# The Hacker Methodology

{% embed url="<https://tryhackme.com/room/hackermethodology>" %}
<https://tryhackme.com/room/hackermethodology>
{% endembed %}

| Room Attributes       | Value                                                                  |
| --------------------- | ---------------------------------------------------------------------- |
| Subscription Required | <mark style="color:green;background-color:green;">False</mark> \[Free] |
| Type                  | Walkthrough                                                            |
| Difficulty            | <mark style="color:green;background-color:green;">Easy</mark>          |
| Tags                  | Security, Methodology, Hacker Method, CEH                              |

## Video Walkthrough <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

{% embed url="<https://youtu.be/DoOw8boYwfQ>" %}
<https://youtu.be/DoOw8boYwfQ>
{% endembed %}

## Task 1 - Methodology Outline <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### What is the first phase of the Hacker Methodology?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Reconnaissance`

</details>

## Task 2 - Reconnaissance Overview <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### Who is the CEO of SpaceX?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Elon Musk`

</details>

### Do some research into the tool: sublist3r, what does it list?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`subdomains`

</details>

### What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Google Dorking`

</details>

## Task 3 - Enumeration and Scanning Overview <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### What does enumeration help to determine about the target?

{% hint style="warning" %}
**HINT:** two words!
{% endhint %}

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Attack Surface`

</details>

### Do some reconnaissance about the tool: Metasploit, what company developed it?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Rapid7`

</details>

### What company developed the technology behind the tool Burp Suite?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`portswigger`

</details>

## Task 4 - Exploitation <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### What is one of the primary exploitation tools that pentester(s) use?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Metasploit`

</details>

## Task 5 - Privilege Escalation <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### In Windows what is usually the other target account besides Administrator?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`System`

</details>

### What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?

{% hint style="warning" %}
**HINT:** SSH \_\_\_\_
{% endhint %}

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Keys`

</details>

## Task 6 - Covering Tracks <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### I read this section!

{% hint style="success" %}
No answer needed
{% endhint %}

## Task 7 - Reporting <a href="#task-1-starting-your-first-machine" id="task-1-starting-your-first-machine"></a>

### What would be the type of reporting that involves a full documentation of all findings within a formal document?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`full formal report`

</details>

### What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`remediation recommendation`

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://thmflags.gitbook.io/thm-walkthroughs/difficulty-easy/the-hacker-methodology.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.