@@overgrowncarrot1 i got it you should clone shutdownrepo but with specific branch -b dacledit and create a venv than install pip3 install . and it will work without issues
Doing the exam now and keep laughing to myself hearing your voice whenever I think something will get me SYSTEM. “Huh, this was supposed to get me NT AUTHORITY…? HELL NO IT DOESN’T!”😂 4:13
@@overgrowncarrot1 got all the flags and submitted the report… phew, wish I’d listened to the advice of starting the report early - had a mad rush at the end copying from Obsidian 😅Question: how long did it take you to hear back from htb with the result?
Just heard back that I passed! Super happy and relieved about that. My plan next is to get the OSCP because I don’t have it and well, work is paying for it 😎. I’m curious to see how the two courses and exams compare.
If you are using ligolo then you already have exploited that machine so now we can put ligolo on the machine in memory or with get. Same thing with sending over the files.
Hey, im currently studying the material for the ejptv2 exam and as per my current understanding we get one ip address only (victim 1) then have to find other ips (victim 1, 2, 3 etc.) In order to do pivoting. In the course material they give an example on pivoting where we already know the ip of victim 1 and also victim 2 (victim 2 not reachable from attacker machine) then we do pivoting. My question is how do i find ips for victim 2, 3 4 etc. in order to do pivoting. So in the exam i only have ip of victim 1, how do i find the other machines ip addresses that are not reachable from my attacker machine. If you could answer me that would be of great help as i dont really understand this thing and i wanna do the exam soon. Thank you!
The new version you don't pivot like that. However you can still run nmap with proxychains. If pivoting do an ifconfig or ipconfig on the victim machine and it will show two different IPs, that plus broadcast and default router then you can figure out the network.
hey man great video! Also you got a sub. Just a question tho, even tho Im under the directory of mimikatz in my kali why cant I run when I command "mimikatz.exe"
Does a default run of the Vulnerable-AD script not guarantee a full exploitation path without manually giving remote management to some users or prior knowledge from examining the script? Eg. the descriptions on some accounts say "Default Password", but it's not something that's in common wordlists used for practice, so you can't know the default password without reading the script. Mine didn't setup any SPNs to practice kerberoasting against it. It randomizes which account has which vulnerabilities introduced, so having a copy of the script doesn't automatically get you in without enumeration, but I'm not competent enough yet to know if I'm just overlooking some things, or if it just can't be solved blindly. I need labs where if I get stuck, then I know for sure it's a skill I need to learn more about rather than wondering if the lab is broken
tysm! was wondering by any chance if u was to make an ecpptv3 guide? my exam is coming up soon and i found this video really helpful with understanding and revising the basics!
I just saw this review and i love it. I got to say that your journey is inspiring. I'm working through the Bug Bounty path at the moment and then will go onto the Pentester path.
I found your video trying to see if anyone else was having an issue with thmuser3 and I'm happy to see I wasn't the only one. A year later and thmuser3 is still messed up. Even with the attack box, it won't work.
short explanation for 37:00 the files date can't be older than the Unix epoch time which is 01-01-1970, so the file was older than this date thus its date will be the epoch date, you can verify that by running this command ls / -R -ltas 2>/dev/null | grep "Jan 1 1970"
Congratulations 🎉 Can you suggest any other labs for practicing for the exam. I've completed the PTS course and am planning to go for the exam next week.
They must've changed the exam because they teach gobuster. If it doesn't have gobuster it seems like that would be stupid to include but I'll wait until I take it.
I didn't try gobuster, I also didn't take the training so I don't really know what they train. However, gobuster does come preloaded on kali and I believe parrot. So that should also be on there.
Congratulations! I just passed the written, what level difficulty of hack the box machines do you think I should be comfortable doing before attempting my practical?
@@overgrowncarrot1 Thanks for the insight. The written had a few questions about tools I have never heard of, then when I went and looked them up in the official text from EC-Council, it was not even mentioned lol. So the parrot box you get does have access to google for research? Thats also great to know.
I failed the OSCP back in December. Feels like the course work didn't prepare me well for the exam. Planning on going through the CPTS first to over prepare for the OSCP. Plus I want to actually be skillful in the field.