This room is an introduction to basic cybersecurity topics :
→ Web Application Security
→ Network Security
→ Learning Roadmap
Web Application Security
This room aims to help understand how a web application works. To attack a web app or to find vulnerabilities in one, it is absolutely necessary to understand the underlying functionality and how it works overall .
Once you have strong fundamentals, you’ll learn about the techniques and tools used in hacking sites in the other rooms.
Check out the Book Face site by clicking on the view site button
toggle using the blue circular dots present on the top-left.
In BookFace the username is also mentioned in the URL. Using this URL try to reset the password using the forgot password functionality {see in the url}.
In the screenshot, it is mentioned that the code is 4 digits. Try inputting random reset codes to try your luck. As the total number of possible combinations is 10,000 using a brute-forcing tool is beneficial(if there is no rate-limiting i.e. you will get blocked for making so many requests).
In the Brute-force tool enter maximum value 10,000 and minimum value 1 and press bruteForce button
On Completion you’ll get the correct OTP :
Enter the new password and voila the flag.
Questions: #Read the above and learn how to hack BookFace, TryHackMe’s vulnerable social media site. - No answer needed#What is the username of the BookFace account you will be taking over? - Ben.Spring #Hack the BookFace account to reveal this task’s answer! - THM{BRUT********}
Network Security
Understanding networking is super helpful if you want to understand cybersecurity.
It helps in identifying who and what on the network, reviewing network logs to monitor and track what users are up to.
Click on the view site option, and learn about how a retail company(Target) got hacked and had 110m credit cards stolen by the hackers!
It happened as the air conditioning units could be controlled remotely and a plus point being that is connected to the target's main network.
It means that “ an attacker could compromise the smart air conditioning unit and access other machines within the store, such as the checkout tills, which were also compromised to steal customers’ credit card information.”
It cost the target around $300 million in data breach lawsuits.
“The company even using $1.6 million on malware detection tool but attackers managed to fool the detection by pretending to be legitimate computer network traffic.”
Questions: #Read the above, and see how Target was hacked on the right hand side. - no answer needded#How much did the data breach cost Target? - 300 million
Learning Roadmap
TryHackMe offers 2 paths after the complete beginner path that teaches the computing basics and introduces some security techniques.
After completing the complete beginner path, enroll in either the Offensive Pentesting or the Cyber Defense path.
Happy Learning !! :)
