概要
TryHackMe「Vulnerabilities 101」のWalkthroughです。
Task2
Q1.An attacker has been able to upgrade the permissions of their system account from "user" to "administrator". What type of vulnerability is this?
A.Operating System
Q2.You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this?
A.Application Logic
Task3
Q1.What year was the first iteration of CVSS published?
A.2005
Q2.If you wanted to assess vulnerability based on the risk it poses to an organisation, what framework would you use?
A.VPR
Q3.If you wanted to use a framework that was free and open-source, what framework would that be?
A.CVSS
Task4
Q1.Using NVD, how many CVEs were published in July 2021?
Hint.Change "Search Type" to Advanced, specify the proper Published Date Range, and hit Search.
Search TypeをAdvancedにし、Published Date Rangeを設定して検索します。
A.1554
Q2.Who is the author of Exploit-DB?
A.OffSec
Task5
Q1.What type of vulnerability did we use to find the name and version of the application in this example?
A.Version Disclosure
Task6
Q1.Follow along with the showcase of exploiting ACKme's application to the end to retrieve a flag. What is this flag?
A.THM{ACKME_ENGAGEMENT}