🔁The Hacker Methodology

Introduction to the Hacker Methodology

Room Attributes

Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Easy

Video Walkthrough

Task 1 - Methodology Outline

What is the first phase of the Hacker Methodology?

Reveal Flag 🚩

🚩Reconnaissance

Task 2 - Reconnaissance Overview

Who is the CEO of SpaceX?

Reveal Flag 🚩

🚩Elon Musk

Do some research into the tool: sublist3r, what does it list?

Reveal Flag 🚩

🚩subdomains

What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

Reveal Flag 🚩

🚩Google Dorking

Task 3 - Enumeration and Scanning Overview

What does enumeration help to determine about the target?

HINT: two words!

Reveal Flag 🚩

🚩Attack Surface

Do some reconnaissance about the tool: Metasploit, what company developed it?

Reveal Flag 🚩

🚩Rapid7

What company developed the technology behind the tool Burp Suite?

Reveal Flag 🚩

🚩portswigger

Task 4 - Exploitation

What is one of the primary exploitation tools that pentester(s) use?

Reveal Flag 🚩

🚩Metasploit

Task 5 - Privilege Escalation

In Windows what is usually the other target account besides Administrator?

Reveal Flag 🚩

🚩System

HINT: SSH ____

Reveal Flag 🚩

🚩Keys

Task 6 - Covering Tracks

I read this section!

No answer needed

Task 7 - Reporting

What would be the type of reporting that involves a full documentation of all findings within a formal document?

Reveal Flag 🚩

🚩full formal report

What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality

Reveal Flag 🚩

🚩remediation recommendation

PreviousLearning Cyber Security NextGoogle Dorking

Last updated 2 years ago

Video Walkthrough

Task 1 - Methodology Outline

What is the first phase of the Hacker Methodology?

Task 2 - Reconnaissance Overview

Who is the CEO of SpaceX?

Do some research into the tool: sublist3r, what does it list?

What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

Task 3 - Enumeration and Scanning Overview

What does enumeration help to determine about the target?

Do some reconnaissance about the tool: Metasploit, what company developed it?

What company developed the technology behind the tool Burp Suite?

Task 4 - Exploitation

What is one of the primary exploitation tools that pentester(s) use?

Task 5 - Privilege Escalation

In Windows what is usually the other target account besides Administrator?

What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?

Task 6 - Covering Tracks

I read this section!

Task 7 - Reporting

What would be the type of reporting that involves a full documentation of all findings within a formal document?

What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality

Video Walkthrough

Task 1 - Methodology Outline

What is the first phase of the Hacker Methodology?

Task 2 - Reconnaissance Overview

Who is the CEO of SpaceX?

Do some research into the tool: sublist3r, what does it list?

What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

Task 3 - Enumeration and Scanning Overview

What does enumeration help to determine about the target?

Do some reconnaissance about the tool: Metasploit, what company developed it?

What company developed the technology behind the tool Burp Suite?

Task 4 - Exploitation

What is one of the primary exploitation tools that pentester(s) use?

Task 5 - Privilege Escalation

In Windows what is usually the other target account besides Administrator?

What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?

Task 6 - Covering Tracks

I read this section!

Task 7 - Reporting

What would be the type of reporting that involves a full documentation of all findings within a formal document?

What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality