Archive for August, 2022

OSCP diary – week 04

Sunday, August 21st, 2022

I finally finished the LFI exercise… it took a while because I was using a & instead of a ? in the wrong place in the URL. <sarcasm>Surprisingly, things don’t work properly if you do that</sarcasm>. After that, it was smooth sailing. OR SO I THOUGHT. Took some more digging and I got the flag so I’m good maybe but I certainly did not follow the instructions so I’m not sure if there is a correct way to complete the exercise. But I guess one aspect of the course is also to show that following the book/the guidelines is not always necessary or recommended.

Moving on, I made progress on the RFI exercise and continued reading up on SQL injections.

This all seems to take a long time, I wonder if I’m wasting too much on these exercises >_<

ISACA CRISC

Tuesday, August 16th, 2022

I got the digital certificate this week and now I can file for the reimbursement of the exam cost. This is the last step, the rest is just keeping on acquiring those CPEs

OSCP diary – week 03

Tuesday, August 16th, 2022

I’ve continued with the web application attacks chapter and I’m a bit ashamed to say I’m stuck on one of the LFI exercises. I try to finish all the exercises before moving on, or at least before moving to a completely new chapter.

In this particular exercise, I’ve tried a couple of things (what I could think of), watched the course videos (which I usually don’t) and did additional research but I’m still stuck. Might reach out to colleagues this week although I still have one idea that I need to check/confirm before asking others for ideas.

Meh, nobody said it’s easy.

Burp Suite Community edition – Intruder

Friday, August 12th, 2022

If you accidentally dabble with a PEN-200 course, there is an introduction to the Burp Suite Intruder feature with a lot of meat on the bones.

Alas, since the course was created, Burp Suite released a newer version with a re-defined interface (covered by Burp Suite course on Pluralsight) but it’s still possible to piece together the required components to follow the course content.

Until…. everything is set as described and you click on “Start Attack” and you get this pop-up:

Is this another “feature” of the community edition to push you towards purchasing the Pro version of Burp Suite?

Well, it might be. But you don’t have to shell out the cash quite yet.

Head over to the Resource Pool tab and you’ll see:

In fact, what you’ll have to do is this:

And obviously select this added option, then start the attack. It will obviously be slower but this chapter in the course is about the principle, not about brute-forcing cracking real passwords.

OSCP diary – week 02

Tuesday, August 9th, 2022

Or is it week 3 already? Haha, looks like I lost track already.

Finished that Perl script to get nameservers from a domain. Finally.
Not that Perl might be a particular scripting language, but…. not chomping an input breaks a loop because of an empty variable? Although the same variable holds a value as evidenced in the loop?
Can’t really say I understand this so far.

Got through the scanning basics but I’m undecided on the inclusion of Nessus in the ‘textbook’. Not checked yet whether you’re allowed to use Nessus during the exam, but I guess no. It was good to do some hands-on exercises with Nessus but if the basis of the coure is the open-source Kali Linux, then including tools like VMware Fusion and Nessus in the course materials feels somewhat …. off.

Anyway, moving on web application security now.