THM Jr Penetration Tester Pathway Guide
Here i will help you in your jr penetration tester pathway on THM.
Introduction to Cyber Security
Intro to Offensive Security
Q1. When you’ve transferred money to your account, go back to your bank account page. What is the answer shown on your bank balance page?
Ans-BANK-HACKED
Q2. If you were a penetration tester or security consultant, this is an exercise you’d perform for companies to test for vulnerabilities in their web applications; find hidden pages to investigate for vulnerabilities.
No Answer Needed
Q3. Terminate the machine by clicking the red “Terminate” button at the top of the page.
No Answer Needed
No answer neededNo answer neededIntro to Defensive Security
Which team focuses on defensive security?
Ans-Blue Team
What would you call a team of cyber security professionals that monitors a network and its systems for malicious events?
Ans- Security Operations Center
What does DFIR stand for?
Ans- Digital Forensics and Incident Response
Which kind of malware requires the user to pay money to regain access to their files?
Ans- ransomware
What is the flag that you obtained by following along?
Ans- THM{THREAT-BLOCKED}
Careers in Cyber
Introduction to Pentesting
Pentesting Fundamentals
No Answer Needed.q1. You are given permission to perform a security audit on an organisation; what type of hacker would you be?
Ans- White Hat
Q2. You attack an organisation and steal their data, what type of hacker would you be?
Ans- Black Hat
Q3. What document defines how a penetration testing engagement should be carried out?
Ans- Rules of Engagement
Q1. What stage of penetration testing involves using publicly available information?
Ans- Information Gathering
Q2. If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.
Ans- OSSTMM
Q3. What framework focuses on the testing of web applications?
Ans- OWASP
Q1. You are asked to test an application but are not given access to its source code - what testing process is this?
Ans- Black Box
Q2.You are asked to test a website, and you are given access to the source code - what testing process is this?
Ans- White Box
Q1. Complete the penetration test engagement against ACME’s infrastructure.
Ans- THM{PENTEST_COMPLETE}
Principles of Security
No Answer Needed.Q1. What element of the CIA triad ensures that data cannot be altered by unauthorised people?
Ans- integrity
Q2. What element of the CIA triad ensures that data is available?
Ans- availability
Q3. What element of the CIA triad ensures that data is only accessed by authorised people?
Ans- confidentiality
Q1. What does the acronym “PIM” stand for?
Ans- Privileged Identity Management
Q2. What does the acronym “PAM” stand for?
Ans- Privileged Access Management
Q3. If you wanted to manage the privileges a system access role had, what methodology would you use?
Ans- PAM
Q4. If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?
Ans- PIM
Q1. What is the name of the model that uses the rule “can’t read up, can read down”?
Ans- the bell-lapadula model
Q2. What is the name of the model that uses the rule “can read up, can’t read down”?
Ans- the biba model
Q3. If you were a military, what security model would you use?
Ans- the bell-lapadula model
Q4. If you were a software developer, what security model would the company perhaps use?
Ans- the biba model
Q1. What model outlines “Spoofing”?
Ans- stride
Q2. What does the acronym “IR” stand for?
Ans- incident response
Q3. You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?
Ans- tampering
Q4. An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this?
Ans- recovery
Introduction to Web Hacking
Walking An Application
No Answer Needed.No Answer Needed.Q1. What is the flag from the HTML comment?
Ans- THM{HTML_COMMENTS_ARE_DANGEROUS}
Q2. What is the flag from the secret link?
Ans- THM{NOT_A_SECRET_ANYMORE}
Q3. What is the directory listing flag?
Ans- THM{INVALID_DIRECTORY_PERMISSIONS}
Q4. What is the framework flag?
Ans- THM{KEEP_YOUR_SOFTWARE_UPDATED}
Q1. What is the flag behind the paywall?
Ans- THM{NOT_SO_HIDDEN}
Q1. What is the flag in the red box?
Ans- THM{CATCH_ME_IF_YOU_CAN}
Q1. What is the flag shown on the contact-msg network request?
Ans- THM{GOT_AJAX_FLAG}
Content Discovery
Q1. What is the Content Discovery method that begins with M?
Ans- Manually
Q2. What is the Content Discovery method that begins with A?
Ans- Automated
Q3. What is the Content Discovery method that begins with O?
Ans- OSINT
Q1. What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers?
Ans- /staff-portal
Q1. What framework did the favicon belong to?
Ans- cgiirc
What is the path of the secret area that can be found in the sitemap.xml file?
Ans- /s3cr3t-area
Q1. What is the flag value from the X-FLAG header?
Ans- THM{HEADER_FLAG}
Q1. What is the flag from the framework’s administration portal?
Ans- THM{CHANGE_DEFAULT_CREDENTIALS}
Q1. What Google dork operator can be used to only show results from a particular site?
Ans- site:
Q1. What online tool can be used to identify what technologies a website is running?
Ans- Wappalyzer
Q1. What is the website address for the Wayback Machine?
Ans- https://archive.org/web/
Q1. What is Git?
Ans- version control system
Q1. What URL format do Amazon S3 buckets end in?
Ans- .s3.amazonaws.com
Q1. What is the name of the directory beginning “/mo….” that was discovered?
Ans- /monthly
Q2. What is the name of the log file that was discovered?
Ans- /development.log
Subdomain Enumeration
Q1. What is a subdomain enumeration method beginning with B?
Ans- Brute Force
Q2. What is a subdomain enumeration method beginning with O?
Ans- OSINT
Q3. What is a subdomain enumeration method beginning with V?
Ans- Virtual Host
Q1. What domain was logged on crt.sh at 2020-12-26?
Ans- store.tryhackme.com
Q1. What is the TryHackMe subdomain beginning with B discovered using the above Google search?
Ans- blog.tryhackme.com
Q1. What is the first subdomain found with the dnsrecon tool?
Ans- api.acmeitsupport.thm
Q1. What is the first subdomain discovered by sublist3r?
Ans- web55.acmeitsupport.thm
Q1. What is the first subdomain discovered?
Ans- delta
Q2. What is the second subdomain discovered?
Ans- yellow
Burp Suite
Burp Suite: The Basics
Ans-No answer needed.Q1. Which edition of Burp Suite runs on a server and provides constant scanning for target web apps?
Ans- Burp Suite Enterprise
Q2. Burp Suite is frequently used when attacking web applications and ______ applications.
Ans- Mobile
Q1. Which Burp Suite feature allows us to intercept requests between ourselves and the target?
Ans- Proxy
Q2. Which Burp tool would we use to brute-force a login form?
Ans- Intruder
Q1. If you have chosen not to use the AttackBox, ensure that you have a copy of Burp Suite installed before proceeding.
Ans- No answer needed
Q1. What menu provides information about the actions performed by Burp Suite, such as starting the proxy, and details about connections made through Burp?
Ans- Event log
Q1. Which tab Ctrl + Shift + P will switch us to?
Ans- Proxy tab
Q1. In which category can you find a reference to a “Cookie jar”?
Ans- Sessions
Q2. In which base category can you find the “Updates” sub-category, which controls the Burp Suite update behaviour?
Ans- Suite
Q3. What is the name of the sub-category which allows you to change the keybindings for shortcuts in Burp Suite?
Ans- Hotkeys
Q4. If we have uploaded Client-Side TLS certificates, can we override these on a per-project basis (yea/nay)?
Ans- Yea
Q1. Click me to proceed to the next task.
Ans- No answer needed
Q1. Click me to proceed to the next task.
Ans- No answer needed
Q1. What is the flag you receive after visiting the unusual endpoint?
Ans-THM{NmNlZTliNGE1MWU1ZTQzMzgzNmFiNWVk}