Tryhackme - Red Team Recon

Tryhackme – Red Team Recon

In this walk through, we will be going through the Red Team Recon room from Tryhackme. This room will teach us how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target. On that note, let’s get started.

Red Team Recon

Task 1 – Introduction

Task 1 - Introduction

Task 1 - Introduction

Task 2 – Taxonomy of Reconnaissance

Task 2 - Taxonomy of Reconnaissance

Task 3 – Built-in Tools

Question 1 – When was thmredteam.com created (registered)? (YYYY-MM-DD)

whois thmredteam.com

whois

2021-09-24

Question 2 – To how many IPv4 addresses does clinic.thmredteam.com resolve?

host

2

Question 3 – To how many IPv6 addresses does clinic.thmredteam.com resolve?

2

Task 3 - Built-in Tools

Task 4 – Advanced Searching

Advanced Searching

Question 1 – How would you search using Google for xls indexed for http://clinic.thmredteam.com?

filetypeLxls site:clinic.thmredteam.com

Question 2 – How would you search using Google for files with the word passwords for http://clinic.thmredteam.com?

passwords site:clinic.thmredteam.com

Task 4 - Advanced Searching

Task 5 – Specialized Search Engines

Question 1 – What is the shodan command to get your Internet-facing IP address?

Shodan myip

shodan myip

Task 5 - Specialized Search Engines

Task 6 – Recon-ng

Question 1 – How do you start recon-ng with the workspace clinicredteam?

recon-ng

recon-ng -w clinicredteam

Question 2 – How many modules with the name virustotal exist?

virustotal module

2

Question 3 – There is a single module under hosts-domains. What is its name?

hosts-domains module

migrate_hosts

Question 4 – censys_email_address is a module that “retrieves email addresses from the TLS certificates for a company.” Who is the author?

censys email address module

Censys Team

Task 6 - Recon-ng

Task 7 – Maltego

Question 1 – What is the name of the transform that queries NIST’s National Vulnerability Database?

NIST NVD

NIST NVD

Question 2 – What is the name of the project that offers a transform based on ATT&CK?

ATT&CK -  MISP

MISP Project 

Task 7 - Maltego

Task 8 – Summary

Task 8 - Summary

Also Read: Tryhackme – Red Team Engagements

So that was “Red Team Recon” for you. In this room, we have learned how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target. We have covered the taxonomy of reconnaissance, some built in tools like whois, nslookup and traceroute. Further, we got into some Google Dorking and Shodan Searching. At last, we peeked into some of the famous Red Team Recon framework like Recon-ng and Maltego. On that note, i will take your leave and meet you in next one. So stay tuned and till then, “Hack the planet”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top