# Introductory Researching
As your experience level increases, you will find that the things you're researching scale in their difficulty accordingly; however, in the field of information security, there will never come a point where you don't need to look things up.
We will be looking at the following topics:
* Vulnerability searching tools
* Linux manual pages
***
## Vulnerability Searching
Often in hacking you'll come across software that might be open to exploitation. For example, Content Management Systems (such as Wordpress, FuelCMS, Ghost, etc) are frequently used to make setting up a website easier, and many of these are vulnerable to various attacks. So where would we look if we wanted to exploit specific software?
The answer to that question lies in websites such as:
* [ExploitDB](https://www.exploit-db.com/)
* [NVD](https://nvd.nist.gov/vuln/search)
* [CVE Mitre](https://cve.mitre.org/)
NVD keeps track of CVEs (Common Vulnerabilities and Exposures) -- whether or not there is an exploit publicly available -- so it's a really good place to look if you're researching vulnerabilities in a specific piece of software. CVEs take the form: CVE-YEAR-IDNUMBER.
[ExploitDB](https://www.exploit-db.com/) tends to be very useful for hackers, as it often actually contains exploits that can be downloaded and used straight out of the box. It tends to be one of the first stops when you encounter software in a CTF or pentest.
If you're inclined towards the CLI on Linux, Kali comes pre-installed with a tool called "searchsploit" which allows you to search ExploitDB from your own machine. This is offline, and works using a downloaded version of the database, meaning that you already have all of the exploits already on your Kali Linux!
***
## Manual Pages
One of the many useful features of Linux is the inbuilt `man` command, which gives you access to the manual pages for most tools directly inside your terminal. Occasionally you'll find a tool that doesn't have a manual entry; however, this is rare. Generally speaking, when you don't know how to use a tool, `man` should be your first port of call.
We can also use the man pages to look for special switches in programs that make the program do other things.
***
## Google Dorking
Google has a lot of websites crawled and indexed. We can add operators such as that from programming languages to either increase or decrease our search results - or perform actions such as arithmetic!
Google will interpret everything in between these quotation marks as exact and only return the results of the exact phrase provided...Rather useful to filter through the rubbish that we don't need.
Google Dorking Cheat Sheet
***
## Answers
### Task 2
> In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?\
> Repeater
> What hash format are modern Windows login passwords stored in?\
> NTLM
> What are automated tasks called in Linux?\
> Cron Jobs
> What number base could you use as a shorthand for base 2 (binary)?\
> Base 16
> If a password hash starts with $6$, what format is it (Unix variant)?\
> sha512crypt
### Task 3
> What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?\
> CVE-2020–10385
> There was a Local Privilege Escalation vulnerability found in the *Debian* version of Apache Tomcat, back in 2016. What’s the CVE for this vulnerability?\
> CVE-2016–1240
> What is the very first CVE found in the VLC media player?\
> CVE-2007–0017
> If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use?\
> CVE-2019–18634
### Task 4
> What switch would you use to copy an entire directory?\
> -r
> What switch would you use to list the current partitions?\
> -l
> What switch would you use to make a backup when opening a file with nano?\
> -B
> What **command** would you use to start netcat in listen mode, using port 12345?\
> nc -l -p 12345
***
