Vulnerabilities 101

THM Room https://tryhackme.com/room/vulnerabilities101

      • Read this task !

      No Answer

      • An attacker has been able to upgrade the permissions of their system account from "user" to "administrator". What type of vulnerability is this ? 

      Read the text if you don't know !

      Answer : Operating System

      • You manage to bypass a login panel using cookies to authenticate. What type of vulnerability is this ?

      Answer : Application Logic

      • What year was the first iteration of CVSS published ?

      Anwser : 2005

      • If you wanted to assess vulnerability based on the risk it poses to an organisation, what framework would you use ?

      Anwser : VPR

      • If you wanted to use a framework that was free and open-source, what framework would that be ?

      Anwser : CVSS

      • Using NVD, how many CVEs were submitted in July 2021 ?

      Visiting NVD for July 2021 (https://nvd.nist.gov/vuln/full-listing/2021/7) :


      Answer : 1585

      • Who is the author of Exploit-DB ?


      https://www.exploit-db.com/

      Answer : Offensive Security

      • What type of vulnerability did we use to find the name and version of the application in this example ?

      Answer : Version Disclosure

      TASK 6 : Showcase: Exploiting Ackme's Application

      • Follow along with the showcase of exploiting ACKme's application to the end to retrieve a flag. What is this flag? 

      Answer : THM{ACKME_ENGAGEMENT}

      • Continue on your learning with the additional rooms in this module. 

      No Answer