TryHackMe – Putting It All Together – Complete Walkthrough
This page contains a walkthrough of the ‘Putting It All Together’ room on TryHackMe. This room covers essential topics for web applications, including components like load balancers, CDNs, Databases and WAFs, and also covers how web servers work.
This room can be found at: https://tryhackme.com/room/puttingitalltogether
Walkthrough
Task 1 – Putting It All Together
This first Task gives a brief review of what has been covered so far.
When you visit a website using a browser, the first thing that happens is your computer uses DNS to determine the correct IP address.
Once it has the right IP address, it uses the protocol stack that we’ve talked about in order to retrieve website data. These protocols include ethernet, internet protocol (IP), and transmission control protocol (TCP).
The website data itself includes HyperText Markup Language (HTML), Cascading Style Sheets (CSS), and JavaScript (JS) as well as image, video, or other data.
Question 1
I’ve read this…
Walkthrough:
This question/Task is a freebie.
Answer:
(Highlight below to find the answer):
No answer needed
Task 2 – Other Components
Load Balancers
High traffic websites need more than just a single server.
When traffic to a website increases to the point that one server’s resources are strained, a second server must be added to ensure that web data can be served effectively. Additional servers also provide redundancy in case one of the other servers go down. If your website is hosted on a single server and it crashes, your website won’t be accessible at all until the server is brought back online.
But the servers themselves can’t figure out how much traffic to send to one and how much to send to the other.
That’s where a load balancer comes in. A load balancer uses algorithms to calculate which server to use. Weighted load balancing looks at the current number of requests each server is dealing with and chooses the server with the lightest load. Round-robin load balancing works by simply alternating which server is used.
Load balancers also perform a health check for the servers, ensuring that the system remains ready and stable.
CDN (Content Delivery Networks)
A content delivery network, or CDN, is a system of servers that are located around the world and are used for serving static web data. The idea is that clients in different geographical locations are able to access servers that are close, rather than retrieving data from a server on the other side of the globe.
For example, a client in the US can access a server in the US, while another client in India who is trying to access the same data, can access a server located in India.
This can result in reduced page loading time because the data has less distance to travel and generally less hops to make between routers.
Databases
Even relatively simple websites often use databases to store data. Different types of databases have different features, but the important thing here is that databases are critical features of most websites.
WAF (Web Application Firewall)
A Web Application Firewall (WAF) is a firewall for the server. It sits between the client and server and protects the server against attacks. Like other firewalls, a WAF analyzes client behavior to determine malicious intent.
Question 1
What can be used to host static files and speed up a clients visit to a website?
Walkthrough:
Of the components listed above, only one is used improve page loading times by hosting static files in a geographically close location.
Answer:
(Highlight below to find the answer):
CDN
Question 2
What does a load balancer perform to make sure a host is still alive?
Walkthrough:
This action is completed by the load balancer to check the health of a server.
Answer:
(Highlight below to find the answer):
health check
Question 3
What can be used to help against the hacking of a website?
Walkthrough:
This component sits between the server and client and guards the server against attacks.
Answer:
(Highlight below to find the answer):
WAF
Task 3 – How Web Servers Work
What is a Web Server?
A web server is a piece of software that lives on a computer. We tend to think of servers as being a specific type of physical machine, but this is only partially true. Any computer can be a web server. What differentiates a server is that it runs web server software.
Common web server software includes Nginx, Apache, IIS, and NodeJS.
Servers deliver files from their root directory, which is defined in the software settings.
Virtual Hosts
Servers are capable of hosting any number of domains, not just one. If servers could only host a single website, starting a blog or website would be much more expensive.
But in order for servers to host multiple websites, they must have a way of differentiating between the different sites. Within the server, data for different websites are just stored in different locations, the same way we use different folders on our home computers. But servers need a way of mapping that location to the data requested by a client’s web browser.
To do this, servers use virtual hosts. The server checks the hostname that is being requested in the HTTP header and matches it against the domains that it hosts in order to identify the right one.
Static vs. Dynamic Content
When we saw the topic of CDNs earlier, we said that they store ‘static’ content. Static basically means that the content does not change; loading the page is a simple matter of pulling up the code, which is the same all the time. Note that this doesn’t mean it can’t be manually changed, just that there are no backend automatic changes occuring.
Dynamic content can change, and the results may depend on data from the client. One example is a website search page; because people can search for infinite terms, search results must be generated automatically. That’s why a search result page isn’t just a pre-made page, with one page corresponding for every potential search. A good search requires dynamic content.
Scripting and Backend Languages
We touched on front end vs. back end in the ‘How Websites Work‘ room.
The front end, or ‘client-side’ of a website includes everything that the client’s browser interprets: HTML, CSS, JS, media data, etc.
The back end, or ‘server-side’ is everything else- all of the supporting systems that enable the web app to be successfully displayed.
Dynamic content like a search function is an example of back end processing. In order for a search to be conducted and results displayed, backend programming must work to produce the data.
While the front end can be accessed via the source code, the back end cannot.
Question 1
What does web server software use to host multiple sites?
Walkthrough:
The server must somehow map the http request to the correct location.
Answer:
(Highlight below to find the answer):
Virtual Hosts
Question 2
What is the name for the type of content that can change?
Walkthrough:
This type of content is the dual of static content, which does not change.
Answer:
(Highlight below to find the answer):
Dynamic
Question 3
Does the client see the backend code? Yay/Nay
The client sees front end code.
Walkthrough:
Write up the walkthrough but NOT the answer (if possible)
Answer:
(Highlight below to find the answer):
Nay
Task 4 – Quiz
The last task consists of an interactive exercise.
To complete the exercise, you have to drag the options/function blocks over to the timeline in the correct order.
Question 1
Flag
Walkthrough:
If you’re having trouble, try working from the outside in; you can probably figure out the first and last blocks of the timeline and work your way in.
The hints below do contain spoilers so try to do the exercise yourself before relying on them!
Hint 1: The first several blocks deal with the initial request and DNS, because you need an IP address in order to know what server you’re looking for.
Hint 2: When you drag a block to the timeline, it will show a border that is either green or red. A green border signals that it is in the correct place. You can even click and drag the block but – without dropping it anywhere – hover over the timeline. The border will go green when the block is over the correct spot on the timeline.
Answer:
(Highlight below to find the answer):
THM{YOU_GOT_THE_ORDER}
Conclusion
This is a short and easy room, but contains some important information. Load balancing, CDNs, Databases and WAFs are important topics, each of which you could spend an entire career learning.
Task 3, ‘How Web Servers Work’, does a great job of introducing critical functions regarding web servers.
Like many of the rooms in the Pre-Security course on TryHackMe, this room covers a very brief overview of some important topics. Just enough to get you in trouble, as the saying goes.
Overall, I really enjoyed this room. A huge thanks to tryhackme and adamtlangley for putting this room together!
