TryHackMe: Introductory Researching

Fig 0.1 : TryHackMe Logo

Hi all,

This article is about Introductory Researching room created by TryHackMe. It is free room and easy to learn.

Description: This is a machine that allows you to learn the research and practise about Google Search.

The room link is https://tryhackme.com/room/introtoresearch

Now we will see the tasks:

[Task 1] Introduction

Nothing Here. Just read the content and press the completed button.

Fig 1.1 : Introduction

[Task 2] Example Research Question

1. In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?

Fig: 2.1 Burpsuite

ANS: repeater

2. What hash format are modern Windows login passwords stored in?
Reference: https://ab-lumos.medium.com/introduction-to-hashing-and-how-to-retrieve-windows-10-password-hashes-9c8637decaef

Ans: NTLM

3. What are automated tasks called in Linux?

Ans: Cron jobs

4 .What number base could you use as a shorthand for base 2 (binary)?
Reference: https://practicalee.com/binary/

There’re many shorthands: 2 ,8, 10 ,16
Ans: base 16

5. If a password hash starts with $6$, what format is it (Unix variant)?
Reference: https://github.com/frizb/Hashcat-Cheatsheet

Ans: sha512crypt

[Task 3] Vulnerability Searching

Exploit db contains about every CVE details or you can use CVE details.

1. What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?

Fig : 3.1.1 Wp forms

Fig: 3.1.2 Cve wpforms

Ans: CVE-2020-10385

2 . There was a Local Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What’s the CVE for this vulnerability?

Fig: 3.2.1 : Apache Tomcat issue

Fig: 3.2.1 : Apache Tomcat CVE Details

Ans: CVE-2016-1240

4. What is the very first CVE found in the VLC media player?

Fig : 3.3.1 — vlc media player

Fig : 3.3.2 — vlc media player cve

Ans: CVE-2007-0017

4. If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use?

Fig — 3.4.1 — Buffer overflow in sudo program

Fig — 3.4.2 — Buffer overflow in sudo program CVE

Ans: CVE-2019-18634

[Task 4] Manual Pages

1. SCP is a tool used to copy files from one computer to another.
   What switch would you use to copy an entire directory?

man scp

Fig: 4.1— scp

Ans: -r

2. fdisk is a command used to view and alter the partitioning scheme used on your hard drive.
What switch would you use to list the current partitions?

man fdisk

Fig: 4.2 — fdisk

Ans: -l

3. nano is an easy-to-use text editor for Linux. There are arguably better editors (Vim, being the obvious choice); however, nano is a great one to start with.
What switch would you use to make a backup when opening a file with nano?

man nano

Fig: 4.3 — nano

Ans: -B

4. Netcat is a basic tool used to manually send and receive network requests.
What command would you use to start netcat in listen mode, using port 12345?

man netcat

Fig: 4.4.1 — netcat l

Fig: 4.4.2 — netcat p

Ans : nc -l -p 12345

[Task 5] Final Thoughts

Nothing is need here read the content and click the completed.

Final

Finally, We reached the end now. Hurrah! We have completed this Introductory Researching Challenge. Thanks for staying till here.

If you enjoy with this article, like this article. For more article, follow us.