The list itself, in case if you don't know what I'm referring to. This is probably the best resource on your journey to become an #OSCP holder. There are both, #vulnhub and #hackthebox machines with different levels of difficulty. Bonus points for those who can actually figure out why each machine is listed there đ
https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8
https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8
Google Docs
NetSecFocus Trophy Room
A bunch of next writeups will be for
It's also a nice way to prepare yourself for the #OSCP exam, so I noted down almost all writeups for it as well.
Enjoy!
Offensive Pentesting learning path from #tryhackme. You can learn more about it here: https://tryhackme.com/path/outline/pentesting. It's also a nice way to prepare yourself for the #OSCP exam, so I noted down almost all writeups for it as well.
Enjoy!
TryHackMe
Offensive Pentesting
Acquire the skills needed to go and get certified by well known certifiers in the security industry. Learn about industry-used penetration testing tools and attain techniques to become a successful penetration tester.
The Vulnversity will be the first machine in this series. It's a pretty classic exploitation path for the web server with further privilege escalation process via abusing the SUID bit on one of the binaries. For all machines in this series I put takeaways at the end of the writeup.
#tryhackme #pentest
https://telegra.ph/Vulnversity-09-22
#tryhackme #pentest
https://telegra.ph/Vulnversity-09-22
Telegraph
Vulnversity
Vulnversity is the first machine in TryHackMeâs âOffensive pentestingâ path.
Exploiting the legendary EternalBlue (CVE-2017-0144) vulnerability in this TryHackMe machine.
#pentest #tryhackme
https://telegra.ph/Blue-09-22-4
#pentest #tryhackme
https://telegra.ph/Blue-09-22-4
Telegraph
Blue
Blue is the second machine in TryHackMeâs âOffensive pentestingâ path.
Kenobi is the third machine in TryHackMeâs
#pentest #tryhackme
https://telegra.ph/Kenobi-09-22
Offensive pentesting path. Identifying and exploiting the vulnerability in FTP server. To escalate privileges to root you will need to use the combination of SUID binary and PATH variable. #pentest #tryhackme
https://telegra.ph/Kenobi-09-22
Telegraph
Kenobi
Kenobi is the third machine in TryHackMeâs âOffensive pentestingâ path.
Another Mr.Robot-themed machine. Exploiting the HTTP file server to get the initial shell, and finding a
#tryhackme #pentest
https://telegra.ph/Steel-Mountain-09-23
Unquoted Service Path vulnerability to privesc, #tryhackme #pentest
https://telegra.ph/Steel-Mountain-09-23
Telegraph
Steel Mountain
Steel Mountain is the first machine in the âAdvanced Exploitationâ part of TryHackMeâs âOffensive pentestingâ path. > Enumeration By scanning the machine with nmap we can see that both port 80 and port 8080 are running the HTTP services. Port 80 has nothingâŚ
From Mr.Robot to Batman! In Alfred you will need to exploit misconfigured
#tryhackme #pentest
https://telegra.ph/Alfred-09-23
Jenkins instance, and on a later stage impersonate a client with the SeImpersonatePrivilege role. #tryhackme #pentest
https://telegra.ph/Alfred-09-23
Telegraph
Alfred
Alfred is the second machine in the âAdvanced Exploitationâ part of TryHackMeâs âOffensive pentestingâ path. > Enumeration The output of the nmap scan: nmap -sC -sV 10.10.0.34 80/tcp open Microsoft IIS httpd 7.5 3389/tcp open ssl/ms-wbt-server? 8080/tcp openâŚ
Moar themed machines! Next in the line - IT. Bruteforcing our way into the web server, finding the exploit for Remote Code Execution, and getting the root by tampering the misconfigured service.
#tryhackme #pentest
https://telegra.ph/HackPark-09-23
#tryhackme #pentest
https://telegra.ph/HackPark-09-23
Telegraph
HackPark
HackPark is the third machine in the âAdvanced Exploitationâ part of TryHackMeâs âOffensive pentestingâ path. > Enumeration Nmap scan: nmap -sC -sV -o nmap.txt 10.10.37.35 80/tcp open http Microsoft IIS httpd 8.5 3389/tcp open ssl/ms-wbt-server? By navigatingâŚ
Theme for the next machine is Hitman, as in this box you will be breaking into the forum about games.
SQL injection for the foothold, and quite tricky PrivEsc as I wanted to avoid using Metasploit.
#tryhackme #pentest
https://telegra.ph/Game-Zone-09-23
SQL injection for the foothold, and quite tricky PrivEsc as I wanted to avoid using Metasploit.
#tryhackme #pentest
https://telegra.ph/Game-Zone-09-23
Telegraph
Game Zone
Game Zone is the fourth machine in the âAdvanced Exploitationâ part of TryHackMeâs âOffensive pentestingâ path. > Enumeration Nmap scan output: nmap -sC -sV -o gamezone <ip> 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 ( 80/tcp open http Apache httpd 2.4.18âŚ
Dipping your toes into Digital Forensic just a bit. Analyzing the .pcap file to replicate attacker's action. This machine is different from others in this series, but it's worth checking.
#tryhackme #pentest
https://telegra.ph/Ovrpass2-09-23
#tryhackme #pentest
https://telegra.ph/Ovrpass2-09-23
Telegraph
Ovrpass2
Overpass2 is the seventh machine in the âAdvanced Exploitationâ part of TryHackMeâs âOffensive pentestingâ path. > PCAP analysis That is an unusual type of machine for me. We got the .pcap file with the network dump. There are few ways to work with .pcapâŚ
Hacking Skynet in this Terminator-themed machine. A LOT of enumeration with a pinch of brute forcing. Exploitation is straight forward, PrivEsc part will...take some time đ
#tryhackme #pentest
https://telegra.ph/Skynet-09-23
#tryhackme #pentest
https://telegra.ph/Skynet-09-23
Telegraph
Skynet
Skynet is the fifth machine in the âAdvanced Exploitationâ part of TryHackMeâs âOffensive pentestingâ path. > Enumeration Letâs start with the nmap scan: nmap -sC -sV -o nmap.txt <target_ip> 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 80/tcp open httpâŚ
The last writeup on
https://telegra.ph/Internal-09-23-2
Offensive Pentesting learning path from me. Kicking Wordpress and Jenkins instance in that one. https://telegra.ph/Internal-09-23-2
Telegraph
Internal
Internal is the last machine in the âAdvanced Exploitationâ part of TryHackMeâs âOffensive pentestingâ path. Enumeration As Iâm starting to prepare for my âDry runâ for the OSCP exam, this time I will use more stuff from my methodology. We already learnedâŚ
Found my old HackTheBox writeup, that is also can be useful for OSCP prep. In Tabby, you need to break into the Tomcat instance and escape from the LXD container for a PrivEsc. Pretty cool machine, this PrivEsc vector is quite common, but still underrepresented in the majority of labs.
#hackthebox #pentest
https://telegra.ph/Tabby-09-27
#hackthebox #pentest
https://telegra.ph/Tabby-09-27
Telegraph
Tabby
Tabby is an easy Linux machine from HackTheBox, that is part of the pool of machines that recommended for preparation for OSCP certification. > Content table Enumeration Exploitation of Tomcat Privilege escalation with LXC containers > Enumeration Start withâŚ
To the hardcore part. While we are still on the OSCP note, it is wort mentioning the crucial part of the exam - the Buffer Overflow exploitation. That machine will give you 25 points (from 70 to pass the exam), and it is very different from all other machines. To handle that one, you will need to have some basic experience with Binary Exploitation and Exploit Development, as you will need to develop an exploit, that by manipulating of the program's input and memory, could execute arbitrary code to spawn a shell.
Without further ado, let's gain you some experience:
https://telegra.ph/Buffer-Overflow-101-09-27
#exploitdev #binaryexploitation #oscp
Without further ado, let's gain you some experience:
https://telegra.ph/Buffer-Overflow-101-09-27
#exploitdev #binaryexploitation #oscp
Telegraph
Buffer Overflow 101
> Introduction What is a Buffer Overflow?
Preparing for the OSCP? I captured my journey, thoughts and a bunch of advances in this long read OSCP review.
Is it good? Should you take it? Does it worth it? It's all here!
Enjoy!
#oscp #cert #review
https://telegra.ph/OSCP-review-09-27
Is it good? Should you take it? Does it worth it? It's all here!
Enjoy!
#oscp #cert #review
https://telegra.ph/OSCP-review-09-27
Telegraph
OSCP review
> Table of Content Introduction About the PWK/OSCP course Expectations Before taking the course Lab time Preparations for the exam The exam Closing thoughts Useful resources > Introduction The OSCP (Offensive Security Certified Professional) also, knows asâŚ
My eWPT review is almost done, but it's make no sense to post it, as I'm still waiting for the result to arrive.
Oh well...
I will continue with the start of another series and interrupt it with the review later on. Stay tuned.
Spoiler: eWPT is nice
Oh well...
I will continue with the start of another series and interrupt it with the review later on. Stay tuned.
Spoiler: eWPT is nice
A bunch of upcoming post will be all about wargames from https://exploit.education/, formerly known as exploit-exercises.com.
It's a great collection of virtual machines that could help to develop essential skills for vulnerability research, and exploit development.
It might seem too simple at the beginning, but the learning curve will smash me shortly, no doubt in that.
It's a great collection of virtual machines that could help to develop essential skills for vulnerability research, and exploit development.
It might seem too simple at the beginning, but the learning curve will smash me shortly, no doubt in that.