# Common Attacks

{% embed url="<https://tryhackme.com/room/commonattacks>" %}
<https://tryhackme.com/room/commonattacks>
{% endembed %}

| Room Attributes       | Value                                                                  |
| --------------------- | ---------------------------------------------------------------------- |
| Subscription Required | <mark style="color:green;background-color:green;">False</mark> \[Free] |
| Type                  | Walkthrough                                                            |
| Difficulty            | <mark style="color:blue;background-color:blue;">Info</mark>            |
| Tags                  | Common Attacks, Security Awareness, Basics, Internet Safety            |

## Task 1 -  <mark style="color:blue;background-color:blue;">Information</mark>  Introduction

### Let's get started!

{% hint style="success" %}
No answer needed
{% endhint %}

## Task 2 - <mark style="color:orange;background-color:orange;">Common Attacks</mark> Social Engineering&#x20;

### Read the task information and watch the attached videos

{% hint style="success" %}
No answer needed
{% endhint %}

### What was the original target of Stuxnet?

{% hint style="warning" %}
**HINT:** Check the case study in the task
{% endhint %}

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`The Iran Nuclear Programme`

</details>

## Task 3 - <mark style="color:orange;background-color:orange;">Common Attacks</mark> Social Engineering: Phishing

### Click the green "View Site" button at the top of this task if you haven't already done so.

{% hint style="success" %}
No answer needed
{% endhint %}

### What is the flag?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`THM{I_CAUGHT_ALL_THE_PHISH}`

</details>

## Task 4 - <mark style="color:orange;background-color:orange;">Common Attacks</mark> Malware and Ransomware

### \[<mark style="color:purple;">Research</mark>] What currency did the Wannacry attackers request payment in?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Bitcoin`

</details>

## Task 5 - <mark style="color:orange;background-color:orange;">Common Attacks</mark> Passwords and Authentication&#x20;

### Click the green button at the start of the task to deploy the interactive hash brute-forcer!

{% hint style="success" %}
No answer needed
{% endhint %}

### Copy the list of passwords into the "Password List" field of the hash cracker, then click "Go"!

{% hint style="success" %}
No answer needed
{% endhint %}

### What is the password?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`TryHackMe123!`

</details>

### In the next task we will look at some of the common account protection measures, as well as how to generate secure passwords.

{% hint style="success" %}
No answer needed
{% endhint %}

## Task 6 - <mark style="color:green;background-color:green;">Staying Safe</mark> Multi-Factor Authentication and Password Managers

### Where you have the option, which should you use as a second authentication factor between SMS based TOTPs or Authenticator App based TOTPs (SMS or App)?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`App`

</details>

## Task 7 - <mark style="color:green;background-color:green;">Staying Safe</mark> Public Network Safety

### Deploy the interactive content by clicking the green button at the top of the task.

{% hint style="success" %}
No answer needed
{% endhint %}

### The interactive content for this task demonstrates what can happen if information is sent over a potentially unsafe network with various types of encryption (or lack thereof). There is no flag for this task, but you are encouraged to try each of the different scenarios, mixing and matching the options provided in the control box at the bottom right of the screen.

{% hint style="success" %}
No answer needed
{% endhint %}

## Task 8 - <mark style="color:green;background-color:green;">Staying Safe</mark> Backups

### What is the minimum number of up-to-date backups you should make?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`3`

</details>

### Of these, how many (at minimum) should be stored in another location?

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`1`

</details>

## Task 9 - <mark style="color:green;background-color:green;">Staying Safe</mark> Updates and Patches

### (Optional) Complete the [Blue](https://tryhackme.com/room/blue) room on TryHackMe to see the brutal effects of the Eternal Blue exploit in action against an unpatched machine for yourself!

{% hint style="success" %}
No answer needed
{% endhint %}

## Task 10 -  <mark style="color:blue;background-color:blue;">Information</mark>  Conclusion

### I have completed the Common Attacks room!

{% hint style="success" %}
No answer needed
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://thmflags.gitbook.io/thm-walkthroughs/difficulty-info/common-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.