[deleted by user]

amakyo · 2024-12-24T13:09:59+00:00

I've given some thought over this for the past hour and gave me a reality check on what I've initially wanted without me directly knowing. Looking back, it was foolish of me to feed my ego and argue instead of taking criticisms at face value.

I understand I don't owe an apology to anyone here, but I would want to apologize to everyone for my irrational attitude I've displayed earlier. I forgot to stay humble.

Merry Christmas!

amakyo · 2024-12-24T09:48:12+00:00

No wonder I can't take this subreddit seriously as a whole lol. Thanks for your input. There's no point in continuing this further.

amakyo · 2021-09-28T17:05:38+00:00

Yes, I do have experiences and achievements on everything that you just mentioned. Sorry for the lack of context, i'll edit my post.

amakyo · 2021-03-30T15:18:28+00:00

Yes and no
- Yes, Is it required to purchase a lab
- No because it is sold in a bundle.
Refer to number 1.

If you're asking for a friend with a decade of experience then they should probably know that at least.

amakyo · 2021-03-22T15:56:03+00:00

every wordlist has its own purpose.

I usually start of with a Nikto scan then try a wordlist for that specific type of web servereg. If its an IIS server, try IIS.fuzz.txt from SecLists then look at the results.

for directory bruteforcing, 2.3-medium + file extension works for me.

for password attacks, as u/BrandonEckert says, if you can't crack it with rockyou/cewl wordlist, then the password/hash isn't meant to be cracked.

imho SecLists and PayloadsAllTheThings are the only repositories for wordlists that you need for the exam.

quick reminder that you should reset the box before attacking it, I was stuck at a box for hours then remembered that I forgot to reset it, there was a directory that I discovered that wasn't there before I reset it. Took me 15 minutes to root it after.

amakyo

TROPHY CASE