Web Application Security

Click the green "View Site" button above and learn how to hack BookFace, TryHackMe's vulnerable social media site.

No answer needed.

What is the username of the BookFace account you will be taking over?

The second tab of the opened up window shows the mock-up website: Bookface In the mock-up browser we can see bookface-page of our "target". The address-bar shows name of their account:

Ben.Spring

Hack the BookFace account to reveal this task's answer!

Continue to the next tab of the opened up browser and enter the learned account name: Ben.Spring.

Clicking on the reset password button will lead to the next tab informing you that the reset-code for the account has been sent.

Continuing to the next site will open a prompt asking for the reset code sent to the user.

Entering a random code will lead to the next tab informing you that the code was incorrect.

Continuing to the next tab will open a simulation of a repeater. Enter 0 as minimum and 9999 as maximum and start the repeater. After you start the repeater it will run for a short while and then provide the correct code. Enter and submit a new password and you will be led to the last tab containing the required flag:

THM{BRUTEFORCING}

Network Security

Click the green "View Site" button above and see how Target was hacked on the right hand side.

No answer needed.

How much did the data breach cost Target?

After opening the mock-up site you get a surface overview of the target-hack back in 2013. The overview consists of 3 pages. The second page informs about the damages done by the hackers and provides the answer to the question:

$300 million

Learning Roadmap

Read the above

No answer needed.