TryHackMe: Vulnerabilities 101 Write Up

This is a very very very very very easy room which meant for new users to understand vulnerabilities. This room is created by tryhackme and cmnatic.

Link to TryHackMe Vulnberabilities room: https://tryhackme.com/room/vulnerabilities101

Task 2 Introduction to Vulnerabilities

An attacker has been able to upgrade the permissions of their system account from “user” to “administrator”. What type of vulnerability is this?

Ans: Operating System

You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this?

Ans: Application Logic

Task 3 Scoring Vulnerabilities (CVSS & VPR)

What year was the first iteration of CVSS published?

Ans: 2005

If you wanted to assess vulnerability based on the risk it poses to an organization, what framework would you use?

Ans: VPR

If you wanted to use a framework that was free and open-source, what framework would that be?

Ans: CVSS

Task 4 Vulnerability Databases

Using NVD, how many CVEs were submitted in July 2021?

Ans: 1585

Who is the author of Exploit-DB?

Ans: Offensive Security

Task 5 An Example of Finding a Vulnerability

What type of vulnerability did we use to find the name and version of the application in this example?

Ans: Version Disclosure

Task 6 Showcase: Exploiting Ackme’s Application

Follow along with the showcase of exploiting ACKme’s application to the end to retrieve a flag. What is this flag?

Ans: Follow the steps and will get the flag.

And we are done.

I know this is a very easy and simple write-up. But who knows right? xD

Thank you for reading.

--

--

--

Just learning, together we are strong.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Automated Security Testing for Developers

Few ways to explain what is zero-knowledge and why it is so important.

Barbell Strategy for Security Decisions

Weight lifter preparing to lift a barbell

3 Million Reasons Bug Bounty Programs are a Win-Win

Targetting User Accounts and websites with Forgot Password.

Qnode Protocol Digest 003: AMA AND REWARD POOL.

PANDORA 1 Day to go

LITH TOKEN: One of the Top Remaining Small-Cap Opportunities In Crypto for 2022

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cursemagic

Cursemagic

Just learning, together we are strong.

More from Medium

TryHackMe Writeup  — Team (Easy)

THM — Steel Mountain

RootMe Writeup

TryHackMe Writeup-GameZone