đŸš©
THM Walkthroughs
  • THM Walkthroughs
    • đŸ§‘â€đŸ«Tutorial
  • 🟩Difficulty: Info
    • 🔌What is Networking?
    • 🔌Intro to LAN
    • 🐧Linux Fundamentals
      • 🐧Linux Fundamentals Part 1
        • Task 2 - A Bit of Background on Linux
        • Task 4 - Running Your First few Commands
        • Task 5 - Interacting With the Filesystem!
        • Task 6 - Searching for Files
        • Task 7 - An Introduction to Shell Operators
      • 🐧Linux Fundamentals Part 2
        • Task 3 - Introduction to Flags and Switches
        • Task 4 - Filesystem Interaction Continued
        • Task 5 - Permissions 101
        • Task 6 - Common Directories
      • 🐧Linux Fundamentals Part 3
        • Task 3 - Terminal Text Editors
        • Task 4 - General/Useful Utilities
        • Task 5 - Processes 101
        • Task 6 - Maintaining Your System: Automation
        • Task 8 - Maintaining Your System: Logs
    • đŸȘŸWindows Fundamentals
      • đŸȘŸWindows Fundamentals 1
      • đŸȘŸWindows Fundamentals 2
      • đŸȘŸWindows Fundamentals 3
    • 🔓Principles of Security
    • 🐍Python Basics
    • 🔍History of Malware
    • đŸŠčCommon Attacks
    • đŸ–„ïžSecurity Awareness
    • ⚔Intro to Offensive Security
    • đŸŠčPentesting Fundamentals
    • 🔓CVE Walkthroughs
      • đŸ–„ïžSudo Security Bypass: CVE-2019-14287
      • đŸ–„ïžSudo Buffer Overflow: CVE-2019-18634
      • đŸ–„ïžBaron Samedit: CVE-2021-3156
      • đŸ–„ïžOverlayFS: CVE-2021-3493
      • đŸ–„ïžPolkit: CVE-2021-3560
      • đŸ–„ïžPwnkit: CVE-2021-4034
      • đŸȘ¶Apache HTTP Server Path Traversal: CVE-2021-41773/42013
      • đŸ§»Dirty Pipe: CVE-2022-0847
      • 🟱Spring4Shell: CVE-2022-22965
    • 🟧Burp Suite
      • 🟧Burp Suite: The Basics
      • 🟧Burp Suite: Repeater
    • 🏁Challenges
      • ‎Bypass Disable Functions
    • đŸŽŸïžTHM PROMOs
      • đŸŽŸïžLearn and win prizes [PROMO ENDED]
      • đŸŽŸïžLearn and win prizes #2 [PROMO ENDED]
  • đŸŸ©Difficulty: Easy
    • 🚀Learning Cyber Security
    • 🔁The Hacker Methodology
    • 🔍Google Dorking
      • Task 2 - Let's Learn About Crawlers
      • Task 4 - Beepboop - Robots.txt
      • Task 5 - Sitemaps
      • Task 6 - What is Google Dorking?
    • 🐝OWASP Top 10
      • Task 5 - Command Injection Practical
      • Task 7 - Broken Authentication Practical
      • Task 11 - Sensitive Data Exposure (Challenge)
      • Task 13 - XML External Entity - eXtensible Markup Language
      • Task 14 - XML External Entity - DTD
      • Task 16 - XML External Entity - Exploiting
      • Task 18 - Broken Access Control (IDOR Challenge)
      • Task 19 - Security Misconfiguration
      • Task 20 - Cross-site Scripting
      • Task 21 - Insecure Deserialization
      • Task 24 - Insecure Deserialization - Cookies
      • Task 25 - Insecure Deserialization - Cookies Practical
      • Task 30 - Insufficient Logging and Monitoring
    • 📡Nmap
      • Task 2 - Introduction
      • Task 3 - Nmap Switches
      • Task 5 - TCP Connect Scans
      • Task 6 - Scan Types SYN Scans
      • Task 7 - UDP Scans
      • Task 8 - NULL, FIN and Xmas
      • Task 9 - ICMP Network Scanning
      • Task 10 - NSE Scripts Overview
      • Task 11 - Working with the NSE
      • Task 12 - Searching for Scripts
      • Task 13 - Firewall Evasion
      • Task 14 - Practical
    • 📡RustScan
      • Task 2 - Installing RustScan
      • Task 5 - Extensible
      • Task 7 - Scanning Time!
      • Task 8 - RustScan Quiz
    • 🐙Crack the hash
    • 🌍OhSINT
    • 🧑‍🚀Vulnversity
    • 🧊Ice
    • đŸȘŸBlue
    • 🎄Advent of Cyber 4 (2022)
  • 🟹Difficulty: Medium
    • đŸȘŸAttacktive Directory
      • Task 3 - Welcome to Attacktive Directory
      • Task 4 - Enumerating Users via Kerberos
      • Task 5 - Abusing Kerberos
      • Task 6 - Back to the Basics
      • Task 7 - Elevating Privileges within the Domain
      • Task 8 - Flag Submission Panel
    • 💀Mr Robot CTF
    • 🛗Linux PrivEsc
    • 🛗Linux PrivEsc Arena [WIP]
    • 🛗Windows PrivEsc Arena
  • 🟧Difficulty: Hard
    • 🐘Hacking Hadoop [WIP]
  • đŸŸ„Difficulty: Insane
    • â›șYou're in a cave [WIP]
  • Blank Room (Duplicate Me)
Powered by GitBook
On this page
  • Video Walkthrough
  • Task 1 - Methodology Outline
  • What is the first phase of the Hacker Methodology?
  • Task 2 - Reconnaissance Overview
  • Who is the CEO of SpaceX?
  • Do some research into the tool: sublist3r, what does it list?
  • What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?
  • Task 3 - Enumeration and Scanning Overview
  • What does enumeration help to determine about the target?
  • Do some reconnaissance about the tool: Metasploit, what company developed it?
  • What company developed the technology behind the tool Burp Suite?
  • Task 4 - Exploitation
  • What is one of the primary exploitation tools that pentester(s) use?
  • Task 5 - Privilege Escalation
  • In Windows what is usually the other target account besides Administrator?
  • What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?
  • Task 6 - Covering Tracks
  • I read this section!
  • Task 7 - Reporting
  • What would be the type of reporting that involves a full documentation of all findings within a formal document?
  • What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality
  1. Difficulty: Easy

The Hacker Methodology

Introduction to the Hacker Methodology

PreviousLearning Cyber SecurityNextGoogle Dorking

Last updated 2 years ago

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Easy

Tags

Security, Methodology, Hacker Method, CEH

Video Walkthrough

Task 1 - Methodology Outline

What is the first phase of the Hacker Methodology?

Task 2 - Reconnaissance Overview

Who is the CEO of SpaceX?

Do some research into the tool: sublist3r, what does it list?

What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

Task 3 - Enumeration and Scanning Overview

What does enumeration help to determine about the target?

HINT: two words!

Do some reconnaissance about the tool: Metasploit, what company developed it?

What company developed the technology behind the tool Burp Suite?

Task 4 - Exploitation

What is one of the primary exploitation tools that pentester(s) use?

Task 5 - Privilege Escalation

In Windows what is usually the other target account besides Administrator?

What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?

HINT: SSH ____

Task 6 - Covering Tracks

I read this section!

No answer needed

Task 7 - Reporting

What would be the type of reporting that involves a full documentation of all findings within a formal document?

What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality

Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag

Reconnaissance

Elon Musk

subdomains

Google Dorking

Attack Surface

Rapid7

portswigger

Metasploit

System

Keys

full formal report

remediation recommendation

đŸŸ©
🔁
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
https://youtu.be/DoOw8boYwfQ
LogoTryHackMe | The Hacker MethodologyTryHackMe
https://tryhackme.com/room/hackermethodology