Room Banner
Back to all walkthroughs

Offensive Security Intro

Hack your first website (legally in a safe environment) and experience an ethical hacker's job.

easy

10 min

24,987

User avatar
User avatar
Room progress ( 0% )

To access material, start machines and answer questions login.

Task 1Think like a Hacker!

Offensive Security is about thinking like an attacker to find weaknesses before real hackers do.

In this room, you'll hack your first website in a safe and legal environment to see how ethical hackers operate.

Answer the questions below

Which term describes simulating a hacker's actions to find weaknesses?

  • Offensive Security
  • Defensive Security

This room uses a virtual desktop to simulate a real system. Click the button below to get started!

A browser will automatically open, displaying FakeBank, a fake banking application. This is what you will be targeting.

Answer the questions below

What is the bank account number in the FakeBank application?

Goal

Find a weakness in the FakeBank application. One common mistake is leaving hidden pages accessible.

Open the Terminal

Open the terminal on the machine. You will be using this to run your first hacking tool, dirbuster. The terminal icon will look like the following:

 

Finding Hidden Pages

To find hidden pages using Dirbuster, we will use dirb and the URL that we wish to search:

dirb http://fakebank.thm

Any lines from the output that start with + are pages that have been found. Dirb will find two URLs.

Answer the questions below

Dirb found one URL, http://fakebank.thm/images.
What is the other hidden URL?

You should now have found a hidden admin panel that lets you add money to your account.

To open this URL in the browser of the simulated desktop:

Add the following: /bank-transfer to the URL in the browser.

Use your account number 8881 and deposit $2000 (or more). After depositing, return to your account page and confirm the balance is now positive.

Answer the questions below

When your balance turns positive, a pop-up with green text appears.

Enter the green words as the answer (ALL CAPS)

Ready to learn Cyber Security? Create your free account today!

TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information contact us.

Read more