HackTheBox Battlegrounds - Server Siege (Practice Mode)
Вставка
- Опубліковано 20 лип 2024
- Wanna to watch me fail to gain a foothold on two @HackTheBox battlegrounds machines? Well, you're in luck! In this video, I compete in 2 practice games of battlegrounds server siege mode. Unfortunately, I didn't get a shell in either of the 15 minute matches but hopefully showing my real-time thought process and initial impressions of the competitive hacking mode will still be helpful to some people. If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #Battlegrounds #ServerSiege #CTF #Pentesting #OffSec
Sign up for HackTheBox: hacktheboxltd.sjv.io/xk75Yk
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
UA-cam: / cryptocat23
Twitch: / cryptocat23
↢HackTheBox↣
affiliate.hackthebox.com/cryp...
/ hackthebox_eu
/ discord
↢Video-Specific Resources↣
help.hackthebox.com/en/articl...
• Cyber Mayhem Blue Team...
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
Start: 0:00
What is Battlegrounds: 0:49
First Game: 5:08
Second Game: 23:44
End: 37:43 - Наука та технологія
This was great. I love your usual content but it's kinda filed under "studying" content rather than "entertainment" content in my brain lol. But with this the stress of the time limit made it very entertaining while still being educational. I'd love to see more stuff like this!
Thanks mate, I'll bare that in mind 🙂
great video. really love the way you explain things is just so thorough and detailed. i also liked the fact the you dont cut out parts where you made a mistakes.
Thank you!! 🥰
Great content! somehow i got butterflies in my stomach by just watching you racing for the first game lol. Keep up the good work :)
thanks mate! 🥰
i've been wanting to try one of these and this gave me some good insight! thanks for making this video
I had been meaning to check it out for ages myself. Glad I did, really cool mode!
great vid ! definitely do more of these !
Thanks mate 💜
Love the Battlegrounds series!
🙏🥰
Would love to see a similar video on Cyber Mayhem! Also I would focus less on automating enumeration here as the time limit is very constraining so I would mostly rely on gobuster/nmap and then manually enumerate everything else, that's just me though :) good stuff all around
Thanks mate! I'll try and do one for Cyber Mayhem at some point, I need to brush up my [non-existent] defence skills a little first 😅 Good tip, I actually just launched Tib3rius's AutoRecon for the last few games yesterday and focused more on manual enumeration. The time limit really adds pressure and I end up wasting time with indecisiveness 😆 Good practice though, I like it!
It would be super cool if you could do some Cyber Mayhem, also great video by the way ;)
Thanks! Gonna be busy for a few weeks but I'll definitely try and get round to it 🙂
More!
Love your explanations man, did you say you'll do a series on portswigger web app pentesting?
Thanks mate! I make videos for Portswigger's WebSecAcademy on the intigriti channel: ua-cam.com/play/PLmqenIp2RQciV955S2rqGAn2UOrR2NX-v.html
Planning to cover their gin 'n juice shop on this channel soon as well 🙂
@@_CryptoCat awesome, will sure check them out. Thanks so much for what you are doing for us not so great hackers lol.
Great video! I’m new to pen test and I have a quick question. I see you use gobuster. Would you recommend it over dirbuster? Regards from Spain!
Good question! I generally use gobuster at the start but it's not recursive so if the website is big I might switch to ffuf (which has a recursive mode) or, more commonly, to dirbuster as I like the tree structure UI 🙂
@@_CryptoCat thank you! I appreciate the help :)
Hello Mr. Cat,
Why did you filter out all subdomains with size 13669?
Hey, good question! When you are trying to find subdomains (or webpages, credentials etc) with ffuf, you want to filter out the invalid responses, e.g. if the subdomain exists, it should have a different content-length than a non-existing subdomain. In some cases, the valid/invalid responses will have exactly the same content-length, in which case we would filter by something else, e.g. the response code or some string the in the response such as "invalid" or "success" 🙂
@@_CryptoCat Thank you friend, it's the accumulation of little details like that which make people experts in their craft. Keep up the good work
@@Getsbuffer 🙏🥰
Please do a cyber mayhem when you have time
Will do!
do you have a github, with your scripts ?
Yes! github.com/Crypto-Cat/CTF
It would be nice if you can do some boxes without cutting the video to be able to understand your thinking process.
Retired boxes? I'm going to do one soon hopefully with a focus on my notetaking process and some tips and tricks for Obsidian. Might do some more Battlegrounds videos first though 🤔
Hey why do you try owasp juice shop its like dvwa but more advance
Thanks for the recommendation! I have thought about doing juice shop in the past, time has always been the main issue. I've been doing some Web Security Academy videos over on the Intigriti channel so maybe I'll do some juice shop content there after 🙂