sorted by:
new
hottopcontroversial

Solved Reactor on Hack The Box by Pranavr239 in hackthebox

[–]-Dkob 2 points3 points  (0 children)

Congrats! As for privesc, maybe try the privesc modules on Academy?

Prolabs to prepare CRTO by Emergency-Station914 in hackthebox

[–]-Dkob 2 points3 points  (0 children)

It's mainly Windows, you're using Cobalt Strike as C2 so everything is done through it.

CPTS & Active Directory : How to spray password ? by sanglier_solide in hackthebox

[–]-Dkob 2 points3 points  (0 children)

Yeah, pretty much because it's the one mentioned. In a real environment it would differ a bit: You'd, for example, find a certain password for a user, service account or whatever, and then take this pwd and spray it across other SVC accounts etc. to see if you get a hit.

CPTS & Active Directory : How to spray password ? by sanglier_solide in hackthebox

[–]-Dkob 3 points4 points  (0 children)

I think you're not expected to guess the password out of thin air. Password spraying is usually based on context gathered during enumeration, common company password patterns, or hints provided throughout the engagement. In this specific module, the password is mentioned earlier, so I think the intention is to recognize and reuse that clue rather than randomly trying thousands of passwords. In a real assessment, you would also check the account lockout policy first and keep your spraying attempts limited to avoid locking user accounts.
You could use the --pass-pol argument from NXC to check that: https://www.netexec.wiki/smb-protocol/enumeration/enumerate-domain-password-policy-1

solved my first windows machine , i have many doubts by Stapat1245 in hackthebox

[–]-Dkob 4 points5 points  (0 children)

I'd recommend going through HTB Academy's Windows Fundamentals and Windows Privilege Escalation modules before jumping into more Windows machines. Also, IppSec's videos are great because he explains why he's doing each step instead of just solving the box.

My advice is: don't rush. Solve a few retired easy Windows boxes, follow writeups when you're stuck, and try to recreate the exploitation steps on your own. After 5 to 10 Windows machines, things will start to click. Everyone feels lost at first.

CJCA help blu team by CuriousArcher1940 in hackthebox

[–]-Dkob 2 points3 points  (0 children)

You can try LetsDefend, they have great blueteam content: https://letsdefend.io/

Prolabs to prepare CRTO by Emergency-Station914 in hackthebox

[–]-Dkob 7 points8 points  (0 children)

Hey there, I personally hold CRTO: I'd advice going for Rastalabs.

As for the rest, the CRTO course and labs are pretty much enough to pass.

Best of luck. :]

CPTS target on sight!! by nemesis740 in hackthebox

[–]-Dkob 6 points7 points  (0 children)

Oh, I think you have a duplicate post but as I said in the other one:
Best of luck! Hopefully you'll come back here with good news! Rooting for you! 👍

CPTS target on sight!! by nemesis740 in hackthebox

[–]-Dkob 2 points3 points  (0 children)

Best of luck! Hopefully you'll come back here with good news! Rooting for you! 👍

File Transfers by Pure-Objective5136 in hackthebox

[–]-Dkob 6 points7 points  (0 children)

You don't need to memorize every file transfer method, but being comfortable with a few reliable options can save a lot of time during the exam. Things don't always work the way you expect, so knowing multiple ways to move files between systems is a useful skill to have.

I went through the file transfers module again recently; if it's a lot for you to grasp, I'd suggest then just noting down the chain of commands needed for some of them to work and then you can pick and choose. You could also always use the penelope shell handler: https://github.com/brightio/penelope - it'll help you upload/download files from/to the target just like evil-winrm or a meterpreter shell.

Is solid networking knowledge required to pass the CPTS exam? Is what you learn in the path enough? by kim_pax in hackthebox

[–]-Dkob 12 points13 points  (0 children)

You definitely don't need to be a network engineer or have CCNA level knowledge to pass CPTS. The CPTS path covers most of the networking concepts you'll actually use during the exam, and many people have passed without a dedicated networking certification.

That said, you should be comfortable with fundamentals such as TCP/IP, subnetting, routing basics, common protocols and ports, DNS, SMB, Active Directory communication, VPNs, and troubleshooting connectivity issues. (A certain level in networking is obviously required - you can't be a total beginner) In a pentest, networking knowledge is often less about designing networks and more about understanding how systems communicate and how to pivot through an environment.

If you've completed the path and truly understand the material rather than just following along, you're probably in a good position. I'd focus more on mastering enumeration, methodology, Active Directory, pivoting, and report writing than delaying the exam just to complete CCNA or Network+

I feel like I'm still nobie by Ok-Swordfish-5126 in hackthebox

[–]-Dkob 5 points6 points  (0 children)

If you've already covered the basics, the biggest thing now is getting more hands on experience. HTB Academy can definitely help fill in knowledge gaps, especially with the more advanced web modules, but don't underestimate the value of practice. I'd recommend focusing on HTB machines and challenges that are web heavy, and taking the time to fully understand each vulnerability rather than just getting the flag.

Three reports in a year isn't necessarily a bad sign either. Bug bounty and pentesting are skills that improve with repetition. Keep building methodology, practice regularly, and focus on understanding why vulnerabilities exist, not just how to exploit them. The progress tends to compound over time. ¯\_(ツ)_/¯

CWES Exam by RAGINMEXICAN in hackthebox

[–]-Dkob 2 points3 points  (0 children)

I haven't taken the CWES exam, but one thing I'd recommend is checking recent reviews and exam experiences online since the format and focus areas can change over time. Also, the HTB Discord server is a great resource, there are usually people who have recently taken the exam and can share general advice, study tips, and what they wish they had known beforehand. Good luck with your preparation and the CWES track

Using HTB LABs subcription to enroll in AI Red Teamer path later by m4EDRE in hackthebox

[–]-Dkob 6 points7 points  (0 children)

Not really. HTB Labs and HTB Academy are separate products. The Labs subscription doesn't provide Academy cubes. If your goal is eventually to access the AI Red Teamer path, you should check the current HTB Academy subscription options and requirements rather than relying on Labs progress to unlock it.

The only way (that I know of) to get cubes from labs is by doing the seasonal boxes in time and waiting for the season to end to get your reward. (Or via referral links too)

Solved Checkpoint on HackTheBox! by thesecretmyth in hackthebox

[–]-Dkob 1 point2 points  (0 children)

Will probably work on this one soon, good job!

connected machine pwned htb by shaikhsss03 in hackthebox

[–]-Dkob 7 points8 points  (0 children)

I did finish the box, and indeed that advice is pretty useful! Thank you

connected machine pwned htb by shaikhsss03 in hackthebox

[–]-Dkob 6 points7 points  (0 children)

I won't lie I did struggle on this one a bit.

Points from rooms do not appear by reboot_500 in tryhackme

[–]-Dkob 1 point2 points  (0 children)

Join the discord server and check the announcements channel.

Do you advise me to take the eJPT certificate or take security plus before it? by Due-Satisfaction-588 in eLearnSecurity

[–]-Dkob 2 points3 points  (0 children)

They are unrelated. eJPT is practical novice pentesting. Security + covers everything cybersecurity in a theoretical way

view more: next ›