【Walkthrough】TryHackMe: Introductory Researching

概要

TryHackMe「Introductory Researching」ルームのWalkthroughです。
このルームでは侵入テストのための調査スキルを簡単に学べます。

Task2

Q1.In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?

Hint.Search for "manually send request burp suite"

A.repeater

Q2.What hash format are modern Windows login passwords stored in?

Hint.Search for "hashing algorithm for windows"

A.ntlm

Q3.What are automated tasks called in Linux?

Hint.Search for "automated tasks Linux"

A.cron jobs

Q4.What number base could you use as a shorthand for base 2 (binary)?

Hint.Octal (base 8) is not the correct answer.

A.base 16

Q5.If a password hash starts with \$6\$, what format is it (Unix variant)?

Hint.______cry__

A.sha512crypt

Task3

ExploitDBでCVEを検索していきます。

Q1.What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?

TitleにWPForms、Contentにxssを指定し検索する。

A.cve-2020-10385

Q2.There was a Local Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What's the CVE for this vulnerability?

TitleにApache Tomcat、Typeでlocalを指定し検索する。

A.cve-2016-1240

Q3.What is the very first CVE found in the VLC media player?

TitleにVLC media playerを入力し検索する。
右下のLASTから最初のCVEを確認する。

A.cve-2007-0017

Q4.If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use?

Titleにsudoを入力し検索する。

A.cve-2019-18634

Task4

Q1.SCP is a tool used to copy files from one computer to another.What switch would you use to copy an entire directory?

entire directoriesなどのワードでgrepすると見つけやすい。

$ man scp | grep "entire directories"
       -r      Recursively  copy entire directories.  Note that scp follows symbolic links encountered in the tree

A.-r

Q2.fdisk is a command used to view and alter the partitioning scheme used on your hard drive.What switch would you use to list the current partitions?

listなどでgrepする。

$ man fdisk | grep "list"      
       -l, --list
           Devices are always listed in the order in which they are specified on the command-line, or by the
           kernel listed in /proc/partitions.

A.-l

Q3.nano is an easy-to-use text editor for Linux. There are arguably better editors (Vim, being the obvious choice); however, nano is a great one to start with.What switch would you use to make a backup when opening a file with nano?

backupなどでgrepする。

$ man nano | grep "backup" 
       -B, --backup

A.-B

Q4.Netcat is a basic tool used to manually send and receive network requests. What command would you use to start netcat in listen mode, using port 12345?

-lでlisten mode、-pでリッスンするポートを指定します。

$ man nc | grep "\-l"
       nc -l -p port [-options] [hostname] [port]
       And  it  can do this via UDP too, so netcat is possibly the "udp telnet-like" application you always wanted
       -l           listen mode, for inbound connects

A.nc -l -p 12345