Try Hack Me Walk Throughs

Try Hack Me – Pentesting Fundamentals Room Walk through

The room can be found here.

Penetration Testing Ethics:

  1. “You are given permission to perform a security audit on an organisation; what type of hacker would you be?”

Answer: white hat

2.“You attack an organisation and steal their data, what type of hacker would you be?”

Answer: Black Hat

3.“What document defines how a penetration testing engagement should be carried out?”

Answer: Rules of Engagement

Penetration Testing Methodologies:

The stages are Information Gathering (OSINT), Enumeration/Scanning. Exploitation, Privilege Escalation, Post-exploitation (sub-stages: pivoting, gather additional information as a privileged user, cover your tracks, reporting)

OSSTMM – Open Source Security Testing Methodology Manual

OWASP – Open Web Application Security Project

NIST Cybersecurity Framework 1.1 – National Institute of Standards and Technology

NCSC CAF – National Cyber Security Centre Cyber Assessment Framework

  1. “What stage of penetration testing involves using publicly available information? ”

Answer: Information Gathering

2. “If you wanted to use a framework for pentesting telecommunications, what framework would you use?
Note: We’re looking for the acronym here and not the full name.”

Answer: OSSTMM

3. “What framework focuses on the testing of web applications?”

Answer: OWASP

Black box, White box, Grey box Penetration Testing:

Black Box testing is high level, no information given about inner workings of app/service.

Grey Box testing is most popular, tester has some knowledge of app/service

White Box testing is low level usually done by a software developer, will have full knowledge off app/service

  1. “You are asked to test an application but are not given access to its source code – what testing process is this?”

Answer: black box

2. “You are asked to test a website, and you are given access to the source code – what testing process is this?”

Answer: white box

Practical: ACME Penetration Test:

Follow the steps to obtain the flag