HackTheBox Battlegrounds - Server Siege (Practice Mode)

Рет қаралды 6,844

Күн бұрын

Wanna to watch me fail to gain a foothold on two @HackTheBox battlegrounds machines? Well, you're in luck! In this video, I compete in 2 practice games of battlegrounds server siege mode. Unfortunately, I didn't get a shell in either of the 15 minute matches but hopefully showing my real-time thought process and initial impressions of the competitive hacking mode will still be helpful to some people. If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #Battlegrounds #ServerSiege #CTF #Pentesting #OffSec
HackTheBox: affiliate.hackthebox.com/cryp...
HTB Academy: affiliate.hackthebox.com/cryp...
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢HackTheBox↣
affiliate.hackthebox.com/cryp...
/ hackthebox_eu
/ discord
↢Video-Specific Resources↣
help.hackthebox.com/en/articl...
• Cyber Mayhem Blue Team...
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
Start: 0:00
What is Battlegrounds: 0:49
First Game: 5:08
Second Game: 23:44
End: 37:43

Пікірлер: 36

@hnielsen123 Жыл бұрын

This was great. I love your usual content but it's kinda filed under "studying" content rather than "entertainment" content in my brain lol. But with this the stress of the time limit made it very entertaining while still being educational. I'd love to see more stuff like this!

@_CryptoCat Жыл бұрын

Thanks mate, I'll bare that in mind 🙂

@golden-oj3mk Жыл бұрын

great video. really love the way you explain things is just so thorough and detailed. i also liked the fact the you dont cut out parts where you made a mistakes.

@_CryptoCat Жыл бұрын

Thank you!! 🥰

@user-vy3ww5ej9u Жыл бұрын

Great content! somehow i got butterflies in my stomach by just watching you racing for the first game lol. Keep up the good work :)

@_CryptoCat Жыл бұрын

thanks mate! 🥰

@yakushitamahacka4199 Жыл бұрын

Love the Battlegrounds series!

@_CryptoCat Жыл бұрын

🙏🥰

@SoCalAeroViews Жыл бұрын

i've been wanting to try one of these and this gave me some good insight! thanks for making this video

@_CryptoCat Жыл бұрын

I had been meaning to check it out for ages myself. Glad I did, really cool mode!

@0x157 Жыл бұрын

great vid ! definitely do more of these !

@_CryptoCat Жыл бұрын

Thanks mate 💜

@Kinoti9 4 ай бұрын

Love your explanations man, did you say you'll do a series on portswigger web app pentesting?

@_CryptoCat 4 ай бұрын

Thanks mate! I make videos for Portswigger's WebSecAcademy on the intigriti channel: kzfaq.info/sun/PLmqenIp2RQciV955S2rqGAn2UOrR2NX-v Planning to cover their gin 'n juice shop on this channel soon as well 🙂

@Kinoti9 4 ай бұрын

@@_CryptoCat awesome, will sure check them out. Thanks so much for what you are doing for us not so great hackers lol.

@danielperloz Жыл бұрын

Great video! I’m new to pen test and I have a quick question. I see you use gobuster. Would you recommend it over dirbuster? Regards from Spain!

@_CryptoCat Жыл бұрын

Good question! I generally use gobuster at the start but it's not recursive so if the website is big I might switch to ffuf (which has a recursive mode) or, more commonly, to dirbuster as I like the tree structure UI 🙂

@danielperloz Жыл бұрын

@@_CryptoCat thank you! I appreciate the help :)

@TracerPortable Жыл бұрын

More!

@SafaretoSaf Жыл бұрын

Would love to see a similar video on Cyber Mayhem! Also I would focus less on automating enumeration here as the time limit is very constraining so I would mostly rely on gobuster/nmap and then manually enumerate everything else, that's just me though :) good stuff all around

@_CryptoCat Жыл бұрын

Thanks mate! I'll try and do one for Cyber Mayhem at some point, I need to brush up my [non-existent] defence skills a little first 😅 Good tip, I actually just launched Tib3rius's AutoRecon for the last few games yesterday and focused more on manual enumeration. The time limit really adds pressure and I end up wasting time with indecisiveness 😆 Good practice though, I like it!

@luxdown7965 Жыл бұрын

It would be super cool if you could do some Cyber Mayhem, also great video by the way ;)

@_CryptoCat Жыл бұрын

Thanks! Gonna be busy for a few weeks but I'll definitely try and get round to it 🙂

@Getsbuffer Жыл бұрын

Hello Mr. Cat, Why did you filter out all subdomains with size 13669?

@_CryptoCat Жыл бұрын

Hey, good question! When you are trying to find subdomains (or webpages, credentials etc) with ffuf, you want to filter out the invalid responses, e.g. if the subdomain exists, it should have a different content-length than a non-existing subdomain. In some cases, the valid/invalid responses will have exactly the same content-length, in which case we would filter by something else, e.g. the response code or some string the in the response such as "invalid" or "success" 🙂

@Getsbuffer Жыл бұрын

@@_CryptoCat Thank you friend, it's the accumulation of little details like that which make people experts in their craft. Keep up the good work

@_CryptoCat Жыл бұрын

@@Getsbuffer 🙏🥰

@MADhatter_AIM Жыл бұрын

do you have a github, with your scripts ?

@_CryptoCat Жыл бұрын

Yes! github.com/Crypto-Cat/CTF

@null_1065 Жыл бұрын

Please do a cyber mayhem when you have time

@_CryptoCat Жыл бұрын

Will do!

@chibiichen Жыл бұрын

It would be nice if you can do some boxes without cutting the video to be able to understand your thinking process.

@_CryptoCat Жыл бұрын

Retired boxes? I'm going to do one soon hopefully with a focus on my notetaking process and some tips and tricks for Obsidian. Might do some more Battlegrounds videos first though 🤔

@boo1251 Жыл бұрын

Hey why do you try owasp juice shop its like dvwa but more advance

@_CryptoCat Жыл бұрын

Thanks for the recommendation! I have thought about doing juice shop in the past, time has always been the main issue. I've been doing some Web Security Academy videos over on the Intigriti channel so maybe I'll do some juice shop content there after 🙂