Home Vulnerabilities 101
Post
Cancel

Vulnerabilities 101

Understand the flaws of an application and apply your researching skills on some vulnerability databases.

THM Room https://tryhackme.com/room/vulnerabilities101

TASK 1 : Introduction

Read this task !

No Answer.

TASK 2 : introduction to Vulnerabilities

An attacker has been able to upgrade the permissions of their system account from “user” to “administrator”. What type of vulnerability is this ?

If you don’t know it’s said in the text.

Answer : Operating System

You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this ?

Answer : Application Logic

TASK 3 : Scoring Vulnerabilities (CVSS & VPR)

What year was the first iteration of CVSS published ?

Anwser : 2005

If you wanted to assess vulnerability based on the risk it poses to an organisation, what framework would you use ?

Anwser : VPR

If you wanted to use a framework that was free and open-source, what framework would that be ?

Anwser : CVSS

TASK 4 : Vulnerability Databases

Using NVD, how many CVEs were submitted in July 2021 ?

Visiting NVD for July 2021 (https://nvd.nist.gov/vuln/full-listing/2021/7) :

NVD NVD

Answer : 1585

Who is the author of Exploit-DB ?

Exploit-DB Exploit-DB

https://www.exploit-db.com/

Answer : Offensive Security

TASK 5 : An example of Finding a Vulnerability

What type of vulnerability did we use to find the name and version of the application in this example ?

Answer : Version Disclosure

TASK 6 : Showcase: Exploiting Ackme’s Application

Follow along with the showcase of exploiting ACKme’s application to the end to retrieve a flag. What is this flag?

Answer : THM{ACKME_ENGAGEMENT}

TASK 7 : Conclusion

Continue on your learning with the additional rooms in this module.

No Answer

This post is licensed under CC BY 4.0 by the author.