https://tryhackme.com/room/phishingyl
Task 1 Brief
Dieser Task enthält keine Fragen.
Task 2 Intro To Phishing Attacks
Frage 1:
What type of psychological manipulation is phishing part of?
Antwort 1:
Social Engineering
Frage 2:
What type of phishing campaign do red teams get involved in?
Antwort 2:
spear-phishing
Task 3 Writing Convincing Phishing Emails
Frage 1:
What tactic can be used to find brands or people a victim interacts with?
Antwort 1:
OSINT
Frage 2:
What should be changed on an HTML anchor tag to disguise a link?
Antwort 2:
anchor text
Task 4 Phishing Infrastructure
Frage 1:
What part of a red team infrastructure can make a website look more authentic?
Antwort 1:
SSL/TLS certificates
Frage 2:
What protocol has TXT records that can improve email deliverability?
Antwort 2:
DNS
Frage 3:
What tool can automate a phishing campaign and include analytics?
Antwort 3:
gophish
Task 5 Using GoPhish
Frage 1:
What is the password for Brian?
Hier müssen wir nur der Anleitung folgen, um das Passwort von Brian zu erhalten.
Antwort 1:
p4$$w0rd!
Task 6 Droppers
Frage 1:
Do droppers tend to be malicious?
Antwort 1:
nay
Task 7 Choosing A Phishing Domain
Frage 1:
What is better, using an expired or new domain? (old/new)
Antwort 1:
old
Frage 2:
What is the term used to describe registering a similar domain name with a spelling error?
Antwort 2:
Typosquatting
Task 8 Using MS Office In Phishing
Frage 1:
What can Microsoft Office documents contain, which, when executed can run computer commands?
Antwort 1:
Macros
Task 9 Using Browser Exploits
Frage 1:
Which recent CVE caused remote code execution?
Antwort 1:
CVE-2021-40444
Task 10 Phishing Practical
Frage 1:
What is the flag from the challenge?
Antwort 1:
THM{I_CAUGHT_ALL_THE_PHISH}