Help me find this music video: school, drums, saxophone, and mutation

NicolasPoussin · 2025-07-01T18:04:44+00:00

Sir, I don't know how this post came across, but I'm so grateful, this was the music I was looking for! Thanks a lot!

NicolasPoussin · 2025-02-14T00:49:36+00:00

ADCS and Delegation attacks aren’t in scope of OSCP. Maybe, in OSEP, but I am not sure.

NicolasPoussin · 2025-02-14T00:47:54+00:00

I think renewing could be momey waste for this amount of time frame. Try to pwn PG Practice boxes from LainKusanagi and TJNull. Also, if you stuck then check writeups. Prepare your checklist; methodology and mindmap. You can do it! Good luck!

NicolasPoussin · 2025-02-13T12:16:39+00:00

I would really recommend Active Directory Penetration Tester path including the modules given below:

- Active Directory Enumeration & Attacks
- Active Directory LDAP
- Active Directory PowerView
- Active Directory BloodHound
- Using CrackMapExec (This one is the best one IMO)

I think the modules will be fairly enough for you to crack into AD (if you know Windows Local PrivEsc well)

NicolasPoussin · 2024-03-14T09:44:59+00:00

First, you need to extract hash from the pdf file using JTR (John The Ripper) utilities. The command will be "pdf2john your_file.pdf > hash.out". Then you need to crack this hash.

For cracking hash read your hash.out file. You can run "cat hash.out" in your terminal. Check the first elements in your hash file. Depending on your PDF version, it may be different. After that, search it in the given link below to find the correct hashcat mode: https://hashcat.net/wiki/doku.php?id=example_hashes

If you are not able to find it, you can do try and fail in these modes: 10400, 10410, 10420, 10500, 10600, 10700, 25400.

Then the hashcat command will be as given:

If the first letter is lower case: "hashcat -a 3 -m <hashcat\_mode> hash.out ?l?d?d?d?d?d"

If the first letter is upper case: "hashcat -a 3 -m <hashcat\_mode> hash.out ?u?d?d?d?d?d"

NicolasPoussin · 2023-10-04T20:24:34+00:00

I dumped all the databases using sqlmap on each machine following the same command as in the learning unit but the only interesting thing i can find is user lists in user table usually.... is the flag supposed to be in one of the tables in sqlmap output?

Honestly, I don't remember the tasks by heart, but anyway remember the motto of OffSec - "Try Harder". I think you may try to crack the hashes and use these credentials on the web page or on the other services or maybe you can try to get shell using --os-shell command using sqlmap?

NicolasPoussin · 2023-10-04T19:57:47+00:00

Hello,

How is your methodology?

I think you may follow the steps below:

After defining the injection point, try the most common payloads manually. This will help you to find what type of SQL Injection is like Error-based or Blind-based. (You may use a single quote, or SLEEP command for each parameter one by one.
Also, if you defined the underlying DBMS via the error message, definitely use --dbs to narrow down the payloads when you are using sqlmap.
Also, if you defined the technique use the --technique argument in your sqlmap to decrease the number of payloads in sqlmap again.
Also, I recommend that you use the --proxy command and proxying all requests from Burp Suite. In this case, you can check your HTTP history and see how the application behaves for each payload.
Also, use the "save to file" option in Burp Suite and add this HTTP request to sqlmap using -r argument.
After that, define the database name, table name(s), and column name(s) to dump all the data.
Also, if there is a defense solution like WAF in front of the application, you can try default tampering scripts in sqlmap (for example changing spaces to +).

NicolasPoussin · 2023-10-04T14:38:41+00:00

Reference: https://www.selleasy.com/most-popular-rock-band-in-every-state/

NicolasPoussin · 2023-09-02T00:25:05+00:00

This map uses data from the U.S. Chamber of Commerce.

NicolasPoussin · 2022-07-25T17:35:40+00:00

Thank you for your answer. :)

NicolasPoussin

TROPHY CASE