Introduction
The post is a guide to solving the Basic Pentesting” challenge on TryHackMe, focusing on beginner-friendly penetration testing techniques and basics. The tutorial emphasizes understanding the basic methodology of penetration testing: reconnaissance, exploitation, enumeration, and privilege escalation. This structure, along with simple commands and techniques, forms a foundation for more complex scenarios.
HackTheBox Certified Penetration Testing Specialist Study Notes
What is Penetration Testing
Penetration testing, or “pen testing,” is a security assessment process where cybersecurity professionals simulate real-world attacks on a computer system, network, or web application to identify vulnerabilities. The goal is to uncover and address security weaknesses before malicious hackers exploit them. Here’s an overview:
1. Purpose of Penetration Testing
- Identify Vulnerabilities: Pinpoint weaknesses in an organization’s infrastructure, applications, and configurations.
- Improve Security Posture: Offer insights for strengthening defenses and mitigating risks.
- Compliance and Assurance: Many industries require regular pen tests to meet security compliance standards (e.g., PCI-DSS for payment systems).
2. Types of Penetration Testing
- Network Penetration Testing: Targets network infrastructure, assessing firewall, router, and server security.
- Web Application Penetration Testing: Focuses on web apps, testing for vulnerabilities like SQL injection, XSS (Cross-Site Scripting), and authentication weaknesses.
- Social Engineering: Tests human factors by attempting to manipulate employees into revealing sensitive information.
- Wireless Penetration Testing: Assesses the security of Wi-Fi networks, ensuring strong encryption and configuration.
- Physical Penetration Testing: Evaluates physical security, such as entry points, ID checks, and access control mechanisms.
3. Stages of Penetration Testing
- Planning and Reconnaissance: Define the scope and gather information (e.g., IP addresses, software details).
- Scanning: Identify entry points by examining the target’s response to various inputs.
- Gaining Access: Attempt to exploit vulnerabilities to gain unauthorized access.
- Maintaining Access: Simulate advanced attacks to see how long access can be sustained.
- Analysis and Reporting: Document findings, analyze results, and provide recommendations.
4. Penetration Testing Tools
- Nmap: A tool for network discovery and security auditing.
- Metasploit: A framework for developing and executing exploit code.
- Burp Suite: A toolkit for web application security testing.
- Wireshark: A network protocol analyzer for capturing and inspecting data packets.
- OWASP ZAP: An open-source tool for finding vulnerabilities in web applications.
5. Importance of Penetration Testing
- Proactive Security: Finds and fixes vulnerabilities proactively, reducing the risk of cyberattacks.
- Protects Sensitive Data: Ensures that sensitive data remains secure by identifying risks before they can be exploited.
- Continuous Improvement: Regular testing helps maintain a robust security posture as technologies and threats evolve.
6. Challenges in Penetration Testing
- Scope Creep: Expanding beyond the initially defined scope, which can make results unfocused.
- False Positives: Incorrectly identifying vulnerabilities that aren’t truly exploitable.
- Resource-Intensive: Requires time, skilled personnel, and specialized tools, which can be costly for organizations.
Penetration Testing Methodology
Initial Reconnaissance:
- Nmap Scan: The first step is an aggressive Nmap scan to detect open ports and services, revealing SSH (port 22), HTTP (port 80), and Apache Tomcat services running on ports 8009 and 8080.
- SMB Enumeration: The SMB service is accessed using tools like
enum4linuxandsmbclient, discovering an anonymous share containing a file calledstaff.txt.
SMB File Retrieval:
- The
staff.txtfile from the SMB share contains a hint about possible usernames. A username, “K,” is identified, suggesting the possibility of additional accounts or further user details to find.
Further Enumeration:
- The video demonstrates using directory search tools to identify possible web server directories, while the focus shifts to using credentials on different services.
- Identifying Users: Through additional SMB directory exploration, another user, “Jane,” is identified alongside “K.”
Password Cracking:
- A password-cracking tool (
John the Ripper) is used to test common passwords against Jane’s account, eventually revealing her password. SSH access as Jane is then achieved using these credentials.
Privilege Escalation:
- As Jane, the video shows exploring file permissions and discovering
id_rsa, an SSH private key for user “K.” - The private key is downloaded, and the password-protected hash is cracked to reveal K’s login credentials, enabling SSH access as K.
Root Access:
- With K’s credentials, a
sudo -lcommand reveals full privileges on the system. Thesudo sucommand is used to switch to the root user, achieving full control over the system.
Room Answers | TryHackMe Basic Pentesting Walkthrough
What is the name of the hidden directory on the web server(enter name without /)?
development
User brute-forcing to find the username & password
No answer needed
What is the username?
jan
What is the password?
armando
What service do you use to access the server(answer in abbreviation in all caps)?
SSH
Enumerate the machine to find any vectors for privilege escalation
No answer needed
What is the name of the other user you found(all lower case)?
kay
If you have found another user, what can you do with this information?
No answer needed
What is the final password you obtain?
heresareallystrongpasswordthatfollowsthepasswordpolicy$$
