TryHackMe Introductory Research Official Walkthrough

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone welcome back to another video here on darksec i'm dark and today we're going to be taking a look at the room introductory researching on tryhackme for those of you who've been in the penetration testing field or even have done a little bit of light it work you know that knowing how to research and knowing how to do it efficiently is one of the most important skills to have in this room it covers exactly that it's incredibly important and knowing how to ask a question how to research it is going to be critical if you want to be successful so we'll start right now with task one introduction so without a doubt the ability to research effectively is the most important quality for a hacker to have by its very nature hacking requires a vast knowledge base because how are you supposed to break into something if you don't know how it works the answer is no one knows everything and anyone who's done any programming as well will know that programming is a lot of times considered professional googling it's do you know how to look up what you need same thing for hacking everyone professional or immature experienced or totally new to the subject will encounter problems which they don't automatically know how to solve this is where research comes in as in the real world you can't ever expect to simply be handed the answers to your questions as your experience level increases you will find the things that you're researching skill and their difficulty accordingly however in the field of information security there will never come a point where you don't need to look things up this is very true in my professional work a lot of my time is spent doing r d a lot of it is knowing how to google and trying to learn how to use things and learn how to use different commands and ways that they can be abused looking up other research that different security researchers have done things like that this room will serve as a brief overview of some of the most important resources available to you and will hopefully aid you in the process of building a research methodology that works for you we will be looking at the following topics an example of a research question vulnerability searching tools linux manual pages and uh that'll be it so let's go ahead and begin we'll go ahead and mark that as completed and we'll go ahead and jump into task two an example research question we'll be we'll begin by looking at a typical research question the kind that you're likely to find when working through a ctf on tryhackme let's say you've downloaded a jpeg image from a remote server you suspect that there's something in hidden inside of it but how do you get it out how about we start by searching for hiding things inside images in google and here we can see that mirland has actually done this uh google search for us already so we can see that right away we see an article from nobite which is a fantastic resource for finding different hacking articles they're pretty good site for that so notice that the second link down gives us the title of a technique steganography being able to pick up those terms like that that's incredibly important you can then click that link and read the document which will teach you how files are hidden inside images okay so we know how it's done let's try searching for a way to extract files using steganography and again mirrorland has this search done for us already virtually every link is pointing to something useful 0x rick this is a great website for write-ups he's done a ton of them you can see that it's linking to various tools stegextract uh different ctf resources this is pretty common if you're doing a ctf challenge or a ctf competition rather you're probably gonna have to do a little bit of stego or at least know how to do it the first link contains a collection of useful tools the second is more uh instructions on how to perform steganography in the first place realistically any of these links could prove useful but let's take a look at that first one so we can go ahead and open that in a new tab and again great resource you can see that xerox rick has a bunch of different things so wizard labs hack the box basic binary exploitation this is fantastic this is actually a resource as i was preparing for my oscp um i went through and took a look through a number of his write-ups and it gets back to the idea of maybe you don't know how to do something look it right up and figure it out it's you know you gotta teach yourself a little bit there um and then right away we can see down further on the page we have a tool called staghide and if you've done again any ctf competitions this tool is going to ring a bell the very first tool there looks useful it can be used to extract embedded data from jpeg files exactly what we want to do this page also tells you that stegahide can be installed using something called apt let's search that up next so searching for app to install apt is a command this is something that is in the debian distribution of the linux kali is a distribution or a flavor of uh debian so is ubuntu it is your package installer tool very easy to use and here we can see uh so great so apt is a package manager that lets us install tools on linux distributions like ubuntu or cali how can we install packages using apt let's go ahead and search it so scrolling down just a little bit we can see we have this command immediately highlighted which is sudo apt get install and then your package name this is a command that as you get used to linux you're going to use this a lot especially if you want to install a tool in an easy way or some sort of package apt is going to be your best friend similar versions or similar tools are pac-man um d-package installer various other things like that so each um version of linux is really going to have its own perfect right at the top of the page we're given instructions we know that our package is called stack hide so we can go ahead and install that which i will open up a terminal here i am not connected to the try hackme vpn right now but i don't know if we actually need it for this room we can do uh sudo apt get install stick hide and since i'm running kali this should already be installed but we'll check and there we go sure enough it's already there and ready to go so now let's switch back to that collection of staggernography tools we were looking at before did you notice that were instructions on how to use stack hide right there and sure enough right below we can see we have two commands stake hide info file which is going to display information about a file with um whether or not it has embedded data in it and then we have the extract command so if there is embedded data this is the command that we would actually use to extract it now one thing to know this data can sometimes have passwords in it but this is something you'll explore a little bit or this data can rather require a password to extract it and that's something you will explore a little bit more as you um start playing with secondary and there's a couple excellent rooms on the on try hackney there we go that's how we can extract an image from a file our research has finally or has paid off and we can now go and complete the task notice the methodology here we started with nothing but gradually built up a picture of what we needed to do we had a question how can i extract data from this image we searched for an answer to that question then continue to query each of the answers we were given until we had a full understanding of the topic this is re a really good way to conduct research start with the question get initial understanding in the topic and then look into more advanced aspects as as needed and again this comes into the idea of can you pick up those core terms so if you see something that uh maybe is your blanket term for a lot of things so in this case steganography uh that's usually gonna be what you want to research now it's your turn to see if you can answer the following questions using your research skills the first three questions have appropriate search queries in the hints in the burp suite program that ships with calling linux what mode would you use to manually send a request often repeating a captured request numerous times now i do know the answer to this one we're going to go ahead and google it just so that we can see how we would do that research topic so we'll do burp suite repeat request and we can see how to repeat a request in a loop that doesn't look like it's too useful um and we can see our second link here is using burp repeater burp repeater is a simple tool for manually manipulating and reissuing individual http and websocket messages and analyzing the application's responses you can use repeater for all kinds of purposes such as changing parameter values and so on and so forth this is going to be what we're looking for though and you can see just by searching picking out a couple words in that the actual question we can find the correct answer what hash format are modern uh windows and login passwords stored in and we can actually take this and we'll try searching for that directly so fun fact the url bar in most modern web browsers is just a search bar as well and sure enough by church you're searching just for that uh term we can see that we have our answer here the user passwords are stored in a hash format in a registry hive either as an lm this is a lan man hash or an ntlm hash and this ntlm is four characters so this is likely what we're looking for there we go what are automated tasks called in linux so we can go back over here uh linux automated tas and it looks like we have a couple of interesting links here one is going to be on cron tab and sure enough we can see right here such tasks in linux are referred to as crown jobs which is actually going to fit our answer and that's going to be how you would automate things in linux very nice especially if you want to do simple things like suppose you want to run a minecraft server cron jobs are your best friend for running backups if you don't have a backup plug-in and you can do a lot of other fun things like this automated backups are a big one um going through and doing cleanup on your server can be another big one saving your work other things like that it's fantastic way that you can take advantage of the how flexible of an operating system linux is what number base could you use is a shorthand for base 2 or binary uh so there's a couple different answers here um in this case we're actually going to look at the hint to make sure um and this is going to tell us what is going to be an incorrect answer uh we'll search for this let's see if not what i wanted uh short and for base two we'll see which one merlin actually wants here so we can see that octal is one example and this is base eight very very cool as you start getting the computer science um and programming concepts a little bit more you'll start exploring this uh but there is an even shorter hand that is called hex uh let's see yeah let's see are we gonna actually refer to it properly here yeah hexadecimal so base 16 and that should be our answer so that is a basic scene number format um very very common to see you're gonna see it a ton in programs and in different ways to hash things and other things like that if a password starts with a dollar sign six dollar sign what format is it we can actually take this and we'll search for that uh sure enough it looks like we might have an answer here it is a type 6 password hash it might be a sha-256 let's see what we want cry so that is going to be in our password hash itself we can search around for this just a little bit shouldn't be too hard to find uh see if we have something here uh unix variant so it looks like this is the exact article that we were supposed to find uh it looks like it's gonna be sure enough it's uh actually referring to this room um it is gonna be the shaw 5-12 crypt answer and they even referenced that hey try hackme is going to link you here so sha 512 crypt let's try that and there we go perfect that is going to be task 2 done let's go to move into task 3 which is going to be vulnerability searching so vulnerability searching often in hacking you'll come across software that might be open to exploitation for example content management systems such as wordpress fuel cms ghost etc are frequently used to make setting up a website easier and many of these are vault or many of these are vulnerable to various attacks so where would we look if we wanted to exploit specific software and uh well this well the video for this is not actually out quite yet it'll be out pretty soon um i have another video that is going up on the uh mr robot ctf very very popular room on try hack me that i actually talk about why these cms systems end up being so vulnerable so definitely check that out if that's something that interests you the answer to that question lies in websites such as exploit db nvd so this is the national vulnerability database cve miter which is going to be the miter database for different um exploitations and then this first one that's mentioned is just a database of different exploits and exploit code nvd keeps track of cves which is common vulnerabilities and exposures this is important to know whether or not there is a specific exploit publicly available so it's a really good place to look if you're researching vulnerabilities in a specific piece of software cves take the format of cve dash and then the year and then dash id number this is going to be really useful and this is a good format to just be familiar with because it can help you for searching for different uh things that may have come out uh exploit db tends to be very useful for hackers it's actually designed by hackers made for hackers very cool offensive security maintains it great folks over there and they do a lot of really good work with that site tends to be very useful for hackers as it often actually contains exploits that can be downloaded and used straight out of the box it tends to be one of the first stops when you encounter software in a ctf or pen test typically especially if you're going to be doing something like an offset course this is going to be your best friend if you're inclined towards the cli the command line interface on linux kali comes pre-installed with the tool called search point that is an offline copy of exploit db it allows you to go through and once you update it it will actually just pull everything off of exploit db all the pocs and it saves it in a text format making it very very easy and very nice especially if you can't connect to the internet during a pen test so this is offline and works using a downloaded version of the database meaning you already have all the exploits yep let's take an example say we're playing a ctf and we come across a website this is actually from another room on try hack me uh you may want to check out a room called ignite and you might be able to find something fun there but i'll leave that up to you so we can see that we found fuel cms and then a version here uh well this is quite obviously fuel cms usually it won't be this obvious but hey we'll work with what we've got we know the software so let's search for it in exploitdb and we can actually pull up exploit db and we'll do that right now so let's search fuel cms and see what we get just thinking about it it's thinking about it there we go so we have fuel cms and it looks like we have one exploit here that leads to remote code execution let's go ahead and jump back over to the room and we can take a look at what we're gonna do with this uh we know the software so let's search for it in exploitdb um and then we're also going to go ahead and hop over to searchpoi and i'll demo that right now just so you guys can see what that looks like so search exploit fuelcms and there we go same uh results because again this is just an offline copy of db uh success we've got an exploit that we can use against the website actually using the exploit is uh out with the outside of the scope of this room but you can see the process and again if you want to continue on with this check out that other room ignite and i'll put a link to that in the video description below if you click on the title you'll be given a bit more of an explanation of about the exploit so here we can see we have the actual cve number on the room here which is super handy this is going to link to the national vulnerability database nvd this is a fantastic website especially if you are a defensive operator this is going to give you a lot of information along with link to relevant um other resources about this exploit so for example if you were working at a company and you're running a fuel cms that is this version this is going to tell you what you need to do and how bad this is another similar resource and i've got another walkthrough video up for it is attacker kb so that's worth checking out as well here but very very nice we can see that we have the base score here the actual score for the uh the exploit this is going to be a critical because it results in you you just win with this x plate it's very nice very fun uh switching back over um so we can see if you click on that it's going to give more of an explanation and again pay attention to this format with the cve numbers you're going to need them for the question uh so what is the cve for the 2020 cross-site scripting vulnerability found in wp forms let's take that and we're just going to search exactly for that uh let's see this is likely what we're looking for uh let's try this maybe there we go perfect so nice and easy you can see that sometimes just taking that phrase makes it very easy and almost trivial to find these things uh there was a local privilege escalation vulnerability found in the debian version of apache tomcat back in 2016. what is the cve for this uh vulnerability let's take this local privilege escalation vulnerability in the debian version of tomcat let's search for that and we can see that we have a 2016 cve uh which gets us local privilege escalation let's go ahead and click into this link and we can close a couple of these other tabs we'll grab this and let's try that and there we go what is the very first cve found in vlc media player uh we can go ahead and go back to exploit tv and let's see if we can find it just by searching for vlc um we'll expand our pages here and we'll go to the end just to see if we can find something very old looks like we have a cv here which is going to be nothing too interesting but it is a very old cve let's try this one and see if this is what mirlan wants there we go uh if i wanted to exploit a 2020 buffer overflow in a pseudo program what cbe would i use so let's take a look uh so it looks like we immediately found our exploit here which is going to be the pw feedback buffer overflow and if we click into this this might not be correct because it's 2019. let's take a look at a couple other ones uh date 2020 okay uh let's see if this is the right one i kind of doubt it but we'll find out up there we go okay so sure enough you can see that sometimes the cve might be off and we're gonna go ahead and refresh the page is it might have fixed it with regex uh there's single character substitution regex forgiveness on the page and sure enough no that is the correct exploit and we'll close some tabs and there we go we'll jump into task four which is going to be manual pages if you haven't already worked with linux i highly recommend taking a look at the learn linux room also another very popular room on tri hackme linux usually kali linux is without a doubt the most ubiquitous operating system used in hacking so pays to be familiar with it one of the most useful features of linux is the inbuilt man command which gives you access to the manual pages for most tools directly inside your terminal occasionally you'll find a tool that doesn't have a manual entry however this is this is pretty rare uh generally speaking when you don't know how to use a tool man should be your first port of call so there's also a shortened version of this called tldr too lazy didn't read um and you can install that it'll give you a short version of the man page i recommend checking it out if you want something fun to play with it is a fantastic tool i had a system administrator that i worked with for a while show that to me and it's fantastic um let's give it a shot say we want to connect to a remote computer using ssh but we don't know the syntax we can try man ssh to get the manual page for ssh and we'll go ahead and check that out right now do man ssh and there we go so this is the manual pages and we can see right away we've got a couple options at the bottom we have h for help or q for quit we can also scroll in the terminal to see what we've got you press space to go by pages but we can see that this lays out the entire program and it's it's pretty verbose it gives us pretty much everything that we could ever hope for with working with ssh and it's fantastic resource let's jump back to the room so awesome we can see in the description that the syntax for using ssh is user and then at and then the host this can be a host name or an ip address we can also use the main pages to look for special switches in programs that make the program do other things an example of this would be that from a very first example seghe can be used to both extract and embed files inside an image based on the switches that you give it for example if you wanted to display the version number for ssh you will scroll down in the man page until you found the appropriate switch which in this case mirroland has already got a screenshot of it for us which is going to be tac and that looks like capital v let's go ahead and try that out ssh dash v and there we go we can see that we have the version displayed another way to find that switch would have been to you search the main page for the correct switch using graph so we can man ssh grep and then e uh version number we can try that right now man ssh we'll pipe that into graph and e version number and there we go pulls that out so grab is just a search command we can pipe it so this takes the output of what's uh what comes from running this main ssh command and it uh throws it into something else so we can operate on it uh this is something that you'll also learn i believe in the learning linux room so check that out if you haven't already now it's your turn answer the following questions using the man command sap is a tool used to copy files from one computer to another what switch would you use to copy an entire directory and i'm guessing this is probably attack d i will do man scp though and let's see what we've got maybe ssh config identity destination probably looking at it but looking over it uh port quiet mode recursive there we go so this is what we want recursive mode is the other option that we've been looking for this will take the entire directory so it's going to be dash and lowercase r f disk is a command used to view and alter the partition or partitioning scheme used on your hard drive what switch would you use to list the current partitions we'll do man f disk and then we can uh we'll try grepping for this um graph e uh current nope that didn't give us really anything useful we'll just do min fdisk and we'll see what we can find see if my search commands nope do it just a i moment looking at it the entire time so it's going to be this tack l uh which is list the partition table for the specified devices in the exit uh this is going to show your current partitions on your device so we can go back here and then the answer is going to be tank l nano is an easy to use text editor for linux there are arguably better editors um this is also incorrect nano is the best however nano is the great one to start with um there's a constant fight on which one's the best text editor uh pick whichever one you want to use the most uh but i'm firmly in nano camp at the time of recording i let that be said um what switch would you use to make a backup without opening a file with nano so we can go ahead and go back we'll close this and we'll man nano and we're looking for a backup option maybe when saving a file back up the previous version of it using the current file name so fixed with or suffixed with the tilde um let's try that and there we go netcat is a basic command tool used to manually send and receive network requests what command would you use to start a netcat or start netcat in listen mode using port one two three four five so we can close this and we'll do man and then netcat so netcat um this one i do know off the top of my head we're gonna do two switches so this first one is gonna be tack l uh lowercase l there specifically for listen mode and then we need our port switch which is going to be dash lowercase p or the local port number that we're going to listen on so we can go back we'll do netcat uh listen dash p one two three four five let's give that a try perfect and that is gonna do it for task four let's jump into task five final thoughts you may have been told in school that there are good sources and bad sources of information that may be true when it comes to essays and referencing information however it's my pleasure to state that it doesn't or does not apply here any information can be potentially useful so feel free to use blogs wikipedia or anything else that contains what your information you're looking for uh blogs especially can be often or can often be very valuable for learning when it comes to information security as many security researchers keep a blog and especially as you advance in your career this is something that i do recommend considering having completed this room you hopefully now have established the basis of a methodology to tackle research questions that you can come across by yourself the vast majority of rooms on tri hackme can be solved purely using knowledge found on google so please take that opportunity to improve your skills by googling any problems you come across as a follow up to this room i highly recommend cmatics google dorking room this is very cool room as well to learn some advanced google tricks and we'll go ahead and mark that as complete and there we go that is going to do it for that room today uh if you guys have any questions feel free to join the official try hack me discord or the darksec discord both are linked in the video description below otherwise follow me on youtube for more walkthroughs like this and you guys have a great rest your day happy hacking

Info

Channel: DarkSec

Views: 230,981

Rating: undefined out of 5

Keywords: infosec, tryhackme, box, hacking, learn, darkstar, darksec, educational, darkstar7471, try, hack, me, walkthrough, tutorial, introductory, research, intro, to, muirland, oracle, official

Id: TGsIxfvEDaQ

Channel Id: undefined

Length: 29min 19sec (1759 seconds)

Published: Fri Sep 18 2020