Understand the flaws of an application and apply your researching skills on some vulnerability databases.
THM Room https://tryhackme.com/room/vulnerabilities101
TASK 1 : Introduction
Read this task !
No Answer.
TASK 2 : introduction to Vulnerabilities
An attacker has been able to upgrade the permissions of their system account from “user” to “administrator”. What type of vulnerability is this ?
If you don’t know it’s said in the text.
Answer : Operating System
You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this ?
Answer : Application Logic
TASK 3 : Scoring Vulnerabilities (CVSS & VPR)
What year was the first iteration of CVSS published ?
Anwser : 2005
If you wanted to assess vulnerability based on the risk it poses to an organisation, what framework would you use ?
Anwser : VPR
If you wanted to use a framework that was free and open-source, what framework would that be ?
Anwser : CVSS
TASK 4 : Vulnerability Databases
Using NVD, how many CVEs were submitted in July 2021 ?
Visiting NVD for July 2021 (https://nvd.nist.gov/vuln/full-listing/2021/7) :
NVD
Answer : 1585
Who is the author of Exploit-DB ?
Exploit-DB
Answer : Offensive Security
TASK 5 : An example of Finding a Vulnerability
What type of vulnerability did we use to find the name and version of the application in this example ?
Answer : Version Disclosure
TASK 6 : Showcase: Exploiting Ackme’s Application
Follow along with the showcase of exploiting ACKme’s application to the end to retrieve a flag. What is this flag?
Answer : THM{ACKME_ENGAGEMENT}
TASK 7 : Conclusion
Continue on your learning with the additional rooms in this module.
No Answer