Introduction

Vulnerability Research is a three rooms challenge and part of the Junior Penetration Tester pathway

We covered exploiting vulnerabilities and vulnerability capstone rooms as part of TryHackMe Junior Penetration Tester pathway.

Cybersecurity is big business in the modern-day world. The hacks that we hear about in newspapers are from exploiting vulnerabilities. In this room, we’re going to explain exactly what a vulnerability is, the types of vulnerabilities and how we can exploit these for success in our penetration testing endeavours.

An enormous part of penetration testing is knowing the skills and resources for whatever situation you face. This room is going to introduce you to some resources that are essential when researching vulnerabilities, specifically, you are going to be introduced to:

  • What vulnerabilities are
  • Why they’re worthy of learning about
  • How are vulnerabilities rated
  • Databases for vulnerability research
  • A showcase of how vulnerability research is used on ACKme’s engagement

Get OSCP Certificate Notes

A vulnerability in cybersecurity is defined as a weakness or flaw in the design, implementation or behaviours of a system or application. An attacker can exploit these weaknesses to gain access to unauthorised information or perform unauthorised actions. The term “vulnerability” has many definitions by cybersecurity bodies. However, there is minimal variation between them all.

For example, NIST defines a vulnerability as “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source”.

Vulnerabilities can originate from many factors, including a poor design of an application or an oversight of the intended actions from a user.

Manual scanning for vulnerabilities is often the weapon of choice by a penetration tester when testing individual applications or programs. In fact, manual scanning will involve searching for the same vulnerabilities and uses similar techniques as automated scanning.

Answers

An attacker has been able to upgrade the permissions of their system account from “user” to “administrator”. What type of vulnerability is this?

You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this?

What year was the first iteration of CVSS published?

If you wanted to assess vulnerability based on the risk it poses to an organisation, what framework would you use?

Note: We are looking for the acronym here.

If you wanted to use a framework that was free and open-source, what framework would that be?

Note: We are looking for the acronym here.

Using NVD, how many CVEs were submitted in July 2021?

Who is the author of Exploit-DB?

What type of vulnerability did we use to find the name and version of the application in this example?
Follow along with the showcase of exploiting ACKme’s application to the end to retrieve a flag. What is this flag?
You are working close to a deadline for your penetration test and need to scan a web application quickly. Would you use an automated scanner? (Yay/Nay)

You are testing a web application and find that you are able to input and retrieve data in a database.  What vulnerability is this?

You manage to impersonate another user. What vulnerability is this?

What website would you use as a security researcher if you wanted to upload a Proof of Concept?

You are performing a penetration test at a site with no internet connection. What tool could you use to find exploits to use?

What type of vulnerability was used in this attack?
Find out the version of the application that is running. What are the name and version number of the application?
Now use the resources and skills from this module to find an exploit that will allow you to gain remote access to the vulnerable machine.

Use this exploit against the vulnerable machine. What is the value of the flag located in a web directory?

What is the name of the application running on the vulnerable machine?

What is the version number of this application?

What is the number of the CVE that allows an attacker to remotely execute code on this application?

Format: CVE-XXXX-XXXXX

Use the resources & skills learnt throughout this module to find and use a relevant exploit to exploit this vulnerability.

Note: There are numerous exploits out there that can be used for this vulnerability (some more useful than others!)

What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine.

Video Walk-through