Introductory Researching

A brief introduction to research skills for pentesting.

As I am learning i am making the notes so please don't blame me for any unnecessary answers or content.

Task 01 (Introduction)

The ability to research effectively is the most important quality for a hacker to have. By its very nature, hacking requires a vast knowledge base -- because how are you supposed to break into something if you don't know how it works? The thing is: no one knows everything.

Learn Whats going on, understand it the Software, Hardware, Mechanism, Flow of the work and find out its weak points/ parts ware we can use it for vernabilities.

We will be Learning the following topics:

  • An example of a research question .

  • Vulnerability Searching tools .

  • Linux Manual Pages.

Task 02 (Explain Research Questions)

We'll begin by looking at a typical research question: the kind that you're likely to find when working through a CTF on TryHackMe, HackTheBox or any other Platform which are available.

In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?
Repeater
What hash format are modern Windows login passwords stored in?
NTLM
What are automated tasks called in Linux?
Cron Jobs
What number base could you use as a shorthand for base 2 (binary)?
BASE 16
If a password hash starts with $6$, what format is it (Unix variant)?
sha512crypt

Task 03 (Vulnerability Searching)

Exploitation, Vulnerabilities, Exposures and anything else....

CVE (Common Vulnerabilities and Exposures): it is exploit available for public a list of records — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity ... (format for CVE is CVE-YEAR-IDNUMBER)

What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?
CVE-2020-10385

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10385

There was a Local Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What's the CVE for this vulnerability?
CVE-2016-1240

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1240

What is the very first CVE found in the VLC media player?
CVE-2007-0017

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0017

If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use? 
CVE-2019-18634

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634

Task 04 (Manual Pages)

Guide is requried to learn how the product works similarly Manual is a type of guide. In Luinux we use MAN command for manual of a tool 

Syntax: Man Tool_Name
SCP is a tool used to copy files from one computer to another.
What switch would you use to copy an entire directory?
-r
fdisk is a command used to view and alter the partitioning scheme used on your hard drive.
What switch would you use to list the current partitions?
-t
nano is an easy-to-use text editor for Linux. There are arguably better editors (Vim, being the obvious choice); however, nano is a great one to start with.
What switch would you use to make a backup when opening a file with nano?
-B
Netcat is a basic tool used to manually send and receive network requests. 
What command would you use to start netcat in listen mode, using port 12345?
nc -l -p 12345

Conclusion

In this Room i leant how to use Manual, CVE, and research how the Vulnerabilities works.

PreviousIndexNextIndex

Last updated

Was this helpful?