Tryhackme-How The Web Works

DNS in Detail

Task1 What is DNS?

1.What does DNS stand for?

Domain Name System

DNS(Domain Name System)

Task2 Domain Hierarchy

1.What is the maximum length of a subdomain?

63

2.Which of the following characters cannot be used in a subdomain ( 3 b _ - )?

—

3.What is the maximum length of a domain name?

253

子域名仅限于63个字符，只能使用a-z,0-9和-字符(不能以连字符开头或结尾，或具有连续连字符)，域名的总长度必须少于253个。

4.What type of TLD is .co.uk?

ccTLD

ccTLD-国家顶级域名

task3 Record Types

1.What type of record would be used to advise where to send email?

MX

MX记录解析到处理域的电子邮件的服务器的地址

2.What type of record handles IPv6 addresses?

AAAA

AAAA记录解析到IPv6地址

Task4 Making A Request

1.What field specifies how long a DNS record should be cached for?

TTL

2.What type of DNS Server is usually provided by your ISP?

Recursive

3.What type of server holds all the records for a domain?

authoritative

Task5 Practical

1.What is the CNAME of shop.website.thm?

shops.myshopify.com

2.What is the value of the TXT record of website.thm?

THM{7012BBA60997F35A9516C2E16D2944FF}

3.What is the numerical priority value for the MX record?

30

4.What is the IP address for the A record of www.website.thm?

10.10.10.10

HTTP in detail

Task1 What is HTTP(S)?

1.What does HTTP stand for?

HyperText Transfer Protocol

HTTP(HyperText Transfer Protocol 超文本传输协议)

2.What does the S in HTTPS stand for?

secure

3.On the mock webpage on the right there is an issue, once you’ve found it, click on it. What is the challenge flag?

THM{INVALID_HTTP_CERT}

Task2 Requests And Responses

1.What HTTP protocol is being used in the above example?

HTTP/1.1

2.What response header tells the browser how much data to expect?

Content-Length

Task3 HTTP Methods

1.What method would be used to create a new user account?

POST

2.What method would be used to update your email address?

PUT

3.What method would be used to remove a picture you’ve uploaded to your account?

DELETE

4.What method would be used to view a news article?

GET

PUT：一般是用于更新请求，比如更新个人信息、商品信息全量更新

PATCH：PUT 方法的补充,更新指定资源的部分数据

DELETE：用于删除指定的资源

OPTIONS: 获取服务器支持的HTTP请求方法,服务器性能、跨域检查等

CONNECT: 方法的作用就是把服务器作为跳板，让服务器代替用户去访问其它网页，之后把数据原原本本的返回给用户，网页开发基本不用这个方法，如果是http代理就会使用这个，让服务器代理用户去访问其他网页，类似中介

TRACE：回显服务器收到的请求，主要用于测试或诊断

task4 HTTP Status Codes

1.What response code might you receive if you’ve created a new user or blog post article?

201

2.What response code might you receive if you’ve tried to access a page that doesn’t exist?

404

3.What response code might you receive if the web server cannot access its database and the application crashes?

503

4.What response code might you receive if you try to edit your profile without logging in first?

401

Task5 Headers

1.What header tells the web server what browser is being used?

User-Agent

2.What header tells the browser what type of data is being returned?

Content-Type

3.What header tells the web server which website is being requested?

host

task6 Cookies

1.Which header is used to save cookies to your computer?

Set-Cookies

task7Making Requests

1.Make a GET request to /room

THM{YOU’RE_IN_THE_ROOM}

2.Make a GET request to /blog and using the gear icon set the id parameter to 1 in the URL field

THM{YOU_FOUND_THE_BLOG}

3.Make a DELETE request to /user/1

THM{USER_IS_DELETED}

4.Make a PUT request to /user/2 with the username parameter set to admin

THM{USER_HAS_UPDATED}

5.POST the username of thm and a password of letmein to /login

THM{HTTP_REQUEST_MASTER}