This room is an introduction to the main components of the Metasploit Framework. It can be accessed using the link: https://tryhackme.com/room/metasploitintro Task 2: Main Components of Metasploit Auxiliary: Any supporting module, such as scanners, crawlers and fuzzers, can be found here. Encoders: Encoders will allow you to encode the exploit and payload in the hope that…

This room aims to teach how to leverage Nmap for service and OS detection, use Nmap Scripting Engine (NSE), and save the results. This room can be accessed using this link: https://tryhackme.com/room/nmap04 Task 2: Service Detection The flag used for service detection is -sV. Its intensive can be controlled using the banner — version-intensity…

This room aims to teach advanced techniques such as null, FIN, Xmas, and idle (zombie) scans, spoofing, in addition to FW and IDS evasion. This room can be accessed using the link: https://tryhackme.com/room/nmap03 Task 2: TCP Null Scan, FIN Scan, and Xmas Scan Flags for Null, Fin and Xmas Scans are -sN, -sF, and -sX respectively. In a null scan…

This room aims to teach in-depth how Nmap TCP connect scan, TCP SYN port scan, and UDP port scan work. This room can be accessed at: https://tryhackme.com/room/nmap02 Task 1: Introduction Launch the AttackBox by using the Start AttackBox button. You will launch different types of scans against the target VM to gain a…

This room aims to teach how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan. It explains all types of scans in detail. This room can be accessed using the link: https://tryhackme.com/room/nmap01 Task 1: Introduction The important point of this task:

This room aims to teach the various ways of discovering subdomains to expand your attack surface of a target. We will learn about 3 different subdomain enumeration methodologies, which are Brute Force ( using DNSRecon and Sublister tool), OSINT ( using https://cert.sh website) and Virtual Hosts ( using ffuf tool). …

This room aims to understand and exploit a web server that is vulnerable to the Local File Inclusion (LFI) vulnerability. This room can be accessed using this link: https://tryhackme.com/room/lfi Task 1: Deploy Deploy the VM and access its web server: http://MACHINE_IP. Answer: No answer needed Task 2: Getting user access via LFI Look around the website. What is the name…

This room aims to teach how to detect and exploit XSS vulnerabilities, giving you control of other visitors’ browsers. This room can be accessed using this link: https://tryhackme.com/room/xssgi Task 1: Room Brief What does XSS stand for? Answer: Cross-Site Scripting Task 2: XSS Payloads Which document property could contain the user’s session token? Answer: document.cookie Which JavaScript method…