NoxLumens
NoxLumens
  • 28
  • 17 296
Offsec Pen-200 OSCP 2024 Lessons Learned
Offsec Pen-200 OSCP 2024 Lessons Learned
I'm gonna keep it simple. This is a lessons learned, a brain dump, a what i did, what i could do better kinda thing.
I also talk about what's next and my expectation of the future, my current job, my plans for web app pentesting, recertification, and several other things.
Переглядів: 879

Відео

Practical Web Penetration Tester Passed! GameJam! A Series of Side Quests...
Переглядів 1995 місяців тому
A Series of Side Quest I Passed the PWPT certifications.tcm-sec.com/pwpt/ Pirate Software Summer Game Jam 2024 itch.io/jam/pirate Godot 4 Tutorial ua-cam.com/video/GwCiGixlqiU/v-deo.htmlsi=ibSuPDEco6nX-DSP Netbox Pentesting netboxlabs.com/docs/netbox/en/stable/introduction/ TJ Nulls for OSCP Preparation docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview# Tw...
Minimal Obsidian for Kali Linux - How To
Переглядів 1,9 тис.5 місяців тому
This is how I set up obsidian with the community plugin minimal and theme minimal HTB Academy Referal: referral.hackthebox.com/mz8ED35
Astronaut - Proving Grounds Play -- TJ Null's OSCP Prep
Переглядів 5515 місяців тому
Astronaut - Proving Grounds Play TJ Null's OSCP Prep HTB Academy Referal: referral.hackthebox.com/mz8ED35 TJ Nulls OSCP Prep List docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Skills Required Manual Enumeration Willingness to learn Google-fu! Skills Learned CVE Enumeration SUID bits - find / -perm -u s 2>/dev/null Sudo -l cat /etc/crontab Tools POC too...
Pelican - Proving Grounds Play -- TJ Null's OSCP Prep
Переглядів 3206 місяців тому
Pelican - Proving Grounds Play TJ Null's OSCP Prep HTB Academy Referal: referral.hackthebox.com/mz8ED35 TJ Nulls OSCP Prep List docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Skills Required Manual Enumeration Willingness to learn Google-fu! Skills Learned CVE Enumeration SUID bits - find / -perm -u s 2>/dev/null Sudo -l cat /etc/crontab Tools POC tool ...
Algernon - Proving Grounds Play -- TJ Null's OSCP Prep
Переглядів 2166 місяців тому
Algernon - Proving Grounds Play TJ Null's OSCP Prep HTB Academy Referal: referral.hackthebox.com/mz8ED35 TJ Nulls OSCP Prep List docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Skills Required Manual Enumeration Willingness to learn Google-fu! Skills Learned CVE Enumeration Tools NMAP POC tool for CVE My Certifications: Practical Network Penetration Test...
Twiggy - Proving Grounds Play -- TJ Null's OSCP Prep
Переглядів 6526 місяців тому
Twiggy - Proving Grounds Play TJ Null's OSCP Prep HTB Academy Referal: referral.hackthebox.com/mz8ED35 TJ Nulls OSCP Prep List docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Skills Required Manual Enumeration Willingness to learn Google-fu! Knowledge of directory brute force tools Skills Learned CVE Enumeration DNS Enumeration Directory Brute forcing We...
TryHackMe - CyberLens - Hack Smarter
Переглядів 4797 місяців тому
TryHackMe - CyberLens - Hack Smarter Skills Required Know how to fall into rabbit holes. :) Skills Learned CVE Enumeration Directory Brute forcing Web Headers like 'X-whatever' Tools NMAP Feroxbuster Gobuster POC tool for CVE My Certifications: Practical Network Penetration Tester (PNPT) : TCM Security - certifications.tcm-sec.com/pnpt/ Practical Junior Penetration Tester (PJPT): TCM Security -...
Amaterasu - Proving Grounds Play -- TJ Null's OSCP Prep
Переглядів 8587 місяців тому
Amaterasu - Proving Grounds Play TJ Null's OSCP Prep TJ Nulls OSCP Prep List docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Skills Required Manual Enumeration Willingness to learn Skills Learned Curl POST with multiform part Directory brute forcing Tools NMAP HYDRA FTP CURL My Certifications: Practical Network Penetration Tester (PNPT) : TCM Security - ...
Driftingblue6 - Proving Grounds Play -- TJ Null's OSCP Prep
Переглядів 2927 місяців тому
Driftingblue6 - Proving Grounds Play TJ Null's OSCP Prep TJ Nulls OSCP Prep List docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Skills Required Manual Enumeration Skills Learned diectory brute forcing zip file password cracking CMS functionality exploitation - plugin upload kernel exploit - dirtyCow Tools NMAP FEROXBUSTER ZIP2JOHN JOHN WHITEWINTERWOLF W...
Election - Proving Grounds Play - TJ Nulls OSCP Prep
Переглядів 2687 місяців тому
Open to work TJ Nulls OSCP Prep List docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Skills Required Port enumeration directory brute forcing manual enumeration Skills Learned Linux Enumeration User enumeration Directory Brute Forcing Tools searchsploit manual enumeration gobuster rustscan obsidian My Certifications: Practical Network Penetration Tester ...
Blogger - Proving Grounds Play (TJ Nulls OSCP Prep)
Переглядів 3228 місяців тому
TJ Nulls OSCP Prep List docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview Skills Required Port enumeration directory brute forcing manual enumeration wordpress enumeration Skills Learned Linux Enumeration User enumeration Directory Brute Forcing php enumeration through phpinfo(); magic bytes fuzzing? sql database enumeration file type bypassing bypassing d...
Pandora - Hackthebox OSCP Prep TJ Nulls
Переглядів 4688 місяців тому
Pandora is an easy rated Linux machine. The port scan reveals a SSH, web-server and SNMP service running on the box. Initial foothold is obtained by enumerating the SNMP service, which reveals cleartext credentials for user daniel . Host enumeration reveals Pandora FMS running on an internal port, which can be accessed through port forwarding. Lateral movement to another user called matt is ach...
Broker - Hackthebox OSCP Prep TJ Nulls
Переглядів 1,1 тис.8 місяців тому
Broker is an easy difficulty Linux machine hosting a version of Apache ActiveMQ . Enumerating the version of Apache ActiveMQ shows that it is vulnerable to Unauthenticated Remote Code Execution , which is leveraged to gain user access on the target. Post-exploitation enumeration reveals that the system has a sudo misconfiguration allowing the activemq user to execute sudo /usr/sbin/nginx , whic...
Updown - Hackthebox - OSCP Prep TJ Nulls
Переглядів 1888 місяців тому
Updown - Hackthebox - OSCP Prep TJ Nulls
Soccer - Hackthebox (OSCP Prep) TJ Nulls - Tiny File Manager CVE, Websocket SQLI, Sticky Bits SUID
Переглядів 1498 місяців тому
Soccer - Hackthebox (OSCP Prep) TJ Nulls - Tiny File Manager CVE, Websocket SQLI, Sticky Bits SUID
Blackfield - Hackthebox (OSCP Prep) TJ Nullls
Переглядів 3,1 тис.9 місяців тому
Blackfield - Hackthebox (OSCP Prep) TJ Nullls
Busqueda - Hackthebox (OSCP Prep) - TJ Nulls
Переглядів 1,3 тис.9 місяців тому
Busqueda - Hackthebox (OSCP Prep) - TJ Nulls
Intelligence - HacktheBox (OSCP Prep) - TJ Nulls
Переглядів 7409 місяців тому
Intelligence - HacktheBox (OSCP Prep) - TJ Nulls
StreamIO - Hackthebox (OSCP Prep) - TJ Nulls
Переглядів 3099 місяців тому
StreamIO - Hackthebox (OSCP Prep) - TJ Nulls
How I impersonated A State Governor to Teach My Co-Workers A Lesson - How I Create Phishing Emails
Переглядів 689 місяців тому
How I impersonated A State Governor to Teach My Co-Workers A Lesson - How I Create Phishing Emails
Support - HacktheBox (OSCP Prep) - TJ NULLS
Переглядів 9649 місяців тому
Support - HacktheBox (OSCP Prep) - TJ NULLS
Servmon - Hackthebox (OSCP Prep) - TJ Nulls
Переглядів 1,2 тис.9 місяців тому
Servmon - Hackthebox (OSCP Prep) - TJ Nulls
Escape - Hackthebox (OSCP Prep) - TJ Nulls
Переглядів 2239 місяців тому
Escape - Hackthebox (OSCP Prep) - TJ Nulls
Just Playing Around with pygame
Переглядів 389 місяців тому
Just Playing Around with pygame
100 SUBS! - Am I a "l33t" Hacker Yet?
Переглядів 2549 місяців тому
100 SUBS! - Am I a "l33t" Hacker Yet?
Active - Hackthebox (OSCP Prep) - TJ Nulls
Переглядів 18510 місяців тому
Active - Hackthebox (OSCP Prep) - TJ Nulls
Web Application Attack Paths on Tryhackme
Переглядів 18210 місяців тому
Web Application Attack Paths on Tryhackme

КОМЕНТАРІ

  • @prudhvikonakalla9605
    @prudhvikonakalla9605 День тому

    Bro how can I watch the private videos in our channel.

    • @noxlumens
      @noxlumens День тому

      I had to private all of the proving grounds practice boxes because offsec doesn’t allow them to be shown. If you tell me which one you were looking at I might be able to tell you what I did or give you a hint for what to look for. I’ll make all of them public after I pass the Oscp but I don’t want to be banned from their courses because I shared full walkthroughs on their paid stuff. I wish I could though. I have so many I had to orivate

    • @prudhvikonakalla9605
      @prudhvikonakalla9605 День тому

      @noxlumens ok bro, Thanks. give me some more alternative resource if possible

    • @prudhvikonakalla9605
      @prudhvikonakalla9605 День тому

      @noxlumens all the best for oscp exam

    • @noxlumens
      @noxlumens День тому

      @@prudhvikonakalla9605 I went through all of the TJ Nulls list. If you can only afford one of those subscriptions I would go wih the offsec proving grounds subscription. Those machines are SO much like the actual exam. The proving grounds play and practice labs. I made itthrough 100% of the standalone machines on the exam and they were almost exactly like the proving grounds labs.

    • @prudhvikonakalla9605
      @prudhvikonakalla9605 День тому

      Thanks a lot bro ​@@noxlumens

  • @kaadhalrasa
    @kaadhalrasa 15 днів тому

    Can I just focus on PG practice labs instead of THM and HTB, I really dont want to overkill

    • @noxlumens
      @noxlumens 14 днів тому

      Absolutely you can. I liked going through all of them but proving grounds practice labs were the most like the exam itself so I’d say if you have limited time and want more practice proving grounds practice labs is the way to go for the most OSCP like machines

  • @Wildmanhudson
    @Wildmanhudson 19 днів тому

    Have you thought about CWEE?

    • @noxlumens
      @noxlumens 19 днів тому

      Is that one of the hackthebox certificates? If so I’ve thought about them both very much. I’ll probably go through the bug bounty courses they have when I pass the oscp. I just finished testing an open source app and found a lot of vulnerabilities that I reported to the vender. Once k finish with them I plan to get back to studying but I needed to get some experience on non CTF/exam web apps.

  • @B1G_LIL
    @B1G_LIL 29 днів тому

    Sorry man! Keep your head up! You will definitely pass it next try! Im about to purchase this learn one and I was curious if they’re videos in this course or just text?

    • @noxlumens
      @noxlumens 29 днів тому

      They do have videos in the pen-200 course now. They’re not half bad if you’re following along with them. They’re exactly the content. Also thank you. I know I can get it done. I wasted a lot of time trying to write the report while I was moving through each machine which did save me time the next day but was a detriment to me during. And I should have moved to the AD set a lot sooner. Maybe even after I got root on one of the standalone machines instead of getting all standalones and then going for the ad set. At least I would have been more fresh. I’m sure I missed some little piece of information

    • @B1G_LIL
      @B1G_LIL 29 днів тому

      @ thanks for that information! But don’t sweat it bro! You have the methodology down packed and once you retake it you will already have a feel of what to expect. Thats how I passed the PNPT. I failed first time I learned and passed in within some hours of retaking it.

    • @noxlumens
      @noxlumens 29 днів тому

      @B1G_LIL that was my experience with the PNPT too. lol. I ended up passing attempt to too.

  • @glodydipanga
    @glodydipanga Місяць тому

    You do all independent machine?, for AD set confidence you can do CRTP from Altered Security Defending and attacking active directory

  • @glodydipanga
    @glodydipanga Місяць тому

    How many point you got on your 1st attempt

    • @noxlumens
      @noxlumens Місяць тому

      I did get all of the standalone flags so 60 points. Just got an email from them saying I would have recevied 60 points so my exam report was accepted I suppose. Next time I'll likely get everthing scanned like I did this time but I'll focus on the active directory domain set first since it's what took me out this time. If I get stuck I'll go back to one standalone machine then back to the ad set. I'll end up alternating like that. Thank you for your kind words. :) I think I know what I missed now that I'm more awake and had time to think about all the information I had. We'll both get it next time. :)

    • @glodydipanga
      @glodydipanga Місяць тому

      @noxlumens what can you recommend me for be confident on stand alone machine

    • @glodydipanga
      @glodydipanga Місяць тому

      @@noxlumens I appreciated your simplicity

    • @noxlumens
      @noxlumens Місяць тому

      For me it was repetition that has me so confident with them. From what I can tell based on the TJ Null's OSCP lists, there's only a certain number of things we'll see on the exams and a lot of the enumeration you do on all of them is pretty similar. Start with network scanning and all TCP ports, then you can get away with UDP ---top-ports=1000 (in most cases) you might need to scan all ports on udp and tcp but from all of the proving grounds challenge labs I did only required tcp and top ports udp nmap scan. If there's a web server, start simple and look for .git and robots.txt. From all of the proving grounds labs I did, it seems like initial access is likely to be something like a public exploit, an anonymous smb share or ftp server, if all else fails try brute force for ssh, ftp, etc. but a lot of the practice labs came down to enumeration, gathering services running on the host and googling for something like "product-name 1.0.0 exploit". so basically just google the service your found, the version if you could find it, and the word exploit at the end. some of the time you might need to add rce or path traversal depending on what you're looking at. Honestly, there are a lot of things I look for during enumeration. You can watch some of the proving grounds play labs I did. That might help you see how I move through machines a lot of the time. TLDR; nmap scans with -sC -sV, scan udp and tcp, google found services and version with exploit at the end, attempt brute forcing services if you haven't found anything else, and while bruteforcing go back to enumeration and scanning incase you missed a service running on the host, look for robots.txt, .git directories, and other hidden files when doing directory fuzzing with tools like dirsearch, gobuster, or feroxbuster. Use several scanning tools. Once you've on the machine, what you should look for depends on operating system. I still exclusively use my notes from the Practical Ethical Hacker from TCM Security. Actually, almost 100% of my notes have come from that course. If you can go through their linux privilege escalation and windows privilege escalation courses that is a bonus. Additionally, if you join Tib3rius on twitch you might be able to win one of his courses through marble races. His privilege esclation courses give you a wonderful place to start for windows and linux enumeration/exploitation. Hopefully this wasn't more than you were looking for.

  • @glodydipanga
    @glodydipanga Місяць тому

    Me too I fail twice now I'm prepared for next one again don't be disappointed for your fail, failure it's just a lesson

  • @sathvik-R
    @sathvik-R Місяць тому

    You can watch yt videos during the exam as far as I know.Failed twice now,waiting to retake in coming months.Thanks for the video.All the best for your next attempt.❤

    • @noxlumens
      @noxlumens Місяць тому

      Thank you! I was super unsure about that so I just didn't. I didn't do a lot of things because I didn't want to be penalized. I did just stand up a server at home and tested the attack vector I faced on the AD set and I was a single command from administrator so I REALLY choked there. lol. Good luckon number 3! Hey, how much did it cost? I googled it but couldn't really get a definitive answer on pricing. And when I go to purchase again I'm seeing the full cost of an exam and training. How do you get the retake price without having to pay for training again?

    • @sathvik-R
      @sathvik-R Місяць тому

      @@noxlumensIf you got the email of your result.The offsec site and cart will be updated where you can add the retake voucher for 250$ and pay for it.

    • @noxlumens
      @noxlumens Місяць тому

      oh dude , thank you! I just turned in the report yesterday so hopefully I'll see an email from them before too long. Do they happen to give you any feedback on what you missed or should have looked for or....I sent my steps up to where I had managed to get on the domain network so I'm kind of wondering if they'll give me a tip/hint/comment on what I could have done with what I found.

  • @unmuktyatree8200
    @unmuktyatree8200 2 місяці тому

    nice voice and temperament ...

  • @arthurcortesrezende2669
    @arthurcortesrezende2669 2 місяці тому

    great explanation about the priv esc

    • @noxlumens
      @noxlumens 2 місяці тому

      Thank you! I’ll get back to more machines and probably showing off different attack types before too long. I’ve paid for the OSCP finally so I’m fully focused on going through their lessons every chance I get. I have been feeing like I need a break though so moving back to setting up labs and showing off other attack types could be a lot of fun. Or even a few more TJ nulls machines.

  • @can-do_curran
    @can-do_curran 4 місяці тому

    got a dumb question -- never used obsidian before...are you using obsidian on your kali vm & then syncing to your local machine during exam time? is there a benefit to running both?

    • @noxlumens
      @noxlumens 4 місяці тому

      I’m only using obsidian on my kali vm during exams or while I’m doing ctfs. When I get ready to write any reports I’ll zip the directory and transfer it to my host machine where I can open the folder as a vault that has all of my findings, pictures, proofs, scripts, scans, etc. If you want something that easily transfers I think notion might work. I don’t use it but I’ve seen people that do use it and you sign into it with all of your notes synced to their servers. Obsidian is a pretty wonderful tool and I only use its basic features for note taking. I know there are some great tutorials out there that go into detail about all of its features.

    • @ryanc6620
      @ryanc6620 4 місяці тому

      got it, makes sense. I've used notion as well, currently using oneNote, but obsidian has some rad features that might be helpful during the oscp exam and report building. Thanks a bunch!

    • @noxlumens
      @noxlumens 4 місяці тому

      @ryanc6620 lol. Dude! I was using OneNote too. Obsidian is very nice except it doesn’t sync or I’m not using the sync feature if it does offer that as a feature.

  • @ArvindJuneja
    @ArvindJuneja 4 місяці тому

    Like your terminal coloring, can you share the theme?

    • @noxlumens
      @noxlumens 4 місяці тому

      This is why I’m using these days. Terminal colors are a work in progress. The Font is Hack Bold 16px This is the top row of the color palette: coolors.co/000000-c01c28-f8e45c-e01b24-ff7800-e01b24-e01b24-34ff03 This is the bottom row: coolors.co/31fbb6-c01c28-5100ff-6100ff-64ffed-e01b24-34ff03-34ff03 The forground is #01FA9A The background is #000000 Show bold text in bright colors is selected

  • @mrezio1320
    @mrezio1320 4 місяці тому

    instead of using "cat/more" on the string, u can use "string core."$PID", will make it more readable :)

    • @noxlumens
      @noxlumens 4 місяці тому

      Agh! You have a point. It probably would have been a lot easier to read if I only pulled out the strings. lol.

  • @chetansingh4580
    @chetansingh4580 5 місяців тому

    good video, calm and no bullshit, but a tip, make videos a little fast.

    • @noxlumens
      @noxlumens 5 місяців тому

      You're not wrong. I could have sped up what I was trying to show. I like that and when I do more how to's (if I do) I'll plan them better so there's less bs in between information or no down time idealy. Thank you @chetansingh4580

  • @Claymore403
    @Claymore403 5 місяців тому

    Just wanted to point out that I had an issue with the images. For some reason when I copied the images they always were huge and even when trying to play with the settings nothing could fix it. I managed to find a solution by turning off the "maximize media". Perhaps this info can be useful for someone else !

    • @noxlumens
      @noxlumens 5 місяців тому

      I’ll pin your comment in case anyone else runs into the same problem

  • @Claymore403
    @Claymore403 5 місяців тому

    Thank you so much <3

  • @Claymore403
    @Claymore403 5 місяців тому

    Beautiful videos ! Any chances you would make a quick tutorial on how to download and use the Obsidian you use for taking notes ? Cause it's really nice !

    • @noxlumens
      @noxlumens 5 місяців тому

      Hey @Claymorr403! I will definitely get a video out shortly on my Obsidian setup, from how I install it to configuring it. There are a lot of features I don’t use in Obsidian but I can show off the settings I do use.

    • @noxlumens
      @noxlumens 5 місяців тому

      Here's the tutorial on how I set it up on my end. ua-cam.com/video/A291VMrgGoc/v-deo.html

    • @Claymore403
      @Claymore403 5 місяців тому

      @@noxlumens I love you man !

  • @subluu
    @subluu 6 місяців тому

    Awesome video bro, love the full walkthrough of every aspect. Genuinely learned something from this .

    • @noxlumens
      @noxlumens 5 місяців тому

      Thank you @subluu! I’ll probably be taking a slight pause because I’m taking a detour through TCM security’s new web application certification then back to OSCP. I’ll probably end up finding more web app boxes so I can practice what I’m learning

    • @subluu
      @subluu 5 місяців тому

      @@noxlumens sounds good brother! I’ve been looking to get good better with web app, so looking forward to the videos!

  • @snehbavarva8383
    @snehbavarva8383 6 місяців тому

    dude you do this box first time when you record or you do it earlier and then do it 2nd time when you record?

    • @noxlumens
      @noxlumens 6 місяців тому

      That’s a good question. Algernon was one I had done several weeks ago, forgotten about, and revisited for the recording but it depends on the video. Some are done as I’m recording, others I’ve done before. There are a few where I’ve done them while recording and speed up the parts where I’m just researching. I think it’s good to go back through boxes and practice the exploits several time. If you aren’t already looking at write ups after you finish a machine you should do that as well. The next 2 videos coming up will be machines that I had done some time in the past and am revisiting them for the OSCP practice playlist. My intention is to record all of the machines on the TJ Nulls OSCP Prep list.

  • @Gelimarr
    @Gelimarr 6 місяців тому

    Good job

    • @noxlumens
      @noxlumens 6 місяців тому

      Thank you, @takatoekoe

  • @sakyb7
    @sakyb7 6 місяців тому

    good job… Post something related to Active Directory

    • @noxlumens
      @noxlumens 6 місяців тому

      What kind of topics did you have in mind?

    • @sakyb7
      @sakyb7 6 місяців тому

      @@noxlumens solving oscp level active directory box

    • @noxlumens
      @noxlumens 6 місяців тому

      @sakyb7 Oh I see. I have a lot of windows machines that I’ve done. I’ll be doing many more shortly. I’m going to work all the way through the TJ Nulls OSCP prep list. I’m currently in the last section “proving grounds practice” I’m behind on videos but I’ll have at least 10 more windows machines coming out before I’m done with the list. Right now I’ll be alternating back and forth between Linux and windows machines to make sure I don’t get too familiar with one over the other. I’ll definitely be doing more AD machines though. :)

    • @sakyb7
      @sakyb7 6 місяців тому

      @@noxlumens that looks good 👍🏻

  • @siddhanttambe4066
    @siddhanttambe4066 6 місяців тому

    I would have highly appreciated the manual way to extract data out of MariaDB

    • @noxlumens
      @noxlumens 6 місяців тому

      I can understand that. If there are more boxes in the future that include manual exploitation I’ll go that route. Thanks for the feedback. I can agree manually exploiting can be beneficial so you know what is actually going on.

  • @subluu
    @subluu 6 місяців тому

    Great video brother, keep up the good work my man! 💪🏽

    • @noxlumens
      @noxlumens 6 місяців тому

      Yooo! I freaking appreciate you! Thank you!

  • @Zachsnotboard
    @Zachsnotboard 6 місяців тому

    Dumb question but why do you keep adding things to the etc file ?

    • @noxlumens
      @noxlumens 6 місяців тому

      I don't think that's a dumb question. I'm putting the computer and domain name into my /etc/hosts file because it maps the IP addresses to hostnames. It's also partially habit. If we map it and run nmap again we have the potential to get more results. If there were a webserver running on this machine it might redirect us from the IP to the hostname and since our computer doesn't know where the hostname is it wouldn't return. It also makes it so we can enumerate subdomain if we needed to fuzz for them. Because it's a domain controller I wouldn't expect to see a web server running on it but if this were another box we might. But we're adding it because there's no DNS server to tell our computer where DC01.blackfield.htb is, so we can map it manually to our /etc/hosts file.

    • @Zachsnotboard
      @Zachsnotboard 6 місяців тому

      @@noxlumens ah ok that makes sense, thank you for detailed explanation

  • @shKiev
    @shKiev 7 місяців тому

    thanks man!

    • @noxlumens
      @noxlumens 7 місяців тому

      Thank you. For watching and commenting. :)

  • @B1G_LIL
    @B1G_LIL 7 місяців тому

    How do you install obsidian on kali ?

    • @noxlumens
      @noxlumens 7 місяців тому

      I use their appimage, get an image for the icon, and add it to my taskbar.

  • @ambidiestr0
    @ambidiestr0 7 місяців тому

    oh yeah! keep it coming !

    • @noxlumens
      @noxlumens 5 місяців тому

      I'm working on a TCM Web App exam this week so there probably won't be another one coming out BUT as soon as I'm done with this I'm going to keep on the TJ Nulls list! Woo!

  • @Certa6
    @Certa6 7 місяців тому

    Hi, I'm working as an Air Force CERT in 🇰🇷 South Korea. And I'm a UA-camr who uploads a full video of the same lab machine as you, THM, HTB. I recently found your video, and I think it's very nice! I think you're a UA-camr looking forward to it.

    • @noxlumens
      @noxlumens 7 місяців тому

      Hey @Certa6! I watched a couple of your videos. I really like the up beat music you have playing. It gives a good vibe while watching your attack methods. I'm glad you like what I've been putting out too. I really appreciate you taking the time to comment too. :) The military is a great way to step into a long time cyber career. I bet you're going to get to do some really exciting things in the Air Force. I know several people that have transitioned to a penetration tester or red team operator role after leaving the military.

    • @ambidiestr0
      @ambidiestr0 7 місяців тому

      subscribed ! nice music.. from where you get it?

    • @Certa6
      @Certa6 7 місяців тому

      @@ambidiestr0 are you asking me?

    • @ambidiestr0
      @ambidiestr0 7 місяців тому

      @@Certa6 yeap

    • @Certa6
      @Certa6 7 місяців тому

      @@ambidiestr0 I search UA-cam for music of the genre I want

  • @subluu
    @subluu 7 місяців тому

    Good stuff brother, keep up the good work. I’m trying to get into documentation of the boxes I do as well, genuinely learned something from this!

    • @noxlumens
      @noxlumens 7 місяців тому

      @subluu! Thank you! Documenting is incredibly important. When I was going through the PJPT, PJWT, and PNPT I had extensive notes and they can come in clutch when you no longer have access to the machines and are writing a report. Screenshots are HUGE! I'm glad you learned something from DriftingBlue6 too. These little steps we take with each new box and each new note we collect brings us that much closer to the cyber job we want. :) I appreciate you reaching back out to me too. If you've ever thought about streaming or making videos, I can tell you that the information starts to REALLY stick when you're going through and explaining an attack path, exploit, concept, or methodology in a video.

    • @subluu
      @subluu 7 місяців тому

      @@noxlumens yessir! I’m glad we can grow as a community, we’re all in the same boat brother any way we can help each other out through the journey is priceless! I appreciate the advice my man!

  • @noxlumens
    @noxlumens 7 місяців тому

    I didn't realize I screwed up the video by adding in the fist 17 minutes twice! Excellent. Good thing UA-cam has a way to edit once it's been uploaded

  • @Godl_Damon
    @Godl_Damon 7 місяців тому

    Very nice keep continuing this work, amazing content with proper explanation..

    • @noxlumens
      @noxlumens 7 місяців тому

      Oh dude! Thank you. If you watch any videos and I get it wrong call me out so can make sure I’m correcting my mistakes.

  • @ambidiestr0
    @ambidiestr0 7 місяців тому

    Yo! nice sh!* as usual... very helpful ... see ya in the next one !

    • @noxlumens
      @noxlumens 7 місяців тому

      Dude, Ambi, Thank you! You're awesome. I appreciate you leaving such a nice comment. Gotta keep practicing for this OSCP. Are you studying for anything or doing CTFs for fun?

    • @ambidiestr0
      @ambidiestr0 7 місяців тому

      @@noxlumens Yo! Thanks for texting back! Me? Well on my journey to OSCP, OSWA, Infinity & Beyond but way behind you dude😅

    • @noxlumens
      @noxlumens 7 місяців тому

      @@ambidiestr0 Oh hell yes! I doubt you're as far behind me as you think. A lot of what I know and use is thanks to TCM Security's PNPT courses. That's the 'practical ethical hacker' and linux/windows escalation courses. If you go through them, take good notes and refer back to them often until you start to know the information. Every time you go through a new machine, take notes on the machine. I've gone back to CTFs I've done to help me get through real world situations plenty of times. The scenarios we see in CTFs aren't always realistic but the skills we learn 100% come in handy. I also use Alh4zr3d, 0xdf, Ippsec, Tyler Ramsbey, and more for learning and motivation. I'm in several of those discords if you want to join up. Tyler has an excellent discord for learning. A lot of free coaching and very helpful people.

    • @ambidiestr0
      @ambidiestr0 7 місяців тому

      @@noxlumens I did some TCM courses (python & rust) and was nice but nothing to special so I didn’t check others… after what ur saying will do for sure. Our list of resources it’s pretty much the same. Few months back I switched to arm and had to admit I had been lost on arm64 rabbit holes for a while 🙃. Will be nice to join those discord groups for sure!

    • @noxlumens
      @noxlumens 7 місяців тому

      @@ambidiestr0 I think the programming courses were to teach you the parts of the languages if I'm remmebering right, the PEH and escalation courses have you set up a lab and run through hackthebox boxes after you learn some exploitation methods. For me a lot of it came down to how much extra work you wanted to put into learning what they were showing. I think I'd still recommend those courses. They definitely give you a good guide of things to check when you're on linx and windows and give you a nice environment to test various attacks on. It's a good jumping off point for different attack like ADCS attacks. I've been looking at the GOAD environment too and might end up setting that up.

  • @1a4s4l7
    @1a4s4l7 7 місяців тому

    Great content

  • @WithSecurityInMind
    @WithSecurityInMind 7 місяців тому

    This dude holds the IT department on his back > Service Desk, Jr. Network Engineer, Security Assessments and the Phishing campaigns, get this man a raise and don't take him off of phishing assessments. That one phishing test may have said your company millions of dollars. Improve your Cybersecurity training instead!

    • @noxlumens
      @noxlumens 7 місяців тому

      Hey @WithSecurityInMind! I ended up making a video that shows off some of the emails that I’ve created and have worked during the simulated phishing campaigns. Luckily, they’ve had me start creating emails again because we’ve seen some unwanted behavior with our users and to make my life a little easier I’ve started to trial a software add-on for Knowbe4, called PhishER. (Not a sponsor) If you’re looking into a solution for training I would recommend Knowbe4. I’m enjoying PhishER the last couple of days as well. It really seems to make reviewing reported emails a lot easier. I want to agree with you and tell them to give me raise but they’re not in the position to create a security role from what I’ve been told by my IT Director. I’m currently looking for cyber security jobs, specifically penetration tester, red team engineer, and SOC analyst. If anyone happens to see this I’m able to move anywhere in the U.S. 😉 I want to say thank you for watching the whole video, I actually had to go back and watch it to remember what all I mentioned. I’m impressed you made it through all of my rambling.

  • @skriptak6308
    @skriptak6308 8 місяців тому

    Your videos are great dude keep it up

    • @noxlumens
      @noxlumens 8 місяців тому

      Hey @skriptak6308! Thank you! In the later videos I’ve changed a few things so hopefully the dark text is easier to read in the videos. Going back and forth between videos as I go through boxes and already completed machines. Eventually I hope to be more helpful and give updates and information about the field, exploits, and one day what it finally took to get into a penetration testing role from a Support role. It’s comments like yours that help me to keep pushing through though! Thank you!

  • @GramsBlood
    @GramsBlood 8 місяців тому

    I just download Obsidian on my Kali, question how did you get it to show up in the application. I can only get it to work through the command line. I am trying to take notes similar to the way you are doing it.

    • @noxlumens
      @noxlumens 8 місяців тому

      When I get to my computer today I’ll see if I can find or make instructions on exactly how I run it instead of using the command line.

    • @noxlumens
      @noxlumens 8 місяців тому

      To get it to appear in my bar at the top I did the following: Right click on a blank area in the taskbar > click panel > panel preferences > items > "+Add" > Launcher > "+Add" or double click on launcher > close that window until you're back at the panel preferences window and double click or open up the new launcher icon you created > click the "+" > search for obsidian. if you cant find obsidian you should be able to add "run program" then set the command to your obsidian program for instance mine would be /opt/obsidian/obsidian and name the program obsidian then you can set the Icon to an obsidian icon. you can also "sudo apt install obsidian" that might make it easier to locate when you're trying to add it to your taskbar or search for it in your application list if you didnt install it that way. I hope this helps.

    • @GramsBlood
      @GramsBlood 8 місяців тому

      @@noxlumens thank you 👍🏾 really appreciate it and I watched most of your video too. Providing valid content.

    • @noxlumens
      @noxlumens 8 місяців тому

      @@GramsBlood You're welcome and thank you. I hope it's helpful for some people and if they have questions I'm able to answer I hope they ask in the comments. At least if I'm not able to answer someone else might come along and answer it for them. I've heard a few times that there's always someone that wants to be where you or they are just starting their journey. If I can show my own process or make the tools I use known or use them in a way that's different or useful then I will. In my earlier videos I would perform the same function or attack with multiple tools to show that there's more than one way to perform an attack if you are missing or are more familiar with another tool. I think I need to get back to that. It'll probably be after these proving grounds practice boxes though because they all seem to use a kernel exploit to escalate privileges.

    • @GramsBlood
      @GramsBlood 8 місяців тому

      @@noxlumens Yeah I am just starting to get back in the grove due to the fact I had to take some time away due to my job. The way you attack the box is easy to understand and replicate if need be. P.S I just finish added all my icon thank to you.

  • @wolfk.l.5582
    @wolfk.l.5582 8 місяців тому

    First time im seeing someone recommend a hard htb box to prep for the oscp. Interesting...

    • @noxlumens
      @noxlumens 8 місяців тому

      Here’s the list I’m following if you’re wondering. There are actually a few hard boxes in there. It does seem like most of the hard rated boxes are hard because they require manual sql injection or there’s one single piece from the machines that is oscp like. I don’t think we’ll be reverse engineering to get stored credentials but then again I haven’t taken it just yet so maybe that is a part of OSCP docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview# I’m down to Proving Grounds play. I haven’t been enjoying those and it’s almost hard to find the lessons in them but I seem to be finding they tend to have an exploit that has a metasploit module but also a way to manually perform the attack. SQL injection that can’t be done with sqlmap, or some kind of code review. That’s what I’ve noticed so far. Im trying to take the lessons from each box and not the rating so much. Think of each stage as its own attack and I think that’s why this person recommends them as OSCP-like machines.

    • @wolfk.l.5582
      @wolfk.l.5582 8 місяців тому

      @noxlumens good point! I think I just have heard too many people say the typical "htb hard boxes are far harder than the oscp" and that probably skewed my memory or something lol. I did most of TJ NL a year ago but forgot there were hard ones in there lol. I hope you have fun doing the test like I did (I loved it). I'm sure you will do great on it. :)

    • @noxlumens
      @noxlumens 8 місяців тому

      @wolfk.l.5582 oh hell! Congrats on the pass! I bet it’ll be fun and nerve wracking at the same time. I will say the proving grounds machines have a whole different feel from the hackthebox machines. I’ve seen several people saying they would have spent more time using proving grounds practice and ply for practice since offsec makes those specifically.

    • @wolfk.l.5582
      @wolfk.l.5582 8 місяців тому

      @noxlumens thanks man! Yeah those help. However, the most valuable machines for me personally were the labs and mocks in offsec and the htb Dante prolab. Those were all extremely great material to learn from.

  • @noxlumens
    @noxlumens 8 місяців тому

    Thank you for watching. Did you find any part helpful or worth looking into or have any questions?

  • @the_sandman00
    @the_sandman00 8 місяців тому

    28:00 I was screaming the username, the username 😂

    • @noxlumens
      @noxlumens 8 місяців тому

      LMAO. Sorry. :) I can't not see the mispelling now. but it was a good lesson at the same time, right?

    • @the_sandman00
      @the_sandman00 8 місяців тому

      @@noxlumens exactly. Thanks for the video man

  • @m3rky240
    @m3rky240 8 місяців тому

    Already at 200+ subs keep it up 🫡

    • @noxlumens
      @noxlumens 8 місяців тому

      Thank you! It's true! There are more people interested in CTF, hacking, pentesting, cyber security, etc than I expected. I started this channel because I though it might be helpful while I'm applying for jobs to show an employer I can do the job or will learn how to do the job. But it looks like people are more interested that I thought.

  • @izotovdan
    @izotovdan 8 місяців тому

    Hey , I wanted to ask how do you link your enumeration to obsidian.

    • @noxlumens
      @noxlumens 8 місяців тому

      To save nmap into obsidian I output my rustscan or nmap scan to the my obsidian vault directory and call it file.md As long as you have .md after the output file name obsidian will be able to read it since it looks for markdown files.

    • @izotovdan
      @izotovdan 8 місяців тому

      @@noxlumens <3 ty

  • @AyeAuZz
    @AyeAuZz 8 місяців тому

    GG

    • @noxlumens
      @noxlumens 8 місяців тому

      If it’s a good GG. Thank you! If it’s a bad gg let me know what I messed up? I’m always looking to improve. 🙂

    • @AyeAuZz
      @AyeAuZz 8 місяців тому

      Good for sure! Loving these :) @@noxlumens

    • @noxlumens
      @noxlumens 6 місяців тому

      Thank you @AuZZiExHD, you comment got stuck in 'held for review' for some reason. Sorry I didn't see it sooner. :)

  • @Gelimarr
    @Gelimarr 9 місяців тому

    Why do you prefer rustscan instead of nmap

    • @noxlumens
      @noxlumens 9 місяців тому

      Rustscan is faster. I haven’t tested it but it outputs the open ports a lot quicker. Down side to rustscan is it doesn’t scan udp ports so you’ll have to use nmap for that if you end up needing to.

  • @Gelimarr
    @Gelimarr 9 місяців тому

    How does the info automatically transfers over to obsidian?

    • @noxlumens
      @noxlumens 9 місяців тому

      Obsidian looks for the markdown file type so I output to nmap format and call the file nmap[.]md but you could use any variation as long as you append .md to your file. I use -oN nmap[.]md

  • @Gelimarr
    @Gelimarr 9 місяців тому

    To gain this information, did you start at TryhackMe or which course did you follow

  • @smndr2268
    @smndr2268 9 місяців тому

    The terminal font and style were a bit dim couldn't read the type commands, Please change it if u have no issue with that's.

    • @noxlumens
      @noxlumens 9 місяців тому

      Is it the dark purple in the terminal on '-la' type commands in the terminal window? If it's in sublime I can definitely change it, and If it's obsidian I'm sure I can fiddle with the CSS on the template. Also thank you for the feedback. I definitely want the text to be visible.

    • @skriptak6308
      @skriptak6308 8 місяців тому

      Same great video though..but hard to read

    • @noxlumens
      @noxlumens 8 місяців тому

      @@skriptak6308 I've updated my terminal so in future videos it should be easier to read also thank you.