This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving.

The Hacker Methodology Room - Introduction to the Hacker Methodology

Overview

Learning Objectives

  • Key skills learned in this room:
    • Hacker Fundamentals
    • Hacker Keys

Walkthrough (Hints & Notes)

1. Methodology Outline

  • What is the first phase of the Hacker Methodology?

=> Answer: Reconnaissance

2. Reconnaissance Overview

  • Who is the CEO of SpaceX?

=> Answer: Elon Musk

  • Do some research into the tool: sublist3r, what does it list?

=> Answer: subdomains

  • What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

=> Answer: Google Dorking

3. Enumeration and Scanning Overview

  • What does enumeration help to determine about the target?

=> Answer: attack surface

  • Do some reconnaissance about the tool: Metasploit, what company developed it?

=> Answer: Rapid7

  • What company developed the technology behind the tool Burp Suite?

=> Answer: PortSwigger

4. Exploitation

  • What is one of the primary exploitation tools that pentester(s) use?

=> Answer: Metasploit

5. Privilege Escalation

  • In Windows what is usually the other target account besides Administrator?

=> Answer: System

  • What thing related to SSH could allow you to login to another machine (even without knowing the username or password)?

=> Answer: Keys

6. Covering Tracks

No hints needed.

7. Reporting

  • What would be the type of reporting that involves a full documentation of all findings within a formal document?

=> Answer: full formal report

  • What is the other thing that a pentester should provide in a report beyond: the finding name, the finding description, the finding criticality

=> Answer: remediation recommendation