Scribd
Upload
17 views7 pages

Basic Pentesting

The Basic Pentesting room on TryHackMe is an introductory platform for beginners in ethical hacking, simulating a vulnerable Linux server to practice essential pentesting techniques. It covers information gathering, brute-forcing, enumeration, and privilege escalation in a safe environment. Users connect to the network, deploy the machine, and utilize tools like Nmap and dirb to explore and identify vulnerabilities in the system.

Uploaded by

gaxisi3544
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
17 views7 pages

Basic Pentesting

The Basic Pentesting room on TryHackMe is an introductory platform for beginners in ethical hacking, simulating a vulnerable Linux server to practice essential pentesting techniques. It covers information gathering, brute-forcing, enumeration, and privilege escalation in a safe environment. Users connect to the network, deploy the machine, and utilize tools like Nmap and dirb to explore and identify vulnerabilities in the system.

Uploaded by

gaxisi3544
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 7

Basic Pentesting

Table of Contents
Type chapter title (level 1)....................................................................................................................1
Type chapter title (level 2).......................................................................................................................2
Type chapter title (level 3)...................................................................................................................3
Type chapter title (level 1)....................................................................................................................4
Type chapter title (level 2).......................................................................................................................5
Type chapter title (level 3)...................................................................................................................6
Introduction

The Basic Pentesting room on TryHackMe is designed for beginners


who are starting their journey into ethical hacking and penetration
testing. The machine mimics a vulnerable Linux server with common
misconfigurations and weak credentials that often exist in real-world
systems. The goal is to gain access to user accounts, escalate privileges,
and understand the importance of securing every layer of a system.It
provides a safe, beginner-friendly environment to practice key concepts
such as:
• Information gathering (reconnaissance)
• Brute-forcing • Enumeration (services like SSH, HTTP)
• Privilege escalation
1.Deploy the machine and connect to our network

“Basic Pentesting” is a pentesting room in TryHackMe which covers


very basic pentesting techniques.
First, we connect to TryHackMe’s network using the OpenVPN
configuration file.

Command:openvpn nazeebnz976.ovpn
Then we click on "Start the machine" on the upper right side of the section.

IP Address: 10.201. 34.27

2. Find the services exposed by the machine

To find the services running on our target system we will use Nmap tool

Command: nmap -sC -sV-A : 10.201. 34.27

We get the following results:

We can see that services are:

1.SSH at port 22,HTTP at port 80,.SAMBA at port 139 & 445


3.Vist the webpage

You visited a target machine at 10.201.34.67, and the webpage only shows a “maintenance” message.
That’s just the surface — in pentesting, this means you should enumerate hidden directories, ports, or
services to find the real attack surface.

3.What is the name of the hidden directory on the web server?

To find the hidden directories on our web app we can use dirb
Command: dirb http://10.201. 34.27//usr/share/wordlists/dirb/common.txt

You might also like