TryHackMe: Vulnerabilities 101 Write Up
This is a very very very very very easy room which meant for new users to understand vulnerabilities. This room is created by tryhackme and cmnatic.
Link to TryHackMe Vulnberabilities room: https://tryhackme.com/room/vulnerabilities101
Task 2 Introduction to Vulnerabilities
An attacker has been able to upgrade the permissions of their system account from “user” to “administrator”. What type of vulnerability is this?
Ans: Operating System
You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this?
Ans: Application Logic
Task 3 Scoring Vulnerabilities (CVSS & VPR)
What year was the first iteration of CVSS published?
Ans: 2005
If you wanted to assess vulnerability based on the risk it poses to an organization, what framework would you use?
Ans: VPR
If you wanted to use a framework that was free and open-source, what framework would that be?
Ans: CVSS
Task 5 An Example of Finding a Vulnerability
What type of vulnerability did we use to find the name and version of the application in this example?
Ans: Version Disclosure
Task 6 Showcase: Exploiting Ackme’s Application
Follow along with the showcase of exploiting ACKme’s application to the end to retrieve a flag. What is this flag?
Ans: Follow the steps and will get the flag.
And we are done.
I know this is a very easy and simple write-up. But who knows right? xD
Thank you for reading.