tryhackme: offensive security intro
task 1 - what is offensive security? "to outsmart a hacker, you need to think like one."
this is the core of offensive security.
question.
Which of the following options better represents the process where you simulate a hacker's actions to find vulnerabilities in a system?
Offensive Security.
task 2 - hacking your first machine.
tryhackme has set up a fake bank website on the machine.
start the machine.
Now open a terminal.
Enter this command in the terminal - gobuster -u http://fakebank.thm -w wordlist.txt dir
this will start the GoBuster Program. Wait until it finishes and you will see this:
in the command you copy and pasted -u is used to state the website we are going to scan (http://fakebank.thm in this case).
-w takes a list of words (wordlist.txt in this case) to find hidden pages on the website we picked with -u
in the image above you can see that /bank-transfer has been found by GoBuster, indicated by (Status:200)
now that we know that http://fakebank.thm/bank-transfer is real, lets navigate to it in the the browser.
this is what it will look like:
As you can see from what is on this web page, you can send money to or from any account. As an ethical hacker you would report this vulnerability. You would not use it because you could get in a lot of trouble. Fines and probably jail time.
The mission in this environment is to transfer $2000 from bank account 2276 to your account (8881).
Like this:
Press Send Money
Press Return to Your Account
This is what you should see on your account page
Question
Above your account balance, you should now see a message indicating the answer to this question. Can you find the answer you need?
bank-hacked
task 3 - careers in cyber security
how can I start learning? pick an area you want to learn within cyber security and focus on that. Do hands on exercises daily.
You can do it!
ad astra infinitum