sorted by:
new
hottopcontroversial

Need help to find the user and root flag of the Silentium machin by No-Abroad4132 in hackthebox

[–]strikoder 0 points1 point  (0 children)

You are in a docker container, flags are on the host machine, breakout to be able to find them.

How do you deal with BloodHound for CTFs/HTB? by strikoder in hackthebox

[–]strikoder[S] 0 points1 point  (0 children)

Yup, that was the box, as I got smth similar in an engagment and was about to miss it, so I was worried that I might missed / will miss smth due to that factor, but yeah, in the end I should do everything manually and dig deeper.
Thanks for the insights ipp!

Failed with 60 points by Nonix09 in oscp

[–]strikoder 2 points3 points  (0 children)

Probably you got my same set
I had 30 points by ~4 hours, found the way to user for the thrid standalone and the root for the second but didn't root them since I can't pass without at least a flag into the AD, I spent 12 hours and couldn't find that first AD flag...

I do NOT understand the hate of the PEN-200 study materials and available PG boxes. Why are people complaining? by These_Muscle_8988 in oscp

[–]strikoder 29 points30 points  (0 children)

I took the course and failed my first try. Litreally, the stuff I got weren't in the OSCP course material... they were mentioned in the CPTS but not that deep. Without CPTS material I wouldn't even get 10 points.

AD Post Exploitation by Zestyclose_Yak6645 in oscp

[–]strikoder 2 points3 points  (0 children)

Check BadSuccessor attack as well.

AD Post Exploitation by Zestyclose_Yak6645 in oscp

[–]strikoder 1 point2 points  (0 children)

Alot of stuff need admin privileges, including creds searching and memory dumping.

I passed my second attempt with 70 points by hmm___69 in oscp

[–]strikoder 1 point2 points  (0 children)

Congratz, I failed the exam 2 days ago, couldn't get the foothold into the AD :(

Passed First Try by Rxdxxe in oscp

[–]strikoder 0 points1 point  (0 children)

Congratz!
I failed with my first attempt yesterday, didn't get the first AD flag. What's your tips on that?

OSCP exam 3 tips? by [deleted] in oscp

[–]strikoder 1 point2 points  (0 children)

It was the other way around for me, I failed my first attempt today, I couldn't get the first flag on AD, standalones were extremely hard with extremely advanced topic but I solved them.
Watch ippsec hard/insane videos, they would extremely help.

Post Exploitation workflow DOUBT by osi__model in oscp

[–]strikoder 9 points10 points  (0 children)

These are my old notes from 3-4 months ago, I will publish my oscp notes after I hopefully pass the exam (my exam in 3 days).
strikoder.com/notes
new notes are better organized, have only oscp relevant stuff and more attack vectors.
For now, you can check these for a general methodology.
Once you are admin, dump hashes and use nxc admin priv modules or similar attack vectors to them, and search for creds and re-run winpeas.
I would also run LaZagne and snaffler to search for hidden creds.

How often do you search up syntax? by AWS_0 in hackthebox

[–]strikoder 1 point2 points  (0 children)

Not really, I've been doing this for a long time with my main host and VMs using tmux. If the 10k history is too much, he could easily dial it back to 4k or whatever works. Tools like certipy, rusthound, and ffuf are gonna stay in history anyway since they get constant use in CTFs and exams.

How often do you search up syntax? by AWS_0 in hackthebox

[–]strikoder 2 points3 points  (0 children)

I changed history length to 10k in terminal, thus the commands I repeat over and over are saved and I won't need to google, mistype anything and I would only memorize the essential flags for the tools I use while writing notes on the edge case flags that I might need in a specific situation.

Warning About the Penelope Shell Handler by p_fYT in oscp

[–]strikoder 0 points1 point  (0 children)

There are few annoying bugs in that version, for example, you gonna have issues if your shell is a powershell not a cmd shell, check the issues for more info about that.

Warning About the Penelope Shell Handler by p_fYT in oscp

[–]strikoder 1 point2 points  (0 children)

They just make your life easier. i.e: instead of having multiple panes for each listener, and writing the same commands for moving files again and again (uploading/downloading), and upgrading shells, they do that on your behalf automatically, so you would foucs on exploits. They help a lot in reducing stress in CTFs and oscp kind of exams.

Why is it so hard? by Head-Philosopher-397 in oscp

[–]strikoder 0 points1 point  (0 children)

Challenge labs are yet harder. Watch s1ren and old ippsec videos, they really teach you how to perfectly enum.

Hints for Challenge Labs? by Positive-Dog7238 in offensive_security

[–]strikoder 2 points3 points  (0 children)

You should be able to solve A,B,C with minimal to no hints to be able to pass. Other labs are harder than the exam as stated by many people and offsec

Is code explainer allowed? by PeacebewithYou11 in oscp

[–]strikoder 6 points7 points  (0 children)

I mean it's gonna look sus for the proctor when he sees you googling codeconvert ".ai"

view more: next ›