TryHackMe: Vulnerabilities 101 Write Up

This is a very very very very very easy room which meant for new users to understand vulnerabilities. This room is created by tryhackme and cmnatic.

Link to TryHackMe Vulnberabilities room: https://tryhackme.com/room/vulnerabilities101

Task 2 Introduction to Vulnerabilities

An attacker has been able to upgrade the permissions of their system account from “user” to “administrator”. What type of vulnerability is this?

Ans: Operating System

You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this?

Ans: Application Logic

Task 3 Scoring Vulnerabilities (CVSS & VPR)

What year was the first iteration of CVSS published?

Ans: 2005

If you wanted to assess vulnerability based on the risk it poses to an organization, what framework would you use?

Ans: VPR

If you wanted to use a framework that was free and open-source, what framework would that be?

Ans: CVSS

Task 4 Vulnerability Databases

Using NVD, how many CVEs were submitted in July 2021?

Ans: 1585

Who is the author of Exploit-DB?

Ans: Offensive Security

Task 5 An Example of Finding a Vulnerability

What type of vulnerability did we use to find the name and version of the application in this example?

Ans: Version Disclosure

Task 6 Showcase: Exploiting Ackme’s Application

Follow along with the showcase of exploiting ACKme’s application to the end to retrieve a flag. What is this flag?

Ans: Follow the steps and will get the flag.

And we are done.

I know this is a very easy and simple write-up. But who knows right? xD

Thank you for reading.