René und IT-Sec

Mein Weg zur IT Sicherheit

Seite 3 von 9

HackTheBox WriteUp – Starting Point – Redeemer

2. November 2022 /

https://app.hackthebox.com/starting-point

Redeemer

Task 1:
Which TCP port is open on the machine?

Wir starten direkt mit einem nmap Scan. Da der „normale Scan“ keine Ergebnisse gebracht hat, müssen wir ein paar Anpassungen vornehmen. Da das Ergebnis mit ***9 angegeben ist, setzten wir die Portreichweite auf 1-9999 und erhöhen die Suchgeschwindigkeit mit -T5:

└─$ nmap 10.129.166.34 -sV -p1-9999 -T5
Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-02 19:06 CET
Warning: 10.129.166.34 giving up on port because retransmission cap hit (2).
Nmap scan report for 10.129.166.34
Host is up (0.053s latency).
Not shown: 9183 closed tcp ports (conn-refused), 815 filtered tcp ports (no-response)
PORT     STATE SERVICE VERSION
6379/tcp open  redis   Redis key-value store 5.0.7

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 95.02 seconds

Antwort 1:
6379

Weiterlesen

TryHackMe WriteUp – Exploit Vulnerabilities

18. Oktober 2022 /

https://tryhackme.com/room/exploitingavulnerabilityv2

Task 1 Introduction

Keine Fragen in diesem Task.

Task 2 Automated Vs. Manual Vulnerability Research

Frage 1:
You are working close to a deadline for your penetration test and need to scan a web application quickly. Would you use an automated scanner? (Yay/Nay)

Antwort 1:
yay

Frage 2:
You are testing a web application and find that you are able to input and retrieve data in a database.  What vulnerability is this?

Antwort 2:
Injection

Weiterlesen

TryHackMe WriteUp – Vulnerabilities 101

17. Oktober 2022 /

https://tryhackme.com/room/vulnerabilities101

Task 1 Introduction

Keine Fragen in diesem Task.

Task 2 Introduction to Vulnerabilities

Frage 1:
An attacker has been able to upgrade the permissions of their system account from „user“ to „administrator“. What type of vulnerability is this?

Antwort 1:
Operating System

Frage 2:
You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this?

Antwort 2:
Application Logic

Weiterlesen

TryHackMe WriteUp – Net Sec Challenge

13. Oktober 2022 /

https://tryhackme.com/room/netsecchallenge

Task 1 Introduction

Keine Fragen in diesem Task.

Task 2 Challenge Questions

Frage 1:
What is the highest port number being open less than 10,000?

Hier müssen wir den Port Filter von 1 bis 10.000 setzen, da nmap ansonsten nur die bekanntesten 1.000 Ports scannt:

└─$ nmap 10.10.186.199 -p 1-10000    
Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-13 19:15 CEST
Nmap scan report for 10.10.186.199
Host is up (0.058s latency).
Not shown: 9995 closed tcp ports (conn-refused)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 7.38 seconds

Antwort 1:
8080

Weiterlesen
« Ältere Beiträge Neuere Beiträge »

Impressum

© 2025 René und IT-Sec

Theme von Anders NorénHoch ↑