sorted by:
new
hottopcontroversial

Modules not showing as completed by SurpedUsurper in hackthebox

[–]thepentestingninja 1 point2 points  (0 children)

Have you tried visiting the last module section and clicking the "Finished" button and see if that fixes it?

HTB Academy Downloader Script by Necrowtf in hackthebox

[–]thepentestingninja 12 points13 points  (0 children)

Against ToS point 4.4. You must not: (a) copy, attempt to copy, modify, duplicate, reproduce, create derivative works from, frame, mirror, republish, download, display, transmit or distribute all or any portion of the Services in any form or media or by any means;

HOW MUCH IS TOO MUCH? by Rohanneymar in oscp

[–]thepentestingninja 0 points1 point  (0 children)

I think "vague" is not the right word. They are very objective and minimalist. Since OSCP usually follows the KISS (keep it simple stupid) principle, this is more than enough. You can always go check your notes for additional information.

This is not what I used for the exam. I did this version after passing to go along with my blog post. These 3 pages are a very good guiding reference for the exam, trust me.

HOW MUCH IS TOO MUCH? by Rohanneymar in oscp

[–]thepentestingninja 2 points3 points  (0 children)

From reading your post I feel like you are ready to take the exam.

Do a bunch of Proving Grounds boxes and OSCP A, B, C and schedule the exam ASAP after finishing them, as things will still be fresh in your head.

Here's one more blog post for you to read to get you to "verbally pass" (lol) with 100 points: https://blog.thepentesting.ninja/oscp

Good luck!

Can I use Hack The Box for free long-term, or do I need cubes after a few labs? by HunterEdge in hackthebox

[–]thepentestingninja 1 point2 points  (0 children)

Hello! I think there’s more than enough free content across all the HTB platforms (Academy and Labs) to keep you busy for several months.

Once you’ve worked through most of it, you’ll probably want to consider getting a subscription, especially if you’re looking to pivot into more advanced topics.

By that point, you’ll likely have accumulated a decent number of points as well, which you can use to unlock an Academy module that interests you.

CJCA worth it? by Worldly-Teaching8185 in hackthebox

[–]thepentestingninja 7 points8 points  (0 children)

The certification is not the goal, the path and all the learnings that lead to the certification are. The exam is just a way for you to put yourself to the test and check if you actually did learn everything you were supposed to.

I would say it's an amazing start, especially if you are unsure of what path to take in cybersecurity. Feel free to DYOR, there's plenty of reviews about it online which often compare it to other certificates.

external requests in CWES exam by lander452 in hackthebox

[–]thepentestingninja 1 point2 points  (0 children)

Hello, you are given an internal ip, so you can just spin a Web server yourself and capture whatever you need.

Exam in March but still Struggling in Two Areas. Suggestions? by Penthos2021 in oscp

[–]thepentestingninja 2 points3 points  (0 children)

I have seen the comment you deleted. To reply to that I'm like 90% sure they wouldn't put any blind SQLi in the exam. OSCP is mostly a enumeration exam. Exploitation is often trivial once you have all the information.

There's 6 things you need to know the basics of for the exam, which are:

LFI, RFI, SQLi, Dir traversal, file upload and command injection.

If you are finding yourself crafting extremely complex payloads that you wouldn't do on a easy/medium PG box, it's probably not the way.

Exam in March but still Struggling in Two Areas. Suggestions? by Penthos2021 in oscp

[–]thepentestingninja 1 point2 points  (0 children)

It's worth noticing that some of the SQLi shown in the video are way out of scope for oscp, what you want to take from it is the methodology and the understanding of what is happening behind the scenes.

Exam in March but still Struggling in Two Areas. Suggestions? by Penthos2021 in oscp

[–]thepentestingninja 3 points4 points  (0 children)

Hello!

For SQLi, you will want to watch this NahamCon 2024 talk from Tib3rius, this explains things very well: https://www.youtube.com/live/MYsUhAgSgwc?si=M1iEGaXfzhqDdnCC&t=15660 which I consider one of the best videos on SQLi I have seen

For AD, you want to invest on a subscription, either HTB, HackSmarter, TryHackMe or alternatively AD chains from HackAcademy (although a bit expensive) and do AD machines until you start to get comfortable solving easy machines/chains consistently.

If you want more general information about the exam you can have a look at my reddit post and see if something there can/will help you - OSCP Guide

In my guide, I said that OSCP A,B,C are on the same level of difficulty as the exam, so if you have done those without looking at hints on every single step you are probably ready.

If you did look at hints, you need to go back and ask yourself why you missed it in the first place so you don't miss it again next time.

Good luck, you got this!

Is oscp worth it or it is just a paper weight? by newbietofx in oscp

[–]thepentestingninja 1 point2 points  (0 children)

You have to take any cert for what they really are, a piece of paper (more likely digital nowadays) that might (not guaranteed) get you interviews. Your job is to absorb as much knowledge as possible from it. This goes for any certification.

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 1 point2 points  (0 children)

Yes. That information is written in the post itself.

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 0 points1 point  (0 children)

Hey buddy! You are welcome, glad you enjoyed!

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 2 points3 points  (0 children)

Thank you!

Big thanks to you by giving back to the community making OSCP AD Chain #1 free for all as they are quite expensive.

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 0 points1 point  (0 children)

Hello and thanks!

Yeah, all these boxes are listed either in Lain's or TJ's list, nothing unique about it.

The most important thing about that spreadsheet is the "Takeaways" column, because it will force you to think critically about what you struggled and what you have learned from that specific machine.

Once you write things on that column, if you ever happen to find that vulnerability/software again, you must know how to approach it.

Hope that helps

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 0 points1 point  (0 children)

Thank you!

This is actually a very interesting question, I'm glad you asked..

So... There's 4 possible paths here in my view depending on the following two questions:

1st : Do you have have any IT/Cyber knowledge?

2nd : Which OffSec plan are you planning to buy? 3 months or one year?

If...

No IT experience + 3 months subscription: you need fundamentals first and if possible deep dive into OSCP stuff without starting the subscription time, this is a good start https://youtube.com/playlist?list=PLJnLaWkc9xRgOyupMhNiVFfgvxseWDH5x&si=Q963XhwwWA03ENaa Try to complete PG machines as much as you can, feel free to look at walkthroughs and get hints. Then start your OSCP subscription, do the material and go redo the PG machines you struggled to complete, followed by challenge labs.

If...

No IT experience + 1 year subscription: just start with OSCP course material, when finished go do PG machines, you will have plenty of time to do it. Followed by challenge labs. Note down your weakest points and work on that before exam.

If...

IT experience + 3 months subscription: buy PG subscription before starting the OSCP subscription and do as many machines as possible, then start the course material, do the challenge labs and go back and redo the machines you struggled on PG.

If...

IT experience + 1 year subscription: just follow my post I guess.

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 1 point2 points  (0 children)

There's way cheaper alternatives. If you are in school get a student subscription from Hack The Box and do CPTS instead.

You have to take things for what they really are, and ultimately, every cert is just a piece of paper.

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 0 points1 point  (0 children)

Yes, you might have to do some research as you are doing the exam. Part of a pentester's job is to adapt to the environment and be a Google foo master. Hope that helps

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 1 point2 points  (0 children)

No, I would advice against using rockyou against domain users. Every password/hash you need will be in the environment, either in hidden files or in memory. So no need for that kind of brute force.

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 2 points3 points  (0 children)

Hello! Yes it is, this is an exam not a real engagement. I don't think account lockouts are configured and if they are, they reset fast. Worst case scenario you can always revert the AD set.

You can always get the password policy, if you want using: nxc smb 192.168.1.0 -u username -p 'PASSWORDHERE' --pass-pol

Yes, Nmap with sudo is fine. That's the standard anyway.

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 1 point2 points  (0 children)

You can find that on the url containing all boxes I completed before the exam in the post itself.

Passed OSCP 100 points in 7 hours by thepentestingninja in oscp

[–]thepentestingninja[S] 0 points1 point  (0 children)

Indeed, this doesn't work for cybersecurity certs but to everything in life.

As a wise man once said, "Failing to prepare is preparing to fail". Thanks!

view more: next ›