TryHackMe: Junior Penetration Tester
2024-06-14
This pathway covers the basics of penetration testing on both networks and web apps
This learning path covers the core technical skills that are needed for penetration testing.
Introduction to Pentesting
This covered the fundamentals of pentesting, including ethics considerations, and common methodologies used in pentesting. It also includes the principles of pentesting, including frameworks and security models.
Introduction to Webhacking
This module was covered in Web Fundamentals, which can be found here.
Network Security
This module started by looking at performing reconnaissance on a server, both actively and passively, and different tools that can be used for this job. These included ping, traceroute and Netcat. It then did a very deep look at Nmap and the different discovery options available on Nmap. It also covered some advanced nmap tecniques, such as spoofing, decoys and idle scans. It then went on to look at different protocols, such as HTTP, FTP, POP3, SMTP and IMAP. It covered how these worked, their purpose and how they can be attacked.
Vulnerability Research
This module looked at vulnerabilities in the context of pentesting, and how you can use known vulnerabilities to your advantage, using online resources like ExploitDB and the National Vulnerability Database to find exploits and vulnerabilities.
Privilege Escalation
This module looked at common methods for privilege escalation on Linux and Windows. Both often rely on misconfigured privileges and poor administration. Common privilege escalation techniques on Linux include abusing sudo privileges and SUID bits, as well as misconfigured cron jobs (although this can be less effective in a real pentest scenario). Windows privilege escalation is a bit harder, but still relies on misconfigured permissions. One of the easiest ways is to go through prime locations and see if you can find stored credentials.