Intro to Offensive Security | Tryhackme
You guys can access this room through this link: https://tryhackme.com/room/introtooffensivesecurity
About This Walkthrough:
Task 1: What is Offensive Security?
The process of breaking into computer systems, exploiting software bugs, and finding loopholes in applications to gain unauthorized access to them. To beat a hacker, you need to behave like a hacker, finding vulnerabilities and recommending patches before a cybercriminal does, as you’ll do in this room!
Task 2: Hacking your first machine
Your first hack
Click the Start Machine button. Once loaded in Split View in your browser, you will have access to a machine you’ll use to hack a fake bank application called Fake Bank.
The first goal of this lab is to find a hidden page on the web application. Once we find the hidden page, we can navigate to it using a web browser and try to hack it.
Step 1) Open a terminal
Step 2) Find hidden website pages through Gobuster Command: gobuster -u <target> -w wordlist.txt dir
-u = to state the website we’re scanning
-w = a list of words to iterate through to find hidden pages
Here, we have find to URL's. Note that /images returns (Status: 301) while /bank-transfer returns (Status: 200). The 200 status code means OK and indicates that there is a page at that location that we can access.
You will see the page after entering the IP address.
Now navigate to /bank-transfer using the URI http://fakebank.com/bank-transfer. This takes us to an admin portal where we can transfer funds and complete our task.
Step 3) Hack the bank
When you’re finished you’ll see Success, transfer completed on the screen.
Question 1:
If your transfer was successful, you should now be able to see your new balance reflected on your account page. Go there now and confirm you got the money! (You may need to hit Refresh for the changes to appear)
Above your account balance, you should now see a message indicating the answer to this question. Can you find the answer you need?
Answer: BANK-HACKED
