• We suggest you start the AttackBox and experiment with every command and tool we demonstrate. 

No Answer

• Ensure you have a clear understanding of the different types of recon activities before proceeding. 

No Answer

• When was thmredteam.com created (registered)? (YYYY-MM-DD) 

root@ip-10-10-52-65:~# whois thmredteam.com
   Domain Name: THMREDTEAM.COM
   Registry Domain ID: 2643258257_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.namecheap.com
   Registrar URL: http://www.namecheap.com
   Updated Date: 2021-10-13T20:54:46Z
   Creation Date: 2021-09-24T14:04:16Z
   Registry Expiry Date: 2022-09-24T14:04:16Z
   Registrar: NameCheap, Inc.
   Registrar IANA ID: 1068
   Registrar Abuse Contact Email: [email protected]
   Registrar Abuse Contact Phone: +1.6613102107
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: KIP.NS.CLOUDFLARE.COM
   Name Server: UMA.NS.CLOUDFLARE.COM
   DNSSEC: unsigned

Answer : 2021-09-24

•  To how many IPv4 addresses does clinic.thmredteam.com resolve?
  

C:\Users\Administrateur>nslookup clinic.thmredteam.com
Serveur :   one.one.one.one
Address:  1.1.1.1

Réponse ne faisant pas autorité :
Nom :    clinic.thmredteam.com
Addresses:  2606:4700:3034::ac43:d4f9
          2606:4700:3034::6815:5da9
          104.21.93.169
          172.67.212.249

Answer : 2

• To how many IPv6 addresses does clinic.thmredteam.com resolve?

 Answer : 2

• How would you search using Google for xls indexed for http://clinic.thmredteam.com?

Answer : filetype:xls site:clinic.thmredteam.com-

• How would you search using Google for files with the word passwords for http://clinic.thmredteam.com?

Answer : passwords site:clinic.thmredteam.com

• What is the shodan command to get your Internet-facing IP address?

Answer : shodan myip

• How do you start recon-ng with the workspace clinicredteam? 

Answer : recon-ng -w clinicredteam

• How many modules with the name virustotal exist?

[recon-ng][thmredteam] > marketplace search virustotal
[*] Searching module index for 'virustotal'...

  +---------------------------------------------------------------------------------+
  |               Path               | Version |     Status    |  Updated   | D | K |
  +---------------------------------------------------------------------------------+
  | recon/hosts-hosts/virustotal     | 1.0     | not installed | 2019-06-24 |   | * |
  | recon/netblocks-hosts/virustotal | 1.0     | not installed | 2019-06-24 |   | * |
  +---------------------------------------------------------------------------------+

  D = Has dependencies. See info for details.
  K = Requires keys. See info for details.

Answer : 2

• There is a single module under hosts-domains. What is its name?

[recon-ng][thmredteam] > marketplace info hosts-domains

  +--------------------------------------------------------------------------------------+
  | path          | recon/hosts-domains/migrate_hosts                                    |
  | name          | Hosts to Domains Data Migrator                                       |
  | author        | Tim Tomes (@lanmaster53)                                             |
  | version       | 1.1                                                                  |
  | last_updated  | 2020-05-17                                                           |
  | description   | Adds a new domain for all the hostnames stored in the 'hosts' table. |
  | required_keys | []                                                                   |
  | dependencies  | []                                                                   |
  | files         | ['suffixes.txt']                                                     |
  | status        | not installed                                                        |
  +--------------------------------------------------------------------------------------+

Answer : migrate_hosts

censys_email_address is a module that “retrieves email addresses from the TLS certificates for a company.” Who is the author?

[recon-ng][thmredteam] > marketplace info censys_email_address

  +-----------------------------------------------------------------------------------------------------------------------------------+
  | path          | recon/companies-contacts/censys_email_address                                                                     |
  | name          | Censys emails by company                                                                                          |
  | author        | Censys Team                                                                                                       |
  | version       | 2.0                                                                                                               |
  | last_updated  | 2021-05-11                                                                                                        |
  | description   | Retrieves email addresses from the TLS certificates for a company. Updates the 'contacts' table with the results. |
  | required_keys | ['censysio_id', 'censysio_secret']                                                                                |
  | dependencies  | ['censys>=2.0.0']                                                                                                 |
  | files         | []                                                                                                                |
  | status        | not installed                                                                                                     |
  +-----------------------------------------------------------------------------------------------------------------------------------+

Answer : Censys Team

• What is the name of the transform that queries NIST’s National Vulnerability Database? 

 

Answer : NIST NVD

• What is the name of the project that offers a transform based on ATT&CK?

Answer : MISP Project