Educated: Offsec Proving Grounds Practice Lab - TJ Nulls's OSCP Prep
3Educated: Offsec Proving Grounds Practice Lab - TJ Nulls's OSCP Prep
TJ Nulls OSCP Prep List
https://docs.google.com/spreadsheets/...
------------------
My Certifications:
Practical Web Penetration Tester (PWPT): TCM Security - https://certifications.tcm-sec.com/pwpt/
Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: https://tryhackme.com/p/NoxLumens
Hackthebox: https://app.hackthebox.com/profile/17...
Twitch: / noxlumens
0:00 Catch up
12:00 Need to slow down and look at what is in burp repeater
27:00 still not clicking
28:05 wasting more time instead of slowing down and understanding
35:40 EUREKA!
35:50 HOLY Crap, he slowed down a little and manged to paste and edit the data
36:50 the next miniboss is PHP
41:25 A web shell presents itself
45:50 A working reverse shell payload
46:50 enumeration
50:15 looking for hard coded credentials in config files
52:20 checking other methods for privilege escalation
56:15 back to hard coded credentials
57:35 creds acquired
58:15 mysql users with database creds
1:04:43 cracking found credentials
1:05:00 privilege escalation enumeration
1:07:00 APK File.. how to read mobile hacking???
1:10:00 transferring .apk file to host
1:13:00 how to google what you wanna know
1:15:00 installing apkanalyzer
1:22:30 VM restarted
1:24:00 MobSF Mobile Security Framework
1:26:20 MOBBIN
1:29:00 Hard coded Credentials in the APK
1:31:00 sshing as emiller
1:32:00 privilege escalation to root