusion
I have completed the Common Attacks room!
No Answer.