Home Introductory Researching
Post
Cancel

Introductory Researching

A brief introduction to research skills for pentesting.

THM Room : https://tryhackme.com/room/introtoresearch

TASK 1 Introduction

Read the Introduction

No Answer.

TASK 2 Example Research Question

In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?

Answer : Repeater

What hash format are modern Windows login passwords stored in?

Answer : NTLM

What are automated tasks called in Linux?

Answer : Cron Jobs

What number base could you use as a shorthand for base 2 (binary)?

Answer : Base 16

If a password hash starts with $6$, what format is it (Unix variant)?

Answer : sha512crypt

TASK 3 Vulnerability Searching

What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?

Answer : CVE-2020-10385

There was a Local Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What’s the CVE for this vulnerability?

Answer : CVE-2016-1240

What is the very first CVE found in the VLC media player?

Answer : CVE-2007-0017

If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use?

Answer : CVE-2019-18634

TASK 4 Manual Pages

SCP is a tool used to copy files from one computer to another. What switch would you use to copy an entire directory?

Answer : -r

fdisk is a command used to view and alter the partitioning scheme used on your hard drive. What switch would you use to list the current partitions?

Answer : -l

nano is an easy-to-use text editor for Linux. There are arguably better editors (Vim, being the obvious choice); however, nano is a great one to start with. What switch would you use to make a backup when opening a file with nano?

Answer : -B

Netcat is a basic tool used to manually send and receive network requests. What command would you use to start netcat in listen mode, using port 12345?

Answer : nc -l -p 12345

TASK 5 Final Thoughts

Research Complete!

No Answer.

This post is licensed under CC BY 4.0 by the author.