CSEC-605

Network Monitoring and Penetration

Testing

Tryhackme - Jr Penetration Tester

000554427

Sreegar Prasad Ravi

1|Page
Table of Contents
Introduction to Cyber Security.................................................................................................................3
Introduction to Pentesting..........................................................................................................................3
Introduction to Web Hacking.................................................................................................................... 3
Network Security.............................................................................................................................................. 5
Vulnerability Research..................................................................................................................................6
Metasploit............................................................................................................................................................. 6
Privilege Escalation........................................................................................................................................ 7
Reflection.............................................................................................................................................................. 7
Certificate............................................................................................................................................................. 8

2|Page
Introduction to Cyber Security

This room introduces offensive security and defensive security in this module. It
uses gobuster in the first room to find hidden directories and pages, which can be
leveraged to find pages that regular users should not see. Then, for the defensive
security part, the room explained what a SOC is and how we can use a SIEM tool to
analyze logs. Finally, I learned about various positions present in the cybersecurity field,
like a digital forensic examiner or a malware analyst. I found both of these interesting.

Introduction to Pentesting

This room talks about principles of security. This room has content about
Privileged Identity Management (PIM) and Privileged Access Management, as well as
the difference between the two. Then I learnt about security models like Bell-LaPadula
and BIBA models, which are implemented according to the organisation's needs. Finally,
it gave an introduction to threat modelling and incident response, which I found helpful
when I did some blue team exercises.

Introduction to Web Hacking

This module is about basic exploits for web application vulnerabilities present in
the industry nowadays. On the first room I did some manual crawling for links, forms,
scripts in my browsers debugger tools like the page source or console, this taught me
how I can get information on vulnerabilities just by a passive information gathering
without the use of tools, this way I found ways to bypass paywalls, find hidden
directories etc. then I found out about wappalyzer which could be used to find out
frameworks, CMS, payment processors etc. in terms of OSINT, I learnt about google
dorking, how to make use of github be it to find vulnerabilities or how to use its verrsion
control to track changes in a file which will give me information on the people who are
working on a project and how to search for S3 buckets in the internet with their URL.

Then I learned how to brute-force hostname prefixes in order to find out sub-
domains of a website, which increased my attack surface. On the next room, I learned

3|Page
how to bypass authentication in websites, by leveraging wesbite error messages when
we enter a wrong username and trying different usernames until I get an valid
username and then using bruteforcing the passwords using that username, this made it
so easy because all the methods are just basic enumeration and basic bruteforcing
which is really powerful. Finally, I learned how to bypass authentication by tampering
with cookies, which can exploit vulnerabilities associated with plain text cookies by just
changing values in my browser’s debugger tool.

Next, I learned what IDOR was; it stands for Insecure Direct Object Reference,
and is a type of access control vulnerability, which can be exploited by changing object
IDs in URLs or API requests. The room also showed how to find IDs even if they are
encoded or hashed; we can use an online tool to see if the hash has been previously
discovered or not. So, at the end of the room, I found a hidden directory and information
just by manipulating object IDs.

In the file inclusion room, I learned about path traversal attacks using the dot-
dot-slash attack, which takes advantage of moving the directory one step up using the
double dots ../. Then, I carried out attacks that exposed local files or fetched remote files.

I then learned what SSRF is and the types of SSRF. An SSRF vulnerability can be
exploited to get unauthorised access to customer data and internal networks, which is a
critical vulnerability. Then I found out what kinds of URLs are vulnerable to SSRF and
how to defend against them using deny or allow lists for sensitive content.

The types of cross-site scripting were introduced next, but this part was easy
because of prior knowledge. Then I did some activities on a website to inject payloads
using shell commands and learned how to protect against such attacks, either by input
sanitisation or by minimal use of dangerous functions or libraries.

Finally, I used SQL injection to bypass authentication, which uses the blind SQLi
method, and I also learnt how to use SQLi to retrieve sensitive data from the database.

4|Page
Burp Suite

This module taught me how to leverage features in Burp Suite to intercept and
analyze web requests. Whether using the repeater to send similar requests with minor
modifications repeatedly, this can be used to test SQL injection vulnerabilities manually
or to bypass a WAF filter. Then I used the intruder in Burp Suite, which can be used to
craft payloads and launch cycles of payloads to test which one works. It is a fuzzing tool,
and there are different methods to do this, some of them are sniper, pitchfork, cluster
bomb, etc. Burp Suite also has other modules like the decoder, which is used for
transforming and analyzing encoded data, or the comparer, which is used to spot
differences between responses, and the sequencer, which is used to analyze the
randomness of tokens used in a website. I then found out Burp Suite has tons of
extensions that we can use to customise to our needs, and these extensions can be found
in the Bapp store.

Network Security

In this module, I learned how to use Nmap’s advanced port scan capabilities, and
one thing that caught my eye was the -sV line in an Nmap command, which gives us the
version number of a service. This was really useful in other tasks or CTf rooms, because
I could use the version number I found to search the internet for vulnerabilities
associated with the service. To make life easier, the Nmap scripting engine has scripts to
check vulnerabilities regarding a service, which explains the vulnerability scanning part
of Nmap. Next up in Protocols and servers, I studied core network protocols like HTTP,
FTP, POP3, SMTP, and IMAP. I learned how each protocol’s handshake, authentication,
and data transfer mechanisms work. Since these are clear-text protocols, they are
exposed to eavesdropping or MITM attacks. In order to mitigate that, SSH and SSL/TLS
are used. SSH can be used to secure the FTP protocol, which is SFTP, and SSL/TLS can be
used to secure HTTP traffic. Finally, I used all the knowledge I learned from this module
to do the netsec challenge, in which I used Nmap to retrieve information about ports,
and I leveraged my expertise on Nmap scripts to find the service versions and
vulnerabilities, then finally used Hydra to brute-force the passwords to the usernames
found when doing the challenge. One thing I learned from the challenge was the power
of advanced port scanning, because it can be used to avoid an IDS.

5|Page
Vulnerability Research

A vulnerability in cybersecurity is defined as a weakness or flaw in the design,

implementation, or behavior of a system or application. Vulnerabilities can be evaluated
and categorised for easier management. The Common Vulnerability Scoring System
scores each vulnerability according to some factors, and we can find these
vulnerabilities and their details in the NVD or Exploit-DB. There are two types of
vulnerability research: automated and manual. In automation, we can use tools like
Nessus or openVAS to look for vulnerabilities in our machines, websites, or the services
they use. The manual method involves traversing through vulnerability databases to
look for exploits associated with the services running on the target system. I used
Exploit.db and GitHub to find vulnerabilities for the CTF flags in other modules. In the
capstone module, I found the version of the CMS. I found a vulnerability in the
application, which I exploited so that I could remotely execute code on the application.

Metasploit

Metasploit is a vulnerability scanning and exploitation tool. We can use

msfvenom to generate payloads according to the parameters that we can set up, or use
the Metasploit database. Once we learn the ports and services running on a target
machine, we can run a vulnerability scan to identify some critical vulnerabilities using
Metasploit’s scanner module quickly. We can create payloads tailored to the
vulnerabilities found. This is possible with msfvenom, which can either be used to
access all the payloads available with Metasploit or make my payload.

Once the payload has been injected and run, we need to give it commands and
control it. For that, we need to run a Meterpreter session. Meterpreter runs on the target
system's memory, and it does so to avoid antivirus scans and to avoid being detected by
network-based IDS/IPS. Once we have attained the objective and the exploitation is
ended, we can use Meterpreter to kill processes, dump hashes, open shells, and migrate
to another method so that Meterpreter can interact with it.

6|Page
Privilege Escalation

A shell is the interface that we use when we interact with the operating system.
There are two kinds of shells: reverse shells and bind shells. With a reverse shell, the
target is forced to execute a code that connects back to my computer, but bind shells
open a port on the target system for my attack machine to connect to. The tool I learned
most about is Netcat, which I used a number of times for other CTF tasks. But
sometimes Netcat is not stable on its own, so we can stabilize it by using Python to
create a better-featured shell, or we can use rlwrap. I used Metasploit’s msfvenom to
generate payloads and its multi/handler module to catch Meterpreter and reverse
shells, and I found differences between staged and stageless payloads.

Reflection

I’ve picked up some hands-on skills and practical knowledge by finding hidden
pages with simple tools to analyzing logs in a SIEM, from mapping networks stealthily
with Nmap advanced port scans to crafting and testing exploits in Metasploit. I learned
how to gather data without getting caught by detection systems, whether by passive
OSINT or through customized Nmap scans, and then use that information to bypass web
logins, escalate privileges with scripts, or send phishing emails that were tailored. Some
steps, like automating scans or using extensions in Burp Suite, felt straightforward and
saved me so much time, while other parts, like tweaking scripts, took extra research. By
mixing manual tools like Hydra, LinPEAS, and GTFOBins, I’ve built confidence in each
stage of a pentest and know where to look for answers when doing blackbox testing.

7|Page
Certificate

8|Page