TryHackMe: Complete Beginner
2024-05-22
This pathway is designed to teach the core skills of cyber security
This pathway is designed to give the core skills needed to start a career in cybersecurity.
Introduction
This section simply has a tutorial and introduction to cybersecurity, and a quick lesson on how do research cybersecurity topics.
Linux Fundamentals
This was all covered in the pre-security pathway (found here). It covers the basics of Linux, including the way the operating system works, and common tools found on the operating system.
Network Exploitation Basics
This section started by introducing the basic concepts of networking, including the OSI and TCP/IP model. It also briefly touched on DNS again. It then covered key networking tools such as Ping, Traceroute and Dig.
It then went on to cover nmap in depth. This included the different types of scans, their usage and outputs, as well as flags to add to scan for vulnerabilities etc. Nmap connects with each port of the target in turn, and depending on how the port responds, it can be determined as being open, closed or filtered (usually by a firewall). Once we know which ports are open, we can then look at enumerating which services are running on each port, either manually or by using nmap.
The network services section then covered different services used. SMB is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. Telnet is an application protocol which allows you, with the use of a telnet client, to connect to and execute commands on a remote machine that is hosting a telnet server. FTP is a protocol used to allow remote transfer of files over a network. It uses a client-server model to do this and relays commands and data in a very efficient way. NFS allows a system to share directories and files with others over a network. SMTP is utilised to handle the sending of emails. In order to support emails, a protocol pair is used, comprising of SMTP and Post Office Protocol/Internet Message Access Protocol (POP/IMAP). MySQL is a relational database management system (RDBMS) based on Structured Query Language (SQL).
Web Hacking Fundamentals
The first thing this module looked at was tools to enumerate websites. One of my most regularly used on is Gobuster. Gobuster is written in Go, which is an open-source, low-level language (like C or Rust) developed by a team at Google and other contributors. It has a “dir” mode, which is used to enumerate website directories. It also has a DNS mode to brute-force subdomains, which is important to check for during a pentest or CTF. It also have a “vhost” mode, which is used to enumerate virtual hosts. Virtual hosts are different websites running on the same machine.
It also covered other useful places to enumerate websites, such as examining robots.txt and sitemap.xml, to try and find more information about a website.
It then went on to talk about BurpSuite, “a framework written in Java that aims to provide a one-stop-shop for web application penetration testing”. I most regularly use the Proxy to intercept and modify HTTP requests and responses, but it has other tools, including Intruder, Repeater, Decoder, Comparer and Sequencer.
The pathway then went on to look at the OWASP Top 10. From top to bottom:
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-side Request Forgery
There was also a room covering upload vulnerabilities. This looked at using file uploads on websites to try and upload malicious files, often reverse or bind shells to gain RCE.
There were also two challenge rooms to test the knowledge learnt in this module. These involved getting flags off of insecure websites using tricks learnt earlier in the module.
Cryptography
This module started by introducing hashes as a concept: “A hash function takes some input data of any size, and creates a summary or "digest" of that data.”. It looked at how these can be used to store passwords. This is because a hash, unlike encryption, cannot be reversed, meaning if passwords are breached, the hash still needs to be cracked using a rainbow table or brute-forced. You can also use hashes for checking data integrity. This is because a single change in a file will result in a wildly different hash. This allows you to check whether a file has been tampered with.
The module then looked at John the Ripper, a hash cracking tool. It looked at everything from cracking simple hashes, to cracking Windows authentication hashes, SSH keys, and password-protected zip files.
The final room looked at encryption, including both symmetric and asymmetric encryption, their uses and how they work.
Windows Exploitation Basics
This room started with the fundamentals of Windows, which were previously covered in the pre-security pathway (found here). It then went on to look at the basics of Active Directory, including how one is set up and managed, how authentication takes place, and the different terminology used, including trees, forests and trusts.
It then went on to look at Metasploit. “Metasploit is the most widely used exploitation framework. It is a powerful tool that can support all phases of a penetration testing engagement, from information gathering to post-exploitation.”. The room covered the use of Metasploit, from port scanning to exploitation. It also covered msfvenom, a built in tool used to generate payloads, and meterpreter, a Metasploit payload that acts as an agent within command and control architecture.
The final room in this module was Blue, a challenge room to exploit a Windows machine using EternalBlue, a famous exploit that targets a vulnerability affecting SMB servers on Windows systems.
Shells and Privilege Escalation
This module covered types of shell and how to catch and handle them, such as serving a shell on a HTTP server and catching it with a Netcat listener.
It then goes on to cover different techniques for privilege escalation on a Linux machine, including abusing SUID/GUID files. Most of the time it comes down to looking around for incorrectly configured services and permissions on the target machine.