TryHackMe – Intro to Offensive Security – Walkthrough and Notes
The ‘Intro to Offensive Security’ room on TryHackMe is a beginner-friendly room that serves as a good, short introduction to the topic of cybersecurity. It’s a very short room that demonstrates the concept of offensive security.
I think that the main objective of ‘Intro to Offensive Security’ is to demonstrate that offensive thinking is an important tool when trying to secure any computer system. For example (the example demonstrated in the room), it’s easy to create a vulnerable web application if you don’t think about it from the perspective of an attacker.
This room can be found at: https://tryhackme.com/room/introtooffensivesecurity
About This Walkthrough/Disclaimer:
In this walkthrough I try to provide a unique perspective into the topics covered by the room. Sometimes I will also review a topic that isn’t covered in the TryHackMe room because I feel it may be a useful supplement.
I try to prevent spoilers by requiring a manual action (highlighting) to obtain all solutions. This way you can follow along without being handed the solution if you don’t want it. Always try to work as hard as you can through every problem and only use the solutions as a last resort.
Walkthrough for TryHackMe Intro to Offensive Security
Task 1 – Hacking your first machine
Task 1 – Question 1
When you’ve transferred money to your account, go back to your bank account page. What is the answer shown on your bank balance page?
The first goal of this lab is to find a hidden page on the web application. Once we find the hidden page, we can navigate to it using a web browser and try to hack it.
The walkthrough has us use a tool called gobuster to find web pages.
Any time we find a web server running on a target, we always want to use a brute forcing tool like gobuster to find pages. This isn’t just for ‘hidden’ pages; it can also help us to quickly identify all of the pages on a website without having to manually look for them in the web browser. This is such a common activity that there are several popular tools for this, including gobuster, dirb, and dirbuster, and most hackers have a preferred one (I like dirb).
In order to use gobuster, we have to give it a URL/URI as well as a wordlist.
The Kali VM that TryHackMe gives us to use already has a wordlist on the Desktop. In the screenshot below, you can see that I am first displaying the working directory using the ‘pwd‘ command, and then listing its contents using the ‘ls‘ command.
Note that the Desktop has a file called ‘wordlist.txt’. This is the wordlist that TryHackMe wants us to use with gobuster.
Next, we’ll use gobuster by providing it with the target URL (http://fakebank.com) and the wordlist:
gobuster -u http://fakebank.com -w wordlist.txt
The gobuster scan has identified two possible endpoints on the target: /images and /bank-transfer.
Note that /images returns a status code of 301, while /bank-transfer returns a status code of 200. The 200 status code means ‘OK’ and indicates that there is a page at that location that we can access.
We can navigate to /bank-transfer using a web browser using the URI ‘http://fakebank.com/bank-transfer’. This takes us to an admin portal where we can transfer funds and complete our nefarious assignment:
TryHackMe tells us the account numbers that we are working with, and how much to send in order to complete the task:
Navigate back to the home directory, and you should see the following message containing the answer to the question:
Answer (Highlight Below):
BANK-HACKED
Conclusion
This room is super short and sweet, but it demonstrates a few important concepts:
- Web servers are important targets for hackers.
- Attackers can use a brute-force scan like gobuster to identify pages on the website. These pages may not be intended to be accessed by outsiders, so they need to be defended.
- Poorly managed web applications can lead to really bad things. A bank like the one in the example wouldn’t last very long.
I enjoyed this little room. There are actually lots of extra things that you can do with it but I wanted to keep this walkthrough short and to the point for total beginners. Thanks go to ben and tryhackme!