Basic Pentesting
This is a machine that allows you to practise web app hacking and privilege escalation
easy
To access material, start machines and answer questions login.
Basic Penetration Testing | John Hammond •Aug 19, 2020
Source: YouTubeSet up your virtual environment
To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off
In these set of tasks you'll learn the following:
- brute forcing
- hash cracking
- service enumeration
- Enumeration
The main goal here is to learn as much as possible. Make sure you are connected to our network using your OpenVPN configuration file.
Credits to Josiah Pierce (opens in new tab) from Vulnhub.
Answer the questions below
Deploy the machine and connect to our network
Find the services exposed by the machine
What is the name of the hidden directory on the web server(enter name without /)?
User brute-forcing to find the username & password
What is the username?
What is the password?
What service do you use to access the server(answer in abbreviation in all caps)?
Enumerate the machine to find any vectors for privilege escalation
What is the name of the other user you found(all lower case)?
If you have found another user, what can you do with this information?
What is the final password you obtain?
Ready to learn Cyber Security?
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in