What are automated tasks called in linux tryhackme

TryHackMe: Introductory Researching Walkthrough

This room covers a brief introduction to research skills for pentesting.

Task 1 — Introduction#

Task 2 — Example Research Question#

1. In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)? Answer: Repeater
2. What hash format are modern Windows login passwords stored in? Answer: NTLM
3. What are automated tasks called in Linux? Answer: Cron Jobs
4. What number base could you use as a shorthand for base 2 (binary)? Answer: Base 16
5. If a password hash starts with $6$, what format is it (Unix variant)? Answer: sha512crypt

Task 3 — Vulnerability Searching#

1. What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms? Answer: CVE-2020-10385
2. There was a Local Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What’s the CVE for this vulnerability? Answer: CVE-2016-1240
3. What is the very first CVE found in the VLC media player? Answer: CVE-2007-0017
4. If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use? Answer: CVE-2019-18634

Task 4 — Manual Pages#

SCP is a tool used to copy files from one computer to another.

1. What switch would you use to copy an entire directory? Answer: -r fdisk is a command used to view and alter the partitioning scheme used on your hard drive.
2. What switch would you use to list the current partitions? Answer: -l nano is an easy-to-use text editor for Linux. There are arguably better editors (Vim, being the obvious choice); however, nano is a great one to start with.
3. What switch would you use to make a backup when opening a file with nano? Answer: -B

Netcat is a basic tool used to manually send and receive network requests.

1. What command would you use to start netcat in listen mode, using port 12345? Answer: nc -l -p 12345

Task 5 — Final Thoughts#

Источник

Introductory Researching — TryHackMe

In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?

ez, it’s repeater as the description suggests

What hash format are modern Windows login passwords stored in?

yea, no more direct answers

What are automated tasks called in Linux?

bare googling gets you through this one, why are you even looking here?

What number base could you use as a shorthand for base 2 (binary)?

this was a bit tricky, it is 16 because the hint says it’s not 8 and you know, logical reasons

If a password hash starts with $6$, what format is it (Unix variant)?

SHA512Crypt . this article explains the common ones

Task 3 — Vulnerability Searching

searchsploit , curl and grep are all you need for this section

note : in searchsploit , the -w parameter gives you the exploit-db link

What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?

 $ searchsploit wpforms -w $ curl $EXPLOITDB_LINK | grep CVE

or if you’re a fan of one liners, curl $(searchsploit wpforms -w | grep exploit | cut -f 7 -d ‘ ‘) | grep CVE

There was a Local Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What’s the CVE for this vulnerability?

searchsploit apache tomcat debian -w and so on

you know the rules, and so do i

What is the very first CVE found in the VLC media player?

running searchsploit vlc media player , gives us a lot of results, so either search on exploit-db.com and sort by date or by inspection, the earliest version of vlc media player might contain the first exploit, so go with VideoLAN VLC Media Player 0.8.6 (PPC) — ‘udp://’ Format String (PoC)

If I wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would I use?

searchsploit sudo buffer -w

Task 4 — Manual Pages

just man and grep the keywords, man

Task 5 — Final Thoughts

Источник

[TR] TryHackMe: Introductory Researching Walkthrough

Selamlar herkese, TryHackMe’de gördüğüm TryHackMe: Introductory Researching adlı odanın çözümünü sizlere anlatacağım. Oda oldukça basit fakat önemli bilgileri içerisinde barındırıyor, haydi başlayalım.

[Task 1] Introduction

[Task 2] Example Research Question

Burada biraz biraz araştırma yeteneğimizi geliştirmemiz için Google’da kolay erişebileceğimiz sorular sormaktadır.

1-In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?

Burp Suite programını hiç bilmediğinizi varsayalım ve Google’da bir araştırma yapalım.

https://portswigger.net/burp/documentation/desktop/tools/repeater/usingBurp Suite ile ilgili ufak bir araştırma yaptıktan sonra böyle bir dokümana ulaşabilirsiniz. Bu dokümanda repeater isimli aracın tam da istediğimiz işlevi yaptığını belirtiyor.

Cevap: Repeater

2- What hash format are modern Windows login passwords stored in?

3-What are automated tasks called in Linux?

Cevap: cron jobs

4-What number base could you use as a shorthand for base 2 (binary)?

Bunu biraz araştırdım, yanlış biliyorum sanmıştım fakat eksik araştırmışım. Byte-nots isimli web sitesinde cevabı buldum.

Cevap: Base 16

5-If a password hash starts with $6$, what format is it (Unix variant)?

Aradığımda cevabın SHA-512 olduğunu buldum ancak cevabımı kabul etmedi. Bende biraz daha bilgi toplamaya çalıştım. Araştırmalarım sonucunda Cheat Sheet GitHub reposuna ulaştım. Repo’da tam da aradığım cevap vardı.

[Task 3] Vulnerability Searching

Zafiyetler CVE(Common Vulnerabilities and Exposures/Bilinen zafiyetler ve açıklar) şeklinde isimlendirilir.

Источник