My Hacking Methodology for OSCP
Вставка
- Опубліковано 22 чер 2024
- In this Video, I will show you my methodology when hacking as I go through a Proving Grounds Box called Pelican.
The main Focus is on my Methodology, how I take notes using a very nice tool called Obsidian.
I hope you enjoy!
Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated
If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming.
You can join with this link:
referral.hackthebox.com/mz2rqum
====================================================================
Welcome! Introduction and Overview - 00:00
Beginning of Enumeration -1:38
Autorecon - 2:00
Sublime Ansi cleanup - 4:09
Enumeration: Analysing Autorecon output - 8:26
Port for port manual enumeration - 12:57
SSH-audit - 13:46
Enumerating SMB - 15:13
Unknown Ports - 17:19
Investigating HTTP - 18:23
Discovering Exhibitor for Zookeeper - 23:53
Searching For exploits - 25:18
Exploitation Attempt - 27:20
Initial Foothold - 30:33
Route to privilege Escalation - 31:25
Interatctive Shell - 31:46
Linpeas.sh - 38:21
GTFObins - 43:28
Escalating Privileges - 44:44
Root! - 49:08
Music:
Ghostwriter (Remix) - RJD2
Link:
• Rjd2 - Ghostwriter - Наука та технологія
![Hacking Active [HackTheBox Walkthrough]](http://i.ytimg.com/vi/hO0-h5pkmxM/mqdefault.jpg)
![Hacking Active [HackTheBox Walkthrough]](/img/tr.png)
NOTE: Sorry for the high sound volume, this is the first video I've ever uploaded. I hadn't yet figured out my settings while editing, just overlayed music😅 Its better in all videos hereafter !
I only found your videos a few days ago and am really impressed with you whole process… I love how methodical you are in your approach and have definitely taken some notes to improve my own process. Keep up the great work I am glad to be in on this channel from the ground floor as you are going to the moon once people start to notice how great this content is
Jesus I cannot get enough of these amazing comments! Thank you so much for the kind words. I'm glad to have you aboard for the ride. I'm glad you've been able to get something out of my content. There's much much more yet to come! Again, thank you so much!
Just started my red team journey. Primarily focused on blue but doing some red (PEH) to try and get some basic knowledge in. This was insane to follow, methodology like this kept me hooked.
Glad you liked the content, thank you very much! Red teaming is incredibly advanced, dont underestimate the quest. But if you grind non stop for the next 2-3 years, you can get there if you are starting from PEH. Good luck, on your journey! Stay tuned for more content 💪🏽
Getting into cyber security this channel will be of value and knowledge
I'm very very happy to hear that, stick around and we'll learn together 💪🏽 Welcome to the industry and good luck on your journey!
Congrats on your first video, Jimmy! Well done. Looking forward to seeing more of you. 🙌
Thank you very much Juma! I'll make sure to provide useful content for all!
Great quality videos man and i love these methodology videos. Cant wait for more from you, subbed!
Very much appreciated man! Thank you for the support, glad you liked it!
Amazing video walkthrough. I love how methodical and clear you are. I learned so much in this one video. Thank you!
Thank you so much! Glad you liked the video. I am still also learning but getting better every day!
I've been binge watching your videos, and i've come to the conclusion that you should continue with these videos, but also making teaching videos (tutorials) because you do have the expertise. And also establish a consistent thumbnail template, and lower the volume of the music in the background (check the music and vide volume difference when editing). I really enjoyed all of your videos, and found them breathtaking 👍🏼😎
Duly noted! Wow, thank you so much for the kind words! I am 100% going to continue with the videos, having too much fun with it to stop! As for tutorials, I'll see what I can do.. Again thank you so much for the kind words!
The music volume issue is fixed in the newer videos!😉
Good stuff! Love how you explain your process. This is really helpful.
Glad to hear it!
The first of many!
Yes sir! Definitely a fun undertaking! Let's see how it goes.
Cheers dude, this pretty neat! You have my sub for now! I'm trilled about what i can learn from you sir!! Looking forward to the next eps!
Might a tip: make a list of the tools your usauly have in your "tool-box" and wich one your using for what process. Like for sample: What is Tmux? and where do you use it for? (its a example) But u doing a great job of your way of teaching cheers!
Oowh ps would you share your map tree structure with us? i Would love to use and try it myself!
there is a setup video on my channel where those things are explained! Welcome friend, appreciate the support!
I'm sorry I don't know what you mean by map tree structure
There's an ANSI plugin for Sublime Text if you want to view the colors
AAAAAAAAAAAAAAAH Are you serious ?! Why in the world have I never thought to look for that... Much appreciated.. On it .
DONE! Thank YOU !
Nice Video man, keep up the good work 👍🏻
Arigato!
this was great!!!! thank you so much
You're so welcome, glad you liked it! Thank you for the comment!
great note taking technique right there
Thank you very much! It's taken time to refine and flesh out, but It's starting to become automatic and efficient. Thank you for checking out my content !
Thank you for the video. It was really helpful. Will recommend this video to people on discord.
Please do, that helps! Thank you so much for the support, very much appreciated!
Well done, Jimmy
Much appreciated!
Love your setup! Stole a couple of your aliases. Would you mind sharing how you export your notes to obsidian?
Thanks a lot! Yes the aliases are great indeed, I have soo so many of them for everything. I am working on a video about my setup as we speak. Might get done with the editing tonight even. Stay tuned for that! Thank you for the support!
Congrats on the first video my mann
Background music was a touch loud for me but throughly enjoyed watching it, you're a natural
Thank you for the suggestion, will make sure to adapt it for the next one! Appreciate it!
Very helpful thanks a lot
Glad it helped! Thank you for checking out my video!
Slow to the party here, but congrats on the first video - great walkthrough and brilliant insight into such a structured methodology. Looking forward to watching the rest of the playlist now!
How did you get Autorecon to run on Parrot OS? I have no issues installing on Kali, but Parrot seems to have issues.
Thank you for the nice comment. It's pretty easy to install. I think im gonna have to do a blank parrot install and tool setup video soon! Ive been on a bit of a break, but will be back and kicking starting next week!
It seems to be because apt can't find feroxbuster to install for ARM64 (Mac M1 host), and that's a dependency for autorecon. Still weird it works fine on Kali on the same ARM host. I'm sure there's some simple explanation I'll kick myself for in the near future...
@timrees786 yea, im out when it comes to anything MAC. Can't help you there!
nice video bro
Thank you very much, thanks for checking out my page!
Really this video is amazing and I figured out where should I have to improve myself. Thanks a lot man :)
and I want to know that will this types of machines will come in actual exam? I mean I know that this is way more easy but still can you compare the level of exam with this machine?
I'm glad this helped, thank you for your comment.
So the machine itself is way too easy in comparison to oscp. But this was on the proving platform, which is the official Offsec platform. However, the point of doing this machine was a lot more to show the methodology than the techniques. To answer your question, this machine is too easy and wont come like that in the exam.
@@ByteSizedSecreally thanks for the replying man :)
I know there's tj null list and everythig but still can you tell me which is OSCP like machine? whenever I asked people to just give reference they never taken the thing seriously. People made OSCP name so hard and personally I believe that it's easy thing. but for reference I just need to know for better understanding that which machine is like OSCP so I can practice my mindset like that. :)
I'd probably take a loot at the offsec practice labs in that case@@snehbavarva8383
Hi man!
Great stuff! Do you mind sharing the syntax of your aliases?
In my setup video I explain how to do aliases, but I won't be sharing all of mine. Throughout all my videos, you will get a good feel for which ones I use though!
Thank you for the support tho, much appreciated !
@@ByteSizedSecno worries man, respect that. Keep up with the content!
I really like your video, but for future videos, could you not add any music? It makes it difficult to those of us that do not speak English as our native language.
Hey thank you very much for the comment. This was the first video. And the settings weren't right. The music was way too loud. It's fixed in the next videos.
How do you get your AutoRecon output to list like that. (Right side of screen when taking notes).
Hey, thank you for checking out my content! I open it with sublime text. AutoRecon automatically creates an output folder where everything is saved. I then open that folder using sublime text
What app do you use for your screenshot?
Im glad you ask, cus I now use a new one! It's called Flameshot
which theme do your use in obsidian?
Obsidian Nord
Great job with this!🥰 Subscribing. Would you do a clip on how to approach top 50 common ports as you did what ssh, http, smb etc ? big ask but if you don't ask you don't get eh!? . respect!
Thank you very much! Great idea, I could do that, 50 might be a bit much but I can see what I can do!
Maybe done in chapters. Whatever you do, I will be tuning in. thank you !
Thank you for that!@@JohnSmith-wz7he
The way you suspend your rev shell at ua-cam.com/video/FrYljC56CTs/v-deo.htmlsi=-BJ5sUTKnJwI-N-M&t=2020 and jump back to it a few seconds later. Is the out of the box in NC, or do you have to add anything to the syntax?
If you press 'CTRL+Z' while in tmux, you automatically send it (the current process) to the background and land into a normal bash shell. If you then press 'fg', you automatically bring the backgrounded process back to the foreground, in this case, tmux. All of this is standard out the box shell syntax
@@ByteSizedSeccool, I’ll try it out
why are you playing music so loud over this
It's the first video, I hadn't fully figured out the settings yet unfortunately..
@@ByteSizedSec alright cool, I learned a lot thanks
Glad you did! Stay tuned for more, appreciate your support!
@@ByteSizedSec Great stuff brother, I appreciate you taking the time to produce content for us! Just drop the music 😅
@@MeshTheOne it was the first video😅 its fixed in all videos after this one