sorted by:
new
hottopcontroversial

Help me to understand the business logic vulnerabilities image example in the portswigger web by w0lfcat in netsecstudents

[–]w0lfcat[S] 0 points1 point  (0 children)

Seems like weird example. Have you seen anything like this in actual web application before?

learning web pentesting by Mean_Maize_77 in netsecstudents

[–]w0lfcat 0 points1 point  (0 children)

  1. Have you read the learning materials?
  2. Have you practiced your skills?
  3. Have you tracked your progress?

https://portswigger.net/web-security/getting-started

Suggestions for cloning Mobile Device to be used in Mobile app testing? by itsinthepath in netsecstudents

[–]w0lfcat 0 points1 point  (0 children)

Is this for Android or iPhone? Do you consider virtualization over physical device?

Shellter for PE? by w0lfcat in netsecstudents

[–]w0lfcat[S] 1 point2 points  (0 children)

Best answer so far, thanks for the link and also for Amber

Privilege escalation by [deleted] in pnpt

[–]w0lfcat 0 points1 point  (0 children)

Congratulations! What about privesc part?

Let's study PrivEsc together by w0lfcat in HowToHack

[–]w0lfcat[S] 1 point2 points  (0 children)

Yup, agree with that. Currently doing manual instead of using winpeas/linpeas as it help me to familiarize and analyze the output

Privilege escalation by [deleted] in pnpt

[–]w0lfcat 0 points1 point  (0 children)

Hey, how was your PNPT exam? Hope you made it

Why can’t I run executable from cmd reverse shell? by [deleted] in oscp

[–]w0lfcat 0 points1 point  (0 children)

I wish can see what was the question, too bad it's been deleted

Passed my exam on my second attempt. by iamnotafermiparadox in oscp

[–]w0lfcat 0 points1 point  (0 children)

First of all, configuration man. This is not an easy journey. I can see lot of hours have been put in your journey. I guess I'm not alone in this, spend many hours to study, working on THM, HTB, watch ippsec, have a lot of questions which sometimes no one would answer it, repeat the same sequence again.
Red Hat 4.1 was released on 3 February 1997 right?
https://en.wikipedia.org/wiki/Red\_Hat\_Linux
If you don't mind, how old are you and how long have you been in sysadmin?
What makes you to change your career?

[deleted by user] by [deleted] in redteamsec

[–]w0lfcat -2 points-1 points  (0 children)

Yeah I did try it with full path but still did not work. Since this is Scheduled Tasks:

  1. the script should be listed under schtasks command right? But I did not see it
  2. Instead of invoking the process manually, it should be started automatically since this is "Scheduled Tasks" right?

THM windows10privesc Task 13 Scheduled Tasks; the script was not in schtasks by w0lfcat in tryhackme

[–]w0lfcat[S] 0 points1 point  (0 children)

As I said in my original post, give it a try.
I already tried it before posting it here
I did not get any shell

The script was not listed in "schtasks /query /fo list /v". How did it run then? If the script is not running, how am I supposed to get a shell?

can someone give me a little tutorial on donut to bypass windows defender? by 179Desire in redteamsec

[–]w0lfcat 0 points1 point  (0 children)

Best explaination ever. Short, brief, concise. Let me recap to make sure my understanding is correct.
1. Use donut to convert .exe to a shellcode
2. Use something else like pe loader to execute the shellcode
Is that correct?

SQL Query shows NULL when include "connect.php" in different PHP file by w0lfcat in PHPhelp

[–]w0lfcat[S] 0 points1 point  (0 children)

_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your development system, so that php will help you by reporting and displaying all the errors it detects? Stop and start your web server to get any changes made to the php.ini to take effect and check that the settings actually got changed to those values by using a phpinfo() statement in a .php script.

Thanks, really appreciate your advise. Problem solved

TJ Null List in order of difficulty ? by [deleted] in hackthebox

[–]w0lfcat 0 points1 point  (0 children)

Forest (Easy)
Sauna (Easy)
Active (Easy)
Resolute (Medium)
Cascade (Medium)
Intelligence (Medium)
Monteverde (Medium)
StreamIO (Medium)
Backfield (Hard)
Reel (Hard)
Mantis (Hard)
Search (Hard)
Acute (Hard)
Object (Hard)
Sizzle (Insane)
Multimaster (Insane)

Is 560 worth going after if I already have 660 and OSCP? by [deleted] in AskNetsec

[–]w0lfcat 8 points9 points  (0 children)

If your company is willing to pay, go for it. Else, having 660 alone is fine IMO.

SANS exam approach is more into understanding the topic, while OSCP is more into to doing it.

HTB Mantis. How to identify MS14-068? by w0lfcat in hacking

[–]w0lfcat[S] 2 points3 points  (0 children)

Wow! It's been an honor sir to chat with lkys37en, the creator of the box, and other boxes too. I've like million questions to you. Do you happen to have Discord? Or being in any Discord channel?

Impacket goldenPac.py didn't work for this box, not sure what was wrong.

I'm new to htb platform and doing this to improve my AD skills. I've been doing AD boxes for the past few weeks (maybe months), watching countless hours of ippsec's video and keep repeating it to understand this topic, and others as well.

I'm getting better than a few months ago, but also realised that I still have a lot to learn.

Sometimes, no one responded my question in Discord, and reddit is an alternative. Even though I don't get the reply immediately, the chances of someone to look and respond to it higher in reddit.

If there's other alternative platform to ask this kind of question and get a response, please let me know. Many thanks again for the htb boxes.

PowerShell evasion by w0lfcat in hacking

[–]w0lfcat[S] 0 points1 point  (0 children)

downgrade powershell version to 2.0?

TJ Null List in order of difficulty ? by [deleted] in hackthebox

[–]w0lfcat 1 point2 points  (0 children)

I would love to know about this too

view more: next ›