One of the non-trivial tasks when dealing with bulky wordlists like rockyou.txt is that tools either can not handle them, or the ones which can, do not usually have a progress bar to keep track of how far the current wordlist has been exhausted.
In this post I’ll be providing a quick copy-paste one-liners and explaining the methodology on how to implement an improvised progress tracker with tools like hydra, wfuzz and patator. In my example I will be using patator as it has no limitation on resources and I like to use it when I need to go > 100 threads (for refernce hydra supports up to 64).
Continue reading “Keeping progress of huge wordlists with fuzzing tools like wfuzz, THC Hydra & Patator using tcpdump and grep”
This is a walkthrough
on the machine called Haystack on hackthebox.eu
, which most users found frustrating and/or annoying. Personally I would describe it more as a kind of annoying box, and although rated as easy my personal opinion is at least the Privilege Escalation part should be falling a bit more into the intermediate category.
cat >> /etc/hosts <<<“10.10.10.115 haystack.htb”
Continue reading “Haystack – hackthebox.eu walkthrough”
Introduction to my OSCP Journey
Although this post is mentioned to be an overall overview and resource on how to prepare for OSCP, it is kind of targeted to those who didn’t manage to pass on their first attempt. As I am one of those guys too, and that made me make the necessary adjustments in
my learning process
. There are tons of reviews on OSCP regarding someone getting the certification after their first exam, and I am not one of them. Yes, I failed it. And do I regret it? Hell no. I dedicate
d to it and learned tons of stuff since my first exam attempt, and this post will be pointed towards those who failed
their OSCP exam attempts
and what to stress on when preparing how to successfully achieve the requirements for the OSCP certification
Continue reading “OSCP – the road from failing to 105”
Part I: Brainpan 1 CTF walkthrough – Introduction to exploit development
Phase #5: Getting a stable shell
As it can be seen from the screenshot, an unexpected event has happened – we are actually provided a windows prompt, however the overall file structure seems to be linux-like: Continue reading “CTF: Brainpan 1 CTF walkthrough – Introduction to exploit development (Part II)”
IP: 172.16.253.130 (arp-scan -I vmnet1 –localnet)
If you were looking either for a walkthrough
on the Brainpan 1
or for a tutorial/article to serve as an Introduction to exploit development
you clicked on the right link.
Continue reading “CTF: Brainpan 1 CTF walkthrough – Introduction to exploit development (Part I)”
This is a walkthrough on the CTF written by Min Ko Ko (Creatigon, l33twebhacker) and posted on vulnhub on 6 Dec 2017
Like the author states, This challenge is not for beginners.
It requires advanced knowledge in several fields which a beginner would not be able to solve unless thorough research is done.
: The user agent
that needs to be set is included on the front page, but you would not be able to see it in plaintext.
Continue reading “CTF: Homeless – vulnhub CTF walkthrough – keep Trying Harder!”