My [Updated] Hacking Methodology for OSCP

Подписаться 1,7 тыс.

Просмотров 1,9 тыс.

50% 1

WELCOME BACK! WELCOME BACK!
Join me again for another walkthrough through one of Proving Grounds boxes, as we get back into the rhythm of things. After a longer hiatus, I am finally back to hacking again.
This time, we are focusing on keeping clear notes, showcasing step by step our methodology.
Quite the fun box too, took a lot of notes, to emphasize the importance of good note-taking.
More videos and updates will follow soon!
You can find the document here:
docs.google.com/spreadsheets/...
link to Proving Grounds:
portal.offsec.com/labs/practice
I hope you guys enjoy!
Any support helps, if you enjoyed this video, or got something useful from it. Consider liking, commenting and subscribing! It is greatly appreciated
If you too want to learn how to do offensive or defensive security. Then make sure to check out the HackTheBox Academy. I have yet to see a better learning resource, to thoroughly learn the ins and outs of Pentesting as well as Blue Teaming.
==================================================
00:00 - Welcome BACK!
01:20 - Plan for today
03:36 - Reconnaissance
05:08 - Notes Setup
06:27 - Evaluating Recon Results
08:27 - Port 22 - SSH
10:44 - The importance of good Note-Taking
11:21 - Port 80 - HTTP
13:34 - Why Obsidian is great!
19:08 - Exploring the Web Application
27:05 - Broken Object Level Authorization
32:24 - Exploiting the Confirmed Parameter
37:25 - Trying to create a Confrimed User
39:28 - Logging in
43:20 - File Inclusion Vulnerability
46:46 - /etc/passwd
51:58 - Uploading authorized_keys file
55:55 - Initial Foothold as Remi
57:09 - Discovering SSH keys
1:01:08 - Google is Your Friend!
1:02:35 - Root
1:05:20 - Review
==================================================
Music:
Byedarond · Flughand
Vanilla - Summer
Link:
• Byedarond
• Vanilla - Summer

Авто/Мото

Опубликовано:

6 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 40

@Sparks3D 6 дней назад

Glad you're back man! After 2 attempts myself at the OSCP, I'm also going through these PG Practice machines. I feel like they should have made these machines mandatory during the training. I would also say that there are PG Practice machines not on this list you are showing that absolutely should be. I feel like Offsec knows about this list, so really any of the 154 PG Practice machines "could" be incredibly useful to go through.

@ByteSizedSec 5 дней назад

3rd times a charm for you, mate! Absolutely, I just want to go through the list, and then I will go beyond for sure!

@timrees786 5 дней назад

Best reaction to getting `root` 😂 👏 Great to have you back and seeing the evolution of the methodology

@ByteSizedSec 5 дней назад

hahah I thought so too! Thank you very much, it sure is good to be back!

@angelakensy8268 6 дней назад

Honestly, was just wondering about you yesterday and when there would be a new video. Love your methodology, your last video like this helped me tremendously.

@ByteSizedSec 5 дней назад

Well isn't that great timing then! Thank you for the support ! 🙏🏾

@pimpampet7053 6 дней назад

Great you made a new version!

@ByteSizedSec 6 дней назад

I did indeed 😁

@tiagoarrojado7972 4 дня назад

Great video! Loved the energy!

@ByteSizedSec 4 дня назад

Glad you enjoyed it! Thank you very much for the support!

@Ibr8kThingz 6 дней назад

My man! Good to see you!

@ByteSizedSec 6 дней назад

Thank you! Its good to be back🙏🏾

@meh.7539 4 дня назад

"Oh god that worked!" 🤣🤣🤣🤣

@ByteSizedSec 4 дня назад

😂😂😂😂

@jsanchez1980 5 дней назад

Glad to see you're back!

@ByteSizedSec 5 дней назад

Glad to be back! Thank you 😁

@willcopeland8123 6 дней назад

Bro It has been great watching your journey!

@ByteSizedSec 5 дней назад

Much appreciated, upwards and onwards! Thank you for the support! 🙏🏾

@Ibr8kThingz 6 дней назад

BTW that sublime text ANSIescape package came in clutch! Thanks so much for sharing.

@ByteSizedSec 6 дней назад

Oh you have no idea how much that helped, hated that ansi text! Glad you liked it!🙌🏾

@jaredbennett5614 День назад

Could you make a video setting up just the notes itself? I use obsidian too and I'm thinking of setting up a template that looks just like this. But the way you did this was way too easy and had everything I keep looking for. Possibly hosted on github?

@ByteSizedSec День назад

In my next video, I will go deeper into the usage of obsidian!

@jaredbennett5614 17 часов назад

@@ByteSizedSec Awesome! I set up some templates, but the way you were so easily able to do everything and already had the folders set up, I want to create a script that will allow me to open the folders with everything I need inside so I can run through what I did and capture everything. I just gotta get to that part of my journey I guess.

@spoon2k 3 дня назад

Do you change anything with the autorecon config file or do you use all default settings?

@ByteSizedSec 2 дня назад

not really no, I didn't change anything. It's pretty good as is

@spoon2k 2 дня назад

@@ByteSizedSec thanks for the reply! Subbed!

@ByteSizedSec 2 дня назад

Thank you very much, appreciate it!🙏🏾

@pimpampet7053 17 часов назад

Can you please tell me what kind of snipping tool you use?

@ByteSizedSec 3 часа назад

I use flameshot on the linux host and greenshot on windows

@meh.7539 4 дня назад

Are you on any discords? I'd love to chat with you.

@ByteSizedSec 4 дня назад

I am on many discords but do not have my own just yet. You can drop your @ here, and I'll shoot you a message, then delete it here 😉

@meh.7539 4 дня назад

@@ByteSizedSec Check your email 😉

@xj0ex39 2 дня назад

Hmu bro. I can dev it for you.

@ByteSizedSec 2 дня назад

For real? I would be very interested in looking into that. It might be time to create that soon. Build a little community. How can I reach you? Mind dropping me a mail?

@xj0ex39 2 дня назад

@@ByteSizedSec totally bro shoot me a DM and we can definitely talk about it I'm I'm down to just do it just to help you mod and stuff because I definitely enjoy your content and you're very helpful in the security and networking. I can do any type of dev work you need. I've helped mod a bunch of communities over the years and I have one of my own personal ones that I used to just test various spots and scripts and stuff like that. I think she's the two of us can kick some ass Jim.