Contents
Bir bilgisayar korsanının her istediğini yaptığını düşünebilirsiniz, ancak profesyonel bilgisayar korsanlarının/pentester’ların genellikle hedeflerini anlamak ve istismar etmek için önemli bir süreci takip ederler. Bu yazıda ‘Hacker Metodolojisine Giriş’ konulu içeriğin CTF Writeup’ını paylaşmaktayız. Bu odaya şu adresten ulaşabilirsiniz:
https://tryhackme.com/room/hackermethodology
Methodology Outline
Question 1:
- What is the first phase of the Hacker Methodology?
Answer:
Reconnaissance
Reconnaissance Overview
Question 1:
- Who is the CEO of SpaceX?
Answer:
Elon Musk
Question 2:
- Do some research into the tool: sublist3r, what does it list?
Answer:
subdomains
Question 3:
- What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?
Answer:
Google Dorking
Enumeration and Scanning Overview
Question 1:
- What does enumeration help to determine about the target?
Answer:
Attack Surface
Question 2:
- Do some reconnaissance about the tool: Metasploit, what company developed it?
Answer:
Rapid7
Question 3:
- What company developed the technology behind the tool Burp Suite?
Answer:
portswigger
Exploitation
Question 1:
- What is one of the primary exploitation tools that pentester(s) use?
Answer:
Metasploit
Privilege Escalation
Question 1:
- In Windows what is usually the other target account besides Administrator?
Answer:
System
Question 2:
- What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?
Answer:
Keys
Covering Tracks
Question 1:
Read the Introduction
Answer:
No answer needed
Reporting
Question 1:
- What would be the type of reporting that involves a full documentation of all findings within a formal document?
Answer:
full formal report
Question 2:
- What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality
Answer:
remediation recommendation
Bu odayı bizlere sunan tryhackme’ye teşekkürler!