> For the complete documentation index, see [llms.txt](https://thmflags.gitbook.io/thm-walkthroughs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://thmflags.gitbook.io/thm-walkthroughs/difficulty-easy/the-hacker-methodology.md).

# The Hacker Methodology

{% embed url="<https://tryhackme.com/room/hackermethodology>" %}
<https://tryhackme.com/room/hackermethodology>
{% endembed %}

| Room Attributes       | Value                                                                  |
| --------------------- | ---------------------------------------------------------------------- |
| Subscription Required | <mark style="color:green;background-color:green;">False</mark> \[Free] |
| Type                  | Walkthrough                                                            |
| Difficulty            | <mark style="color:green;background-color:green;">Easy</mark>          |
| Tags                  | Security, Methodology, Hacker Method, CEH                              |

## Video Walkthrough <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

{% embed url="<https://youtu.be/DoOw8boYwfQ>" %}
<https://youtu.be/DoOw8boYwfQ>
{% endembed %}

## Task 1 - Methodology Outline <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### What is the first phase of the Hacker Methodology?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Reconnaissance`

</details>

## Task 2 - Reconnaissance Overview <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### Who is the CEO of SpaceX?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Elon Musk`

</details>

### Do some research into the tool: sublist3r, what does it list?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`subdomains`

</details>

### What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Google Dorking`

</details>

## Task 3 - Enumeration and Scanning Overview <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### What does enumeration help to determine about the target?

{% hint style="warning" %}
**HINT:** two words!
{% endhint %}

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Attack Surface`

</details>

### Do some reconnaissance about the tool: Metasploit, what company developed it?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Rapid7`

</details>

### What company developed the technology behind the tool Burp Suite?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`portswigger`

</details>

## Task 4 - Exploitation <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### What is one of the primary exploitation tools that pentester(s) use?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Metasploit`

</details>

## Task 5 - Privilege Escalation <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### In Windows what is usually the other target account besides Administrator?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`System`

</details>

### What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?

{% hint style="warning" %}
**HINT:** SSH \_\_\_\_
{% endhint %}

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Keys`

</details>

## Task 6 - Covering Tracks <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### I read this section!

{% hint style="success" %}
No answer needed
{% endhint %}

## Task 7 - Reporting <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### What would be the type of reporting that involves a full documentation of all findings within a formal document?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`full formal report`

</details>

### What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`remediation recommendation`

</details>
