René und IT-Sec

Mein Weg zur IT Sicherheit

Kategorie: Jr Penetration Tester Path (Seite 1 von 3)

TryHackMe WriteUp – Exploit Vulnerabilities

18. Oktober 2022 /

https://tryhackme.com/room/exploitingavulnerabilityv2

Task 1 Introduction

Keine Fragen in diesem Task.

Task 2 Automated Vs. Manual Vulnerability Research

Frage 1:
You are working close to a deadline for your penetration test and need to scan a web application quickly. Would you use an automated scanner? (Yay/Nay)

Antwort 1:
yay

Frage 2:
You are testing a web application and find that you are able to input and retrieve data in a database.  What vulnerability is this?

Antwort 2:
Injection

Weiterlesen

TryHackMe WriteUp – Vulnerabilities 101

17. Oktober 2022 /

https://tryhackme.com/room/vulnerabilities101

Task 1 Introduction

Keine Fragen in diesem Task.

Task 2 Introduction to Vulnerabilities

Frage 1:
An attacker has been able to upgrade the permissions of their system account from „user“ to „administrator“. What type of vulnerability is this?

Antwort 1:
Operating System

Frage 2:
You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this?

Antwort 2:
Application Logic

Weiterlesen

TryHackMe WriteUp – Net Sec Challenge

13. Oktober 2022 /

https://tryhackme.com/room/netsecchallenge

Task 1 Introduction

Keine Fragen in diesem Task.

Task 2 Challenge Questions

Frage 1:
What is the highest port number being open less than 10,000?

Hier müssen wir den Port Filter von 1 bis 10.000 setzen, da nmap ansonsten nur die bekanntesten 1.000 Ports scannt:

└─$ nmap 10.10.186.199 -p 1-10000    
Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-13 19:15 CEST
Nmap scan report for 10.10.186.199
Host is up (0.058s latency).
Not shown: 9995 closed tcp ports (conn-refused)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 7.38 seconds

Antwort 1:
8080

Weiterlesen

TryHackMe WriteUp – Nmap Post Port Scans

12. Oktober 2022 /

https://tryhackme.com/room/nmap04

Task 1 Introduction

Keine Fragen in diesem Task.

Task 2 Service Detection

Frage 1:
Start the target machine for this task and launch the AttackBox. Run nmap -sV --version-light 10.10.201.22 via the AttackBox. What is the detected version for port 143?

└─$ sudo nmap -sV --version-light 10.10.201.22   
[sudo] password for belcher: 
Sorry, try again.
[sudo] password for belcher: 
Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-12 18:09 CEST
Nmap scan report for 10.10.201.22
Host is up (0.070s latency).
Not shown: 994 closed tcp ports (reset)
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 6.7p1 Debian 5+deb8u8 (protocol 2.0)
25/tcp  open  smtp    Postfix smtpd
80/tcp  open  http    nginx 1.6.2
110/tcp open  pop3    Dovecot pop3d
111/tcp open  rpcbind
143/tcp open  imap    Dovecot imapd
Service Info: Host:  debra2.thm.local; OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.81 seconds
Weiterlesen
« Ältere Beiträge

Impressum

© 2025 René und IT-Sec

Theme von Anders NorénHoch ↑