+ Reply to Thread
Page 2 of 3 First 12 3 Last
Results 26 to 50 of 57
  1. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #26
    Redacted

    rooted: 8
    Last edited by BuzzSaw; 11-16-2017 at 06:42 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #27
    Redacted

    rooted: 9
    Last edited by BuzzSaw; 11-16-2017 at 06:42 PM.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Dec 2007
    Location
    Grand Rapids, Michigan
    Posts
    1,857

    Certifications
    Network+ : A+ : Security+ : eJPT : Life+
    #28
    This is kinda like watching a match or something. I'm really enjoying reading about your success!
    Booya!!
    ------------------------------------------------------------------------------------------
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
    Reply With Quote Quote  

  5. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #29
    Redacted
    ROOTED: 11

    Redacted
    Last edited by BuzzSaw; 11-16-2017 at 06:42 PM.
    Reply With Quote Quote  

  6. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    67

    Certifications
    OSCP, CISSP, Sec+
    #30
    I find that hit order strange, but I can't say why, lol.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  7. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #31
    Quote Originally Posted by LonerVamp View Post
    I find that hit order strange, but I can't say why, lol.
    I didn't take them down in that order

    If you are in the labs, you'll see why I listed them that way.
    Reply With Quote Quote  

  8. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #32
    Redacted
    ROOTED: 12
    Last edited by BuzzSaw; 11-16-2017 at 06:43 PM.
    Reply With Quote Quote  

  9. Member
    Join Date
    Feb 2017
    Posts
    87
    #33
    Quote Originally Posted by BuzzSaw View Post
    Popped "Oracle"

    It was far too easy which makes me think I need to go back and do it the hard way ...

    ROOTED: 12

    Yea i did I the same as you I think using metasploit.

    There is a python script that does the same thing with minor changes.

    I may go back but for now ive just carried on
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  10. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #34
    Redacted
    ROOTED: 13
    Last edited by BuzzSaw; 11-16-2017 at 06:43 PM.
    Reply With Quote Quote  

  11. Member
    Join Date
    Feb 2017
    Posts
    87
    #35
    Quote Originally Posted by BuzzSaw View Post
    Quick tips: you will slowly build up a good enumeration workflow
    Yea that's very true.

    At first I was really beating myself up about not having any methodology but slowly it's come just naturally. I'm still very disorganised at times but generally I'm following the same process each time.

    My note taking starts off good with each box, but I then start just throwing different exploits and don't note which I've tried.

    Additionally, as I've enumerated more and more lab machines, I've seen the same things each time, e.g. some ports come up a lot but aren't valuable, you quickly can identify when a port is not really going to go anywhere.

    So I think in that respect you start to get an instinct and an idea early on about which direction things are going in

    Good work for only 3 weeks in! Keep it up
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  12. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #36
    Redacted
    Last edited by BuzzSaw; 11-16-2017 at 06:43 PM.
    Reply With Quote Quote  

  13. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #37
    Oh, something else fun I did ...

    I took over a big white board at work that is in a common area. I'm writing my hit list on it and crossing out names! It looks cool, and is good motivation to be able to cross off names on a board the next morning after my exploits at night
    Reply With Quote Quote  

  14. Member
    Join Date
    Feb 2017
    Posts
    87
    #38
    Hey,

    As you've seen on my blog I've also had 1-2 weeks of not doing much due to general life being in the way, so I know exactly how you're feeling.

    I'm similar to you, I don't mind repeating some steps. It's funny as the further I get into this, the more I look back on earlier boxes and see how poor my appraoch was, and how all over the place my notes are. So I fully expect and I'm happy to go back to some of them - especially for post exploitation, and have a better look at IP configurations, network layouts, etc...

    I'm really keen to try to break out of the public network if I can.

    Haha, that's funny about the white board, do your colleagues know what you're up to? I hope so or they'll start worrying about you just writing "SUFFERENCE" in massive letters and GH0ST

    Keep up the good work!
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  15. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #39
    Redacted
    Last edited by BuzzSaw; 11-16-2017 at 06:43 PM.
    Reply With Quote Quote  

  16. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #40
    Redacted
    Last edited by BuzzSaw; 11-16-2017 at 06:43 PM.
    Reply With Quote Quote  

  17. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #41
    Redacted
    Last edited by BuzzSaw; 11-16-2017 at 06:43 PM.
    Reply With Quote Quote  

  18. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    52

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #42
    Keep up the great work!!!
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

  19. Member
    Join Date
    Aug 2016
    Location
    nullsec
    Posts
    67

    Certifications
    Linux+ Prince2 Fundation Security+ eJPT
    #43
    @BuzzSaw My I ask you about you about your technical background and experience in pen test?
    Reply With Quote Quote  

  20. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #44
    Redacted
    Last edited by BuzzSaw; 11-16-2017 at 06:43 PM.
    Reply With Quote Quote  

  21. Member
    Join Date
    Feb 2017
    Posts
    87
    #45
    Buzz saw - was the new machine you hacked with Metasploit ORACLE?
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  22. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #46
    Quote Originally Posted by CyberCop123 View Post
    Buzz saw - was the new machine you hacked with Metasploit ORACLE?

    I'll PM you
    Reply With Quote Quote  

  23. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #47
    Redacted
    Last edited by BuzzSaw; 11-16-2017 at 06:44 PM.
    Reply With Quote Quote  

  24. Member
    Join Date
    Feb 2017
    Posts
    87
    #48
    Quote Originally Posted by BuzzSaw View Post
    ROOTED PAIN!

    I dug in and rooted PAIN tonight. It was a great learning experience and probably more closely resembles a real world example.

    Some Tips for PAIN:
    - As with all servers, you should have write access to atleast one place in the file system
    - Make sure when you are trying your exploit you know what it is actually doing ... I had to stare at C code for awhile before it clicked with me!


    Updated hit list:

    ROOTED 16


    ALICE | MIKE | BOB | BOB2 | BARRY | PAYDAY | RALPH | PAIN | TOPHAT | DJ | ORACLE | KRAKEN | MASTER | CORE | JD | NINA

    Hi Buzz,


    I logged on to respond to your PM and then saw this post - well done!


    This is exactly like me... I think I actually posted on my thread that it taught me to at least have a flick through the code and just see roughly how it's laid out. It's also made me want to start properly learning C as it's coming up so frequently.


    Good progress, you've overtaken me though - I will have to try to overtake you or at least catch you up!
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  25. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #49
    Redacted
    Last edited by BuzzSaw; 11-16-2017 at 06:44 PM.
    Reply With Quote Quote  

  26. Member
    Join Date
    Feb 2017
    Posts
    87
    #50
    Quote Originally Posted by BuzzSaw View Post
    This was the first machine I ran linuxprivchecker against.
    Weirdly... me too! I'd heard about it, but I ran it.

    I even stumbled through a few of the results and then sort of felt I was losing my way.

    A bit like you I went back and it jumped off the page when I actually looked at the code and comments! Lesson learned
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 3 First 12 3 Last

Social Networking & Bookmarks