http://shivasurya.me/categories/oscp-writeups/Recent content in Oscp-Writeups on ShivasuryaHugoen-usFri, 17 Mar 2023 00:00:00 +0000http://shivasurya.me/2023/03/17/hackthebox-active-writeup-oscp-active-directory/Fri, 17 Mar 2023 00:00:00 +0000http://shivasurya.me/2023/03/17/hackthebox-active-writeup-oscp-active-directory/<h3 id="quick-overview">Quick Overview</h3> <p><a href="https://app.hackthebox.com/machines/Active">Active</a> is one of the easy Active Directory focused Windows Box from <a href="https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#">TJNull OSCP Practice list</a>. It&rsquo;s one of those easy machine where you get initial foothold via SMB <code>Replication</code> share leak &amp; escalate privileges using Active Directory weakness.</p> <p><img src="http://shivasurya.me/assets/media/htb-active-logo.png" alt="Active VM - HacktheBox Logo"></p> <h3 id="enumeration">Enumeration</h3> <h4 id="nmapautomator">NMapAutomator</h4> <p>Started with enumerating the target with <a href="https://github.com/21y4d/nmapAutomator"><code>NMapAutomator</code></a> script since it helps in automating all possible ports with vulnerability scripts from <code>nmap</code>. Additionally, <code>NmapAutomator</code> can help in recon process using <code>smbmap</code>, <code>ffuf</code>, <code>nikto</code>, <code>DNSRecon</code>, <code>SMB</code> enumeration.</p>http://shivasurya.me/2023/02/24/hackthebox-jerry-writeup-oscp/Fri, 24 Feb 2023 00:00:00 +0000http://shivasurya.me/2023/02/24/hackthebox-jerry-writeup-oscp/<h3 id="quick-overview">Quick Overview</h3> <p><a href="https://app.hackthebox.com/machines/144">Jerry</a> is one of the Windows Box from <a href="https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#">TJNull OSCP Practice list</a>. It&rsquo;s one of those quite easy machine where you get initial foothold &amp; privilege escalation in a single hop.</p> <p><img src="http://shivasurya.me/assets/media/htb-jerry-logo.jpg" alt="Jerry VM - HacktheBox Logo"></p> <h3 id="enumeration">Enumeration</h3> <h4 id="nmapautomator">NMapAutomator</h4> <p>Started with enumerating the target with <a href="https://github.com/21y4d/nmapAutomator"><code>NMapAutomator</code></a> script since it helps in automating all possible ports with vulnerability scripts from <code>nmap</code>. Additionally, <code>NmapAutomator</code> can help in recon process using <code>ffuf</code>, <code>nikto</code>, <code>DNSRecon</code>, <code>SMB</code> enumeration.</p>http://shivasurya.me/2023/02/20/hackthebox-oscp-writeups/Mon, 20 Feb 2023 00:00:00 +0000http://shivasurya.me/2023/02/20/hackthebox-oscp-writeups/<h3 id="quick-overview">Quick Overview</h3> <p>This blog post acts as Index of <a href="https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#">TJNull HackTheBox OSCP Practice list</a>. I myself enjoyed solving all those HackTheBox VM and started writing writeups to help other folks out there striving hard to crack OSCP exam 🎮</p> <h3 id="index">Index</h3> <iframe class="airtable-embed" src="https://airtable.com/embed/shrt27NGHECI0l8yL?backgroundColor=orange&viewControls=on" frameborder="0" onmousewheel="" width="100%" height="533" style="background: transparent; border: 1px solid #ccc;"></iframe> <h3 id="closing-note">Closing Note:</h3> <p>I hope this post is helpful for folks preparing for Offensive Security Certified Professional certification exam. For bugs,hugs &amp; discussion, DM in <a href="https://twitter.com/sshivasurya">Twitter</a>. Opinions are my own and not the views of my employer.</p>http://shivasurya.me/2023/02/14/hackthebox-bashed-writeup-oscp/Tue, 14 Feb 2023 00:00:00 +0000http://shivasurya.me/2023/02/14/hackthebox-bashed-writeup-oscp/<h3 id="quick-overview">Quick Overview</h3> <p><a href="https://app.hackthebox.com/machines/118">Bashed</a> Box is one of the Linux Box from <a href="https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#">TJNull OSCP Practice list</a>. It&rsquo;s one of those quite easy machine where you get initial foothold in one hop and privilege escalation in second hop.</p> <p><img src="http://shivasurya.me/assets/media/htb-bashed-logo.jpg" alt="Bashed VM - HacktheBox Logo"></p> <h3 id="enumeration">Enumeration</h3> <h4 id="nmapautomator">NMapAutomator</h4> <p>Started with enumerating the target with <a href="https://github.com/21y4d/nmapAutomator"><code>NMapAutomator</code></a> script since it helps in automating all possible ports with vulnerability scripts from <code>nmap</code>. Additionally, <code>NmapAutomator</code> can help in recon process using <code>ffuf</code>, <code>nikto</code>, <code>DNSRecon</code>, <code>SMB</code> enumeration.</p>