Passive Reconnaissance

• You visit the Facebook page of the target company, hoping to get some of their employee names. What kind of reconnaissance activity is this? (A for active, P for passive)

P

• You ping the IP address of the company webserver to check if ICMP traffic is blocked. What kind of reconnaissance activity is this? (A for active, P for passive)

A

• You happen to meet the IT administrator of the target company at a party. You try to use social engineering to get more information about their systems and network infrastructure. What kind of reconnaissance activity is this? (A for active, P for passive)

A

• When was TryHackMe.com registered?

20180705

• What is the registrar of TryHackMe.com?

namecheap.com

• Which company is TryHackMe.com using for name servers?

cloudflare.com

• Check the TXT records of thmlabs.com. What is the flag there?

THM{a5b83929888ed36acb0272971e438d78}

• Lookup tryhackme.com on DNSDumpster. What is one interesting subdomain that you would discover in addition to www and blog?

remote

• According to Shodan.io, what is the 2nd country in the world in terms of the number of publicly accessible Apache servers?

Germany

• Based on Shodan.io, what is the 3rd most common port used for Apache?

8080

• Based on Shodan.io, what is the 3rd most common port used for nginx?

808