https://tryhackme.com/room/vulnerabilities101
Task 1 Introduction
Keine Fragen in diesem Task.
Task 2 Introduction to Vulnerabilities
Frage 1:
An attacker has been able to upgrade the permissions of their system account from „user“ to „administrator“. What type of vulnerability is this?
Antwort 1:
Operating System
Frage 2:
You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this?
Antwort 2:
Application Logic
Task 3 Scoring Vulnerabilities (CVSS & VPR)
Frage 1:
What year was the first iteration of CVSS published?
Antwort 1:
2005
Frage 2:
If you wanted to assess vulnerability based on the risk it poses to an organisation, what framework would you use?
Antwort 2:
VPR
Frage 3:
If you wanted to use a framework that was free and open-source, what framework would that be?
Antwort 3:
CVSS
Task 4 Vulnerability Databases
Frage 1:
Using NVD, how many CVEs were submitted in July 2021?
Wir gehen auf die Seite der NVD und klicken auf July 2022:
Anschließend bekommen wir die Lösung angezeigt:
Antwort 1:
1585
Frage 2:
Who is the author of Exploit-DB?
Wir besuchen die Seite der Exploit-DB und scrollen ganz herunter. HIer klicken wir auf „About Us“ und bekommen den Namen der Firma angezeigt:
Antwort 2:
Offensive Security
Task 5 An Example of Finding a Vulnerability
Frage 1:
What type of vulnerability did we use to find the name and version of the application in this example?
Antwort 1:
Version Disclosure
Task 6 Showcase: Exploiting Ackme’s Application
Frage 1:
Follow along with the showcase of exploiting ACKme’s application to the end to retrieve a flag. What is this flag?
Wir folgen der geführten Lernstrecke und erhalten am Ende die Flag:
Antwort 1:
THM{ACKME_ENGAGEMENT}
Task 7 Conclusion
Keine Fragen in diesem Task.