https://tryhackme.com/room/redteamrecon
Task 1 Introduction
Dieser Task enthält keine Fragen.
Task 2 Taxonomy of Reconnaissance
Dieser Task enthält keine Fragen.
Task 3 Built-in Tools
Frage 1:
When was thmredteam.com created (registered)? (YYYY-MM-DD)
Antwort 1:
2021-09-24
Frage 2:
To how many IPv4 addresses does clinic.thmredteam.com resolve?
Mit dem Befehel „nslookup“ können wir gleich beide Fragen beantworten:
└─$ nslookup clinic.thmredteam.com
Server: 192.168.178.1
Address: 192.168.178.1#53
Non-authoritative answer:
Name: clinic.thmredteam.com
Address: 172.67.212.249
Name: clinic.thmredteam.com
Address: 104.21.93.169
Name: clinic.thmredteam.com
Address: 2606:4700:3034::6815:5da9
Name: clinic.thmredteam.com
Address: 2606:4700:3034::ac43:d4f9
Hier sehen wir 2 IPv4 und 2 IPv6 Adressen.
Antwort 2:
2
Frage 3:
To how many IPv6 addresses does clinic.thmredteam.com resolve?
Antwort 3:
2
Task 4 Advanced Searching
Frage 1:
How would you search using Google for xls indexed for http://clinic.thmredteam.com?
Antwort 1:
filetype:xls site:clinic.thmredteam.com
Frage 2:
How would you search using Google for files with the word passwords for http://clinic.thmredteam.com?
Antwort 2:
passwords site:clinic.thmredteam.com
Task 5 Specialized Search Engines
Frage 1:
What is the shodan command to get your Internet-facing IP address?
Hier müssen wir uns die shodan Dokumentation angucken https://cli.shodan.io/
Antwort 1:
shodan myip
Task 6 Recon-ng
Frage 1:
How do you start recon-ng with the workspace clinicredteam?
Antwort 1:
recon-ng -w clinicredteam
Frage 2:
How many modules with the name virustotal exist?
Wir dürfen kein Modul geladen haben, sonst funktioniert die Marketplace Suche nicht! Nun benutzen wir folgenden Befehl:
[recon-ng][default] > marketplace search virustotal
[*] Searching module index for 'virustotal'...
+---------------------------------------------------------------------------------+
| Path | Version | Status | Updated | D | K |
+---------------------------------------------------------------------------------+
| recon/hosts-hosts/virustotal | 1.0 | not installed | 2019-06-24 | | * |
| recon/netblocks-hosts/virustotal | 1.0 | not installed | 2019-06-24 | | * |
+---------------------------------------------------------------------------------+
D = Has dependencies. See info for details.
K = Requires keys. See info for details.
[recon-ng][default] >
Antwort 2:
2
Frage 3:
There is a single module under hosts-domains. What is its name?
Wir suchen wieder im Marketplace:
[recon-ng][default] > marketplace search hosts-domain
[*] Searching module index for 'hosts-domain'...
+----------------------------------------------------------------------------------+
| Path | Version | Status | Updated | D | K |
+----------------------------------------------------------------------------------+
| recon/hosts-domains/migrate_hosts | 1.1 | not installed | 2020-05-17 | | |
+----------------------------------------------------------------------------------+
Antwort 3:
migrate_hosts
Frage 4:censys_email_address is a module that “retrieves email addresses from the TLS certificates for a company.” Who is the author?
Der Marketplace Info Befehl benötigt den kompletten Pfad des Moduls, also suchen wir erst nach dem Modul:
[recon-ng][default] > marketplace search censys_email_address
[*] Searching module index for 'censys_email_address'...
+----------------------------------------------------------------------------------------------+
| Path | Version | Status | Updated | D | K |
+----------------------------------------------------------------------------------------------+
| recon/companies-contacts/censys_email_address | 2.0 | not installed | 2021-05-11 | * | * |
+----------------------------------------------------------------------------------------------+Hier bekommen wir den kompletten Pfad des Moduls, den wir jetzt mit dem Info Befehl benutzen:
[recon-ng][default] > marketplace info recon/companies-contacts/censys_email_address
+-----------------------------------------------------------------------------------------------------------------------------------+
| path | recon/companies-contacts/censys_email_address |
| name | Censys emails by company |
| author | Censys Team |
| version | 2.0 |
| last_updated | 2021-05-11 |
| description | Retrieves email addresses from the TLS certificates for a company. Updates the 'contacts' table with the results. |
| required_keys | ['censysio_id', 'censysio_secret'] |
| dependencies | ['censys>=2.0.0'] |
| files | [] |
| status | not installed |
+-----------------------------------------------------------------------------------------------------------------------------------+Antwort 4:
Censys Team
Task 7 Maltego
Frage 1:
What is the name of the transform that queries NIST’s National Vulnerability Database?
Wir gehen auf https://www.maltego.com/transform-hub/ und geben in die Suchzeile „NIST“ ein.
Antwort 1:
NIST NVD
Frage 2:
What is the name of the project that offers a transform based on ATT&CK?
Wir gehen wieder auf die Seite und suchen diesmal nach „ATT&CK“. Wichtig ist hier der Projektname, nicht der Name des „Moduls“.
Antwort 2:
MISP Project
Task 8 Summary
Dieser Task enthält keine Fragen.