Information
Room#
- Name: The Hacker Methodology
- Profile: tryhackme.com
- Difficulty: Easy
- Description: Introduction to the Hacker Methodology
Write-up
Methodology Outline#
What is the first phase of the Hacker Methodology?
Answer: Reconnaissance
Just read the course material.
Reconnaissance Overview#
Who is the CEO of SpaceX?
Answer: Elon Musk
Check on Wikipédia.
Do some research into the tool: sublist3r, what does it list?
Answer: subdomains
Check the README.
What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?
Answer: Google Dorking
Read the course material.
Enumeration and Scanning Overview#
What does enumeration help to determine about the target?
Answer: attack surface
Read the course material.
Do some reconnaissance about the tool: Metasploit, what company developed it?
Answer: rapid7
Search it on a search engine.
What company developed the technology behind the tool Burp Suite?
Answer: portswigger
Search it on a search engine.
Exploitation#
What is one of the primary exploitation tools that pentester(s) use?
Answer: metasploit
Read the course material.
Privilege Escalation#
In Windows what is usually the other target account besides Administrator?
Answer: system
Read the course material.
What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?
Answer: keys
Read the course material.
Reporting#
What would be the type of reporting that involves a full documentation of all findings within a formal document?
Answer: full formal report
Read the course material.
What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality
Answer: Remediation Recommendation
Read the course material.