TryHackMe: The Hacker Methodology

Introduction to the Hacker Methodology

Task 1: Methodology Outline

What is the first phase of the Hacker Methodology?

Reconnaissance

Task 2: Reconnaissance Overview

Who is the CEO of SpaceX?

Just Google it.

Elon Musk

Do some research into the tool: sublist3r, what does it list?

sublist3r tool is used for listing subdomain of a website.

subdomain

What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

Learn Google Dorking

Google Dorking

Task 3: Enumeration and Scanning Overview

What does enumeration help to determine about the target?

The attack surface determines what the target might be vulnerable to in the Exploitation phase.

attack surface

Do some reconnaissance about the tool: Metasploit, what company developed it?

rapid7

What company developed the technology behind the tool Burp Suite?

PortSwigger

Task 4: Exploitation

What is one of the primary exploitation tools that pentester(s) use?

Metasploit is one of the primary exploitation tools that pentester(s) use. More tools are: BurpSuite, SQLMap, BeEF etc.

Metasploit

Task 5: Privilege Escalation

In Windows what is usually the other target account besides Administrator?

System

What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?

Finding secret keys or SSH keys stored on a device which will allow pivoting to another machine

keys

Task 6: Covering Tracks

I read this section!

No answer needed

Task 7: Reporting

What would be the type of reporting that involves a full documentation of all findings within a formal document?

full formal report

What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality

Remediation Recommendation