Tryhackme - Pentesting Fundamentals

Tryhackme – Pentesting Fundamentals

In this walk through, we will be going through the Pentesting Fundamentals room from Tryhackme. This room will cover the important ethics and methodologies behind every pentest. So, let’s get started without any delay.

Pentesting Fundamentals

Task 1 – What is Penetration Testing?

Task 1 - What is Penetration Testing?

Task 2 – Penetration Testing Ethics

Question 1 – You are given permission to perform a security audit on an organisation; what type of hacker would you be?

White Hat

Question 2 – You attack an organisation and steal their data, what type of hacker would you be?

Black Hat

Question 3 – What document defines how a penetration testing engagement should be carried out?

Rules of Engagement
Task 2 - Penetration Testing Ethics

Task 3 – Penetration Testing Methodologies

Question 1 – What stage of penetration testing involves using publicly available information?

Information Gathering

Question 2 – If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.

OSSTMM

Question 3 – What framework focuses on the testing of web applications?

OWASP
Task 3 - Penetration Testing Methodologies

Task 4 – Black box, White box, Grey box Penetration Testing

Question 1 – You are asked to test an application but are not given access to its source code – what testing process is this?

Black box

Question 2 – You are asked to test a website, and you are given access to the source code – what testing process is this?

White box
Task 4 - Black box, White box, Grey box Penetration Testing

Task 5 – Practical: ACME Penetration Test

ACME has approached you for an assignment. They want you to carry out the stages of a penetration test on their infrastructure. View the site (by clicking the green button on this task) and follow the guided instructions to complete this exercise.

Rules of Engagement - Permission
Pentest Engagement
Rules of Engagement - Test Scope
Rules of Engagement - Rules
Information Gathering
Enumeration & Scanning
vulnerability scan
Exploitation
Post Exploitation
Pentest Report & Clearing-up

Question 1 – Complete the penetration test engagement against ACME’s infrastructure.

THM{PENTEST_COMPLETE}
Task 5 - Practical: ACME Penetration Test

Also Read: Tryhackme – OWASP Top 10 (2021)

So that was “Pentesting Fundamentals” for you. In this room, we have covered the important ethics and methodologies behind every pentest and much more. This was more of a theory room than a regular hands-on however the concepts are equally important to cover as practicals are. On that note, i will take your leave and will meet you in next one. Till then, “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top