TryHackMe: Pentesting Fundamentals a Walkthrough
This is a step-by-step walkthrough of TryHackMe’s Pentesting Fundamentals room, with screenshots.
Task 1: What is Penetration Testing?
Question 1: No answer needed
Task 2: Penetration Testing Ethics
Question 2: You are given permission to perform a security audit on an organization; what type of hacker would you be?
Per THM: White Hat
Question 3: You attack an organization and steal their data, what type of hacker would you be?
Per THM: Black Hat
Question 4: What document defines how a penetration testing engagement should be carried out?
Per THM: Rules of Engagement
Task 3: Penetration Testing Methodologies
Question 5: What stage of penetration testing involves using publicly available information?
Per THM: Information Gathering
Question 6: If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.
Per THM: OSSTMM
Question 7: What framework focuses on the testing of web applications?
Per THM: OWASP
Task 4: Black box, White box, Grey box Penetration Testing
Question 8: You are asked to test an application but are not given access to its source code — what testing process is this?
Per THM: Black Box
Question 9: You are asked to test a website, and you are given access to the source code — what testing process is this?
Per THM: White Box
Task 5: Practical: ACME Penetration Test
Question 10: Complete the penetration test engagement against ACME’s infrastructure.
Step 1: Click “View Site”
Step 2: Read through each tab. Then click “Next”.
Step 3: Read and click “Next”.
Step 4: Read through. Enter the given IP address, 96.37.50.151, into the IP Address field and click “Scan Target”. Once complete, click “Next”.
Step 5: Read through then click “Next”.
Step 6: Read through, click “Next”.
Step 7: Read through, the flag is revealed. Copy and paste it into the answer field.
Thank you for reading. If you think I bring you value, please clap and subscribe for more content.