Red Team Recon TryHackMe Writeups

This is a writeup for the room Red Team Recon on tryhackme here

Built-in Tools

When was thmredteam.com created (registered)? (YYYY-MM-DD)

2021-09-24, got from whois.

To how many IPv4 addresses does clinic.thmredteam.com resolve?

2, got from dig.

To how many IPv6 addresses does clinic.thmredteam.com resolve?

2, got from dig with -6 flag.

Advanced Searching

How would you search using Google for xls indexed for http://clinic.thmredteam.com?

filetype:xls site:clinic.thmredteam.com

How would you search using Google for files with the word passwords for http://clinic.thmredteam.com?

passwords site:clinic.thmredteam.com

Specialized Search Engines

What is the shodan command to get your Internet-facing IP address?

shodan myip

Recon-ng

How do you start recon-ng with the workspace clinicredteam?

recon-ng -w clinicredteam

How many modules with the name virustotal exist?

2, got from marketplace search virustotal

There is a single module under hosts-domains. What is its name?

migrate_hosts, got from marketplace search hosts-domains.

censys_email_address is a module that “retrieves email addresses from the TLS certificates for a company.” Who is the author?

Censys Team got from marketplace info censsys_email_addressses

Maltego

What is the name of the transform that queries NIST’s National Vulnerability Database?

NIST NVD

What is the name of the project that offers a transform based on ATT&CK?

MISP project