Hello everyone! It’s been a while since I posted anything here but I have an update. After becoming an OSCP in 2022, I decided to dive deeper into web app penetration testing. And a fairly new certification came to my mind: the Burp Suite Certified Practitioner (BSCP) exam. Long story…

As someone who just passed the new version of the OSCP, yes, it is worth it. In this post, I’ll go through some questions you may have if you’re wanting to try out the lab but are not sure what to expect. How long did I spend in the lab? — 4 months. (3months + 1 month extension) …

Before I started my lab back in January, I couldn’t solve a single box by myself. Now I’ve completed 25 lab machines +9 Proving Ground boxes. This number may not be much compared to some other experienced hackers out there. …

As usual, I followed IppSec’s video on how to crack this box I had trouble getting the SMB file share on this one and it finally worked with the other impacket’s smbserver script. It was also fun to learn about the hidden data stream and how to view it. Things I learned today & review: KeePass — …

This box was labeled as “insane” and I couldn’t have completed without the IppSec’s walkthrough video but I still learned a lot from it. What I learned today: HTTPs Enum: Check for alternate names & emails in certificates Wordpress Enum: wpscan — url https://brainfuck.htb — disable-tls-checks Register your API token to see vuln …

What I learned today: Nmap: -p- — max-retries 1 (or 0) — this speeds up the all port scan a bit. Port 79 fingerprint service , https://en.wikipedia.org/wiki/Finger_%28protocol%29 it revealed some usernames on the service with the finger-user-enum tool. ssh: add keyalgorithm with -okexAlgorithms=+ALGORITHM_ NAME By using |less -s kills off…

Today, I’m getting into the Valentine Box on HTB. (The V-day is also coming close!) As usual, I attempted to hack it myself and used IppSec’s walkthrough for reference. https://youtu.be/XYXNvemgJUo What I learned today/ Reminder vim set:paste option ssh naming convension -> username_key ssh private key — make sure to paste everything! (I forgot to…

I’ve done this box a long time ago while following a TCM’s video, but I decided to give it a go again with fresh perspective and with the help of Ippsec’s walkthrough https://www.youtube.com/watch?v=s_0GcRGv6Ds Nmap Scan Result: Nmap scan report for 10.129.168.232 Host is up (0.11s latency). Not shown: 65532 closed tcp ports…

I followed a walk-through video by IppSec to crack the Sense box on HTB. Source: https://www.youtube.com/watch?v=d2nVDoVr0jE This write-up demonstrates how I got the root flag and how IppSec introduced one way to write a python script to brute force credentials with burpsuite. Using CVE to root the machine. Nmap Scan…