ZEROzerosama.hashnode.dev·Feb 5, 2025PostfishThe "Postfish" CTF provided valuable experience in exploiting email services and leveraging privilege escalation techniques. By combining tools like Nmap, smtp-user-enum, Hydra, and custom scripts, I was able to systematically enumerate the target, e...Proving Groundsoffsec
ZEROzerosama.hashnode.dev·Feb 4, 2025PebblesThe "Pebbles" CTF provided valuable experience in identifying and exploiting SQL injection vulnerabilities. By leveraging tools like Nmap, Gobuster, and SQLMap, I was able to systematically enumerate the target, exploit the vulnerability, and escalat...Proving Groundszerosama
1lrocks1l.rocks·Oct 18, 2024Getting started or finishing the OSCP (PEN-200) courseIntroduction First of all, I’d like to share that I have submitted my exam and the report. From now on, it's just waiting for the results and praying that the results are good. The paranoia is getting there. NOTE: I did receive the certificate :) The...pen200
Ghassan Amaimiaghassanamaimia.hashnode.dev·Jun 28, 2024OSCP Journey : TJ_Null ScrambledI - Introduction : The best part of this machine is that NTLM Hash is disabled, so we need to use Kerberos for every user authentication. We will be forging silver tickets, enumerating MSSQL databases, debugging .NET applications, and much more. II -...#cybersecurity
Ghassan Amaimiaghassanamaimia.hashnode.dev·Jun 23, 2024OSCP Journey : Kerberoasting Silver Ticket ForgingI - Introduction : Kerberoasting can be affective methode for extracting service account crednetials from Active Directory as a regular user without sending packets to the target system . II - Requirement : For this Attack to succeed we will need som...#cybersecurity
Ghassan Amaimiaghassanamaimia.hashnode.dev·Jun 12, 2024OSCP Journey: Introduction to Domain Enumeration with PowerViewI - Introduction : Once we have successfully compromised our target, the next critical phase involves conducting comprehensive domain enumeration to gather detailed information about the Active Directory environment. To facilitate this process, we wi...45 reads#cybersecurity
Ghassan Amaimiaghassanamaimia.hashnode.dev·Jun 11, 2024OSCP Journey : IPV6 AttackI - Introduction : Lately, I've been focusing on IPv6 attacks. I used to work with tools like Responder and relay attacks, but now I'm exploring the potential of IPv6 vulnerabilities. Let's dive into what I've learned so far. II - What is IPV6 Attack...#cybersecurity
Ghassan Amaimiaghassanamaimia.hashnode.dev·Jun 3, 2024OSCP Journey - ACTIVE DIRECTORY HOME LabI - Introduction As a cybersecurity student and aspiring pentester preparing for the OSCP certification, I chose Active Directory as my first focus. Initially, I was intimidated by Active Directory and often avoided machines with it on the Hack The B...1 like·28 reads#cybersecurity
Vel Muruga Perumal Muthukathiresanhn.humbletester.com·Apr 21, 2024Vulnlab's Data (Easy) Linux Machine - WriteUpHello Everyone ! This writeup is on the Vulnlab's data (easy) Linux machine. Initial access is through exploiting an CVE of grafana to read usernames & password hashes. Reconstruct the password as per the required format to run it against hashcat whi...52 readsoscp
REHAN SAYYEDdignitas.hashnode.dev·Apr 6, 2024CodifyIP: 10.10.11.239 Starting with the nmap scan nmap -sC -sV -o nmap 10.10.11.239 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-03 05:33 EDT Nmap scan report for 10.10.11.239 Host is up (0.20s latency). Not shown: 997 closed tcp ports (conn-ref...35 readsHackTheBoxhacking