TryHackMe "PentestQuiz"

Today, I am going to make this write-up of "PentestQuiz" of TryHackMe. This is a quiz to check if you know topics and tools of Pentesting.


DESCRIPTION -

Getting better at using "Search Engines" in order to find the right answers in less time is an art. This room is all about quick challenges which most of the n00bs like me already have in mind and don't really require a "Google Search" but for some of the n00bs it is still remained to be learnt!

So these little challenges will be helping you a lot! Have fun!

~/w4tchd0g

NOTE: Try to answer using hints provided. If not able to answer using hints, then answers are provided below.

#1. Famous port scanner. Can you name it?

Hint: Famous Network Mapping tool.
#2. Famous network packet analyzer. Can you name it?
Hint: You won't find this kind of shark.
#3. Best place to find public exploits?
Hint: It is famous database of exploits.
#4. Best place to find google dorks?
Hint: It is famous for google hacking.
#5. Entering enough data to make the application crash!
Hint: It means overflow the data.
#6. I am a security bug but not known to anyone yet?
Hint: It is related to someday.
#7. "Your system has been locked, Pay me the money!"
Hint: You must have listen to a name "WannaCry". It was one of the famous attack of its category.
#8. Group of compromised machines connected to a C&C server!
Hint: A army of devices connected to a command and control server.
#9. Name the organization that releases TOP 10 Web and Mobile vulnerabilities?
Hint: Just Google about "TOP 10 Web and Mobile vulnerabilities".
#10. Name the famous worm which targeted SCADA environments?
Hint: Just Google about "worm which targeted SCADA environments".
#11.  Art of hiding information in other files!
Hint: The word comes from Greek steganographia.
#12. Converting readable data into unreadable format!
Hint: It is a process that encodes a message or file so that it can be only be read by certain people.
#13. Name the tool used for reading metadata of images! 
Hint: Just Google "metadata extraction tool linux".
#14. Famous Web Application Proxy Tool?
Hint: This image should help - click here
#15. NSA Reverse Engineering Tool?
Hint: Just Google "NSA Reverse Engineering Tool".
#16. Famous Open Source Web Application Proxy Tool?
Hint: It is Burp Suite's open source alternative.
 

ANSWERS -

#1. nmap
#2. Wireshark
#3. Exploit-db
#4. ghdb
#5. Buffer Overflow
#6. 0day
#7.Ransomware
#8. Botnet
#9. OWASP
#10. Stuxnet
#11. Steganography
#12. Encryption
#13. Exiftool
#14. Burp Suite
#15. Ghidra
#16. OWASP ZAP

TryHackMe

I hope, this post helped you to test yourself about Pentesting skills.

Stay tuned for more such posts!!!


Comments

Post a Comment

Popular posts from this blog

VirSecCon CTF Steganography Writeups

Image
1) Stegosaurus (70) DESCRIPTION- Scientists are struggling with a new mystery: we thought the dinosaurs were gone, but this one has returned! Hmmm... can you solve this mystery? Download the file below: stegosaurus.png SOLUTION:: → Use commands -           ⇒ Use website https://georgeom.net/StegOnline/image to convert the color palette of this image           ⇒ Use the LSB Half option to change color palette                                              OR           ⇒ Install tool stegsolve.jar using commands                     wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar                     chmod +x stegsolve.jar                     mv stegsolve.jar /bin           ⇒ Execute it using command- stegsolve.jar , use File option, choose image, use arrows to see the text by changing colors → Flag - LLS{you_stegsolved_the_mystery} 2) Winter Wonderland (80) DESCRIPTION- It’s the holiday season! But hmm… they must be hi
Read more

Red Primer: Web Scanning

Image
Today, I am going to make this write-up of Web Scanning challenge on TryHackMe. This is a write-up on Web Scanning tools named as Nikto and OWASP ZAP. Challenge Link - https://tryhackme.com/room/rpwebscanning [Task 1] Pull the lever, Kronk! Web scanning represents one of the core constructs of modern pentesting. Quite simply, most of what we interact with on a daily basis is the internet, and therein there is a multitude of ever-widening number of vulnerabilities. Within this room, we will investigate two of the most common scanners: Nikto and Zap. Deploy the machine. [Task 2] ... I'm supposed to scan with that? A short quiz over the various switches used with Nikto as well as a quick scan against our target. All you'll need for this is the help menu for Nikto. Include all parts of the switch unless otherwise specified, this includes - #1. First and foremost, what switch do we use to set the target host? -h As per help, the answer should be -ho
Read more

Kali Linux in Docker Container in Windows 10

Image
Background Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Docker is a great alternative to virtualization when dealing with various tools or for creating isolated environments. Docker is lightweight. Offensive Security has created an official Kali Linux Docker image named kalilinux/kali-rolling , which we’ll be using below. Install Docker Go to the following link and install Docker  -  https://docs.docker.com/docker-for-windows/install/ Setting up a Kali Linux Docker Image Pull the Kali Linux image using following command -  docker pull kalilinux/kali-rolling Running Kali  Run Kali using following command -  docker run -t -i kalilinux/kali-rolling /bin/bash First Things First The first thing we need to do is to update Kali packages and install the tools we’ll be using. Run following commands in Kali shell -  apt update apt dist-upgrade apt autoremove apt clean We can now run any Linux command in this Docker image but now you hav
Read more