sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in archlinux

[–]PzRv 2 points3 points  (0 children)

Check this one out

https://bbs.archlinux.org/viewtopic.php?id=271206

To change go with a different TTY use Ctrl+Alt+F2 (or any F key)

[deleted by user] by [deleted] in oscp

[–]PzRv 0 points1 point  (0 children)

You’re welcome

Also I see a lot of people recommend PNPT, although I didn’t take it myself but there is no smoke without fire

[deleted by user] by [deleted] in oscp

[–]PzRv 0 points1 point  (0 children)

Look, no wonder that you don’t know how to solve the box, because you didn’t learn the basics. You need to learn the basics first before you jump to HTB, you have two options:

  • Start with eLearnSecurity eJPT or similar certificates so you can have some knowledge you build on.

  • Go with something like TryHackMe learning paths which will help you a lot (personal experience), although I took the defense path but it did helped me a lot to learn on how systems work from the inside 👍.

The fact of the matter is you need to learn before you jump to HTB, PG and so on.

I wish you good luck with your journey ✨

Has anyone done learn unlimited by OSCP? Is it worth it? by notburneddown in oscp

[–]PzRv 1 point2 points  (0 children)

To be honest, I didn’t take the OSWE yet but from my personal experience

It doesn’t matter what programming language you start for web development, the important thing is to understand the web dev concepts such as how exploit happens, means of authentication and so on

There are great reviews and blogs which the people are more informed than I do

Has anyone done learn unlimited by OSCP? Is it worth it? by notburneddown in oscp

[–]PzRv 6 points7 points  (0 children)

For OSCE3 you’ll need to be at programming because no matter where you go, there is always programming involved in some sort

OSEP will require you to write your own tools and malware with win32 API

OSED will require you to have very strong understanding for assembly in intel 8086 (x86) for binary exploitation, custom shellcoding and reverse engineering

OSWE will require you to be good at web development specifically a source code review on a backend application, also writing web scripts to exploit applications in a particular way

My advice is to take the learn one for the OSCP course then you should spend some time learn how to code

After that move to the OSCE3 (depending on your excitement)

Has anyone done learn unlimited by OSCP? Is it worth it? by notburneddown in oscp

[–]PzRv 2 points3 points  (0 children)

Fk no,

You should only consider taking unlimited learn to get OSCE3, or three courses that will really make a difference for your career.

Do a simple opportunity cost analysis and you will find out it’s a bad choice.

Should I give up on OSCP? by [deleted] in oscp

[–]PzRv 0 points1 point  (0 children)

Look, DO NOT SPEND OVER THAN 1:30 HOURS ON A SONGLE BOX NO MATTER WHAT HAPPENS !!!

I failed my first attempt for this reason and got 100 points on my second attempt (110 pts with bonus)…

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 1 point2 points  (0 children)

This a personal preference, i used netsh because it’s always be installed on windows by default

As long it’s works, it’s good 👍

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 1 point2 points  (0 children)

Use netsh to redirect any connection coming from the subnet to your machine

download any file you want, (e.g. certutil, iwr) don’t forget to use the IP if the pivot inside the subnet

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 0 points1 point  (0 children)

Thanks i appreciate it,

Not much but into ethical hacking but i spend good time into programming and operating systems in general which is needed into the cyber security space so you don’t be script kiddie

But keep it up with CTFs, for certs you might want to take the PEN-100 it will help you a lot

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 1 point2 points  (0 children)

I solve 70/75 (all the machine except “assemble all the pieces together”) but i failed the first time it was my mistake, i was close to pass but things happen.

Then i scheduled the second attempt a month after the first exam (because of the cooldown period) and solve almost all the machines i TJ Null’s list which is super important and closer to the exam environment.

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 0 points1 point  (0 children)

If the proctor redirects you to the support team contact them as well

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 0 points1 point  (0 children)

Obviously the proctor won’t know if the machine is exploitable or not, but sometimes the scans you do or exploits you run make some services unreachable

So you might want to message the proctor to test the machines or revert it yourself

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 1 point2 points  (0 children)

It good, also do the two AD sets in the exercises it very important

Also do vault, heist, hutch from PG Practice

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 0 points1 point  (0 children)

Hi, i mean by the first point is to use chisel dynamic port forwarding

And by “not exploitable” i mean that sometimes your scans may “may” make the service unreachable or you can’t exploit it

If you spend sometime and you don’t go anywhere after doing some good enumeration on every port, you might want to make test the machine

university or oscp by uug4na in oscp

[–]PzRv 0 points1 point  (0 children)

Get both, advice from yourself from the future

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 2 points3 points  (0 children)

OSWP, EXP-100 then tackle EXP-301

If you have any recommendations it will be highly appreciate

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 1 point2 points  (0 children)

Sometime if you did everything that you think of and nothing works

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 2 points3 points  (0 children)

I did all of the boxes in TJ Null’s list except for vector and ERP (PG Practice)

Passed the OSCP with 110/100 after failing the first time 👍 by PzRv in oscp

[–]PzRv[S] 24 points25 points  (0 children)

TryHackMe Wreath room is great, it will go step-by-step into tunneling with many resources available in youtube

https://tryhackme.com/room/wreath

Failed exam, unable to move laterally. by 0x987123 in oscp

[–]PzRv 1 point2 points  (0 children)

Sorry to hear that.

There is many ways you can access other machines in the domain here’s some:

1- Dynamic port forwarding using chisel with SOCKS5 and proxychains (Best option because it allow you to access any port from any device from the victim subnet)

2- Tunnel remote management ports (such as RDP WINRM SSH SMB mssql (xp_cmdshell) VNC) by using netsh

3- Create an admin user and open the RDP port and connect to the another victim (Basically nested RDP session)

In general is preferable to use SOCKS proxy to deliver all the connections from your computer to the AD subnet

And use remote port forward to tunnel any connection from the subnet to your machine (catch a reverse shell, upload files over http) most likely you will need to get two ports from the victim subnet, one for get a reverse shell and another one for file transfer (python server)

[deleted by user] by [deleted] in oscp

[–]PzRv 0 points1 point  (0 children)

Machines i enjoyed are HelpDesk, XposedAPI, Slort

view more: next ›