Awesome. This was the first hard box I have done in a while and I learnt quite a bit on it, was pretty happy that I got through it. The entropy analysis of the cookies you did was super interesting!
its is one of the things that i most like to do in Saturday: to see ippsec 's video. I would really appreciate it if you would come back to broadcast lives. You is like Pele. Anyone who saw the videos about him playing soccer can think that is easy, but when you try to do same thing you realize: Its not easy; Its easy for him because his is Pele.
dos2unix didn't wipe the file, you had changed to the source dir and using the history command running vim source/.... which was just opening source/source/....
Yeah. He was trying to work too fast and making some silly mistakes. Like he thought the default ssh behavior of iterating over default keys was some windows specific thing. Also, he didn't need burp pretty much at all. Could have been done with dev console and curi which is much simpler. He lost some simple knowledge trying to think too hard, too early. But, he did keep on moving. Success is success.
How hard are today’s oscp boxes when compared to this box? I have my exam scheduled for next month and I haven’t rooted this box because I was stuck in some areas
TLDR at end. September third attempt for me. I hope the PWK helps you. Just remember: screencap and cp all commands into your exam template - it really sucks the next day after a powernap to have to write a legit report for a pentest you're not getting paid for, is unrealistic in scope, and is designed to check your basic soft-skills as a pentester - stamina, attention to detail, quick decision making when things change, etc. So they throw a lot of rabbit holes at you. If you've got BoF down, I mean down as in you can copy and paste commands that you've been practicing with in mona, a vulnerable app, thats a huge chunk taken care of in less than 2 hours (*assuming you don't get a lot of bad chars), there's a list of HTB and VulnHub machines that are better to practice with. I took the exam after the change in 2020 twice, my assumption is that the marketing has changed more than the awesome material they give you. I still use my pdf as a reference guide. They will give you all the information you need, just make sure to read through it thoroughly. You're going to do fine if you haven't been pentesting for long. If your mind works better in CTF-style of testing, you're going to crush it. Just don't get caught in rabbit holes and do manual testing and fuzzing. They design it to not work well with the basic lists that are popular, but sometimes they do. I can't really say what I've run into and what I haven't.........TLDR: I can say this box is probably on the harder side of what you'll run into, do BoF first. I hope this helps!
@@T1081198 heyyyyy thanks so much! Yeahhh the PWK labs have been super awesome so far. Super stoked about the exam but also very nervous lol. As for the BOF’s I’m finally able to say I can easily crush them and they’re now considered a breeze for me which is super nice! Thanks so much for the tips man :)
u switch to quick cant screenshot a thing ur doing can u share ur code this is long!!! ???? also you kow how annoying them silly chars are after every line with a space is? very! unecceccessery asf!
Awesome. This was the first hard box I have done in a while and I learnt quite a bit on it, was pretty happy that I got through it. The entropy analysis of the cookies you did was super interesting!
its is one of the things that i most like to do in Saturday: to see ippsec 's video. I would really appreciate it if you would come back to broadcast lives. You is like Pele. Anyone who saw the videos about him playing soccer can think that is easy, but when you try to do same thing you realize: Its not easy; Its easy for him because his is Pele.
It is a joy to watch your videos, thanks for making videos.!
Nice video! 1:03:45 that phantom Microsoft file though 😂
This was a goldmine of information. Thanks again IppSec!
I really enjoyed this video. cheers ipp
dos2unix didn't wipe the file, you had changed to the source dir and using the history command running vim source/.... which was just opening source/source/....
Yeah. He was trying to work too fast and making some silly mistakes. Like he thought the default ssh behavior of iterating over default keys was some windows specific thing. Also, he didn't need burp pretty much at all. Could have been done with dev console and curi which is much simpler.
He lost some simple knowledge trying to think too hard, too early. But, he did keep on moving. Success is success.
I can hear his dog playing in the background, so cute. Does he still sleep under your desk?
Yup
Really fun box
Enjoy your videos 😍
Thanks Ipp, amazing vid.
The response from the lfi is json you could also pipe it to jq and you'd get clean result
I could read all the files, but got jammed on not figurering out the jwt token. Good work explaining how it works, Ipp.
IppSec, have you ever checked out asciinema?
damn this box was hard
why we can decrypt AES with iv=00000.... ?
Another day to watch the legend in action
How hard are today’s oscp boxes when compared to this box? I have my exam scheduled for next month and I haven’t rooted this box because I was stuck in some areas
TLDR at end. September third attempt for me. I hope the PWK helps you. Just remember: screencap and cp all commands into your exam template - it really sucks the next day after a powernap to have to write a legit report for a pentest you're not getting paid for, is unrealistic in scope, and is designed to check your basic soft-skills as a pentester - stamina, attention to detail, quick decision making when things change, etc. So they throw a lot of rabbit holes at you. If you've got BoF down, I mean down as in you can copy and paste commands that you've been practicing with in mona, a vulnerable app, thats a huge chunk taken care of in less than 2 hours (*assuming you don't get a lot of bad chars), there's a list of HTB and VulnHub machines that are better to practice with. I took the exam after the change in 2020 twice, my assumption is that the marketing has changed more than the awesome material they give you. I still use my pdf as a reference guide. They will give you all the information you need, just make sure to read through it thoroughly. You're going to do fine if you haven't been pentesting for long. If your mind works better in CTF-style of testing, you're going to crush it. Just don't get caught in rabbit holes and do manual testing and fuzzing. They design it to not work well with the basic lists that are popular, but sometimes they do. I can't really say what I've run into and what I haven't.........TLDR: I can say this box is probably on the harder side of what you'll run into, do BoF first. I hope this helps!
@@T1081198 heyyyyy thanks so much! Yeahhh the PWK labs have been super awesome so far. Super stoked about the exam but also very nervous lol. As for the BOF’s I’m finally able to say I can easily crush them and they’re now considered a breeze for me which is super nice! Thanks so much for the tips man :)
@@T1081198 I hope you finally pass yours this time 💪 best of luck :)
never us regex for HTML. you can use beautifulsoup and parse it ;)
ippsec I'm still waiting for your Obsidian video T_T
Who made the box? 0xdf?
Second
Download Ghidra version 10.1! It will help you lol
Last
first
u switch to quick cant screenshot a thing ur doing can u share ur code this is long!!! ???? also you kow how annoying them silly chars are after every line with a space is? very! unecceccessery asf!
third
Another day to watch the legend in action