Attention Pentesters - CompTIA & Immersive Labs
Go sign up to test your skills for free...you only have about 20 or so days to get through all the material & it is A LOT of labbin!
https://immersivelabs.com/comptia-competition
Go check it, cheers & Hi5!
https://immersivelabs.com/comptia-competition
Go check it, cheers & Hi5!
CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
Tagged:
Comments
-
coffeeluvr Member Posts: 734 ■■■■■□□□□□Thanks!
"Something feels funny, I must be thinking too hard. - Pooh" -
LonerVamp Member Posts: 518 ■■■■■■■■□□Just to be clear, for the sweepstakes part you only need to do the 4 labs in that particular objective.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
yoba222 Member Posts: 1,237 ■■■■■■■■□□Wowwowewa . . .A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
FluffyBunny Member Posts: 245 ■■■■■■□□□□Huh, that looks fun I'll have a go, if only to have a chance to grab a Network+ voucher.
-
FluffyBunny Member Posts: 245 ■■■■■■□□□□FluffyBunny said:Huh, that looks fun
- Changing focus before typing takes time. The labs have no problem reacting to mouse-clicks, but after changing focus to a Terminal it can take a few seconds before I can type.
- If you're wondering which IP is supposed to be your target: ImmersiveLabs provide that information through the menu-bar at the top. For example, for the DNS labs, hover the word "DNS".
EDIT:
Gah, that DLL hijacking is doing me in! I just don't speak enough C# to quickly hack together what I need.
EDIT:
Guaaraghgh! That focus-not-typing issue with the labs is really, really ticking me off.
EDIT:YESYESYES! Oh frickin' heck I've gotten it to work.I had completely overlooked the "KALI" label in the ImmersiveLabs menu-bar. I thought you only had the Win2k8 box to work with, so I was trying to work locally. I still don't understand why my own C# code wouldn't work; that would have been much simpler. -
LonerVamp Member Posts: 518 ■■■■■■■■□□Holy ****, wait, there's a kali box on that lab? Here I've been transferring binaries through the copy/paste thing!But yeah, I feel that pain. Navigating that interface and knowing what to do take a bit. Click Questions to see what you're supposed to do. Click Info to see some more, well...info. Hover/Click on the systems in the top bar to see their info and access them. To copy+paste, go to CTRL+ALT+SHIFT to open/close the clipboard helper.Maybe they added the kali yesterday, because I totally swear for the first two days there was only the Win2k8 box, and very few people solving it.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
FluffyBunny Member Posts: 245 ■■■■■■□□□□Holy ****, wait, there's a kali box on that lab?Top menu-bar, to the left of the "DLL Hijack" title, there's a "Kali" label.
ImmersiveLabs support suggested that I take the "Welcome to ImmersiveLabs" lab, which did in fact point out that the menubar will often include multiple VMs.
-
LonerVamp Member Posts: 518 ■■■■■■■■□□That's gotta be new...I'll check tonight after work. I mean, I knew about and used other boxes/items in the other labs, and nothing else was provided in that one previously.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
LonerVamp Member Posts: 518 ■■■■■■■■□□Just wanted to add, I was able to connect from work for once, and I can confirm, that kali box for that lab is new. Hooray!
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
FluffyBunny Member Posts: 245 ■■■■■■□□□□LonerVamp said:That's gotta be new...I'll check tonight after work. I mean, I knew about and used other boxes/items in the other labs, and nothing else was provided in that one previously.
-
McxRisley Member Posts: 494 ■■■■■□□□□□Does anybody know what the actual cost for this platform is? It's pretty cool but since they don't have prices readily available I can only assume that it's in the several thousands of dollars.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
-
shochan Member Posts: 1,014 ■■■■■■■■□□McxRisley said:Does anybody know what the actual cost for this platform is? It's pretty cool but since they don't have prices readily available I can only assume that it's in the several thousands of dollars.CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
-
wd40 Member Posts: 1,017 ■■■■□□□□□□The lab was interesting, I was hoping to get a CPE Certificate after finishing the lab.As per a post on TechExams it will cost 2000$ per user per year.
-
FluffyBunny Member Posts: 245 ■■■■■■□□□□wd40 said:As per a post on TechExams it will cost 2000$ per user per year.
I'll take "Things that make me go NOPE" for $100, Alex. -
NetworkingStudent Member Posts: 1,407 ■■■■■■■■□□dang $2,000 a year wowzers.
I played around with the labs last night for a few hours. For some reason I couldn't stop playing around with the labs, I was learning alot.When one door closes, another opens; but we often look so long and so regretfully upon the closed door that we do not see the one which has opened."
--Alexander Graham Bell,
American inventor -
gersey Member Posts: 1 ■■□□□□□□□□Man I have been beating my head against a wall with the DLL hijacking lab I know the correct dir for the corrupt dll but cant seem to get much past that I have tried reverse_tcp and reverse_http payload with msfvenom and msfconsole neither seem to work I dont want the answer but any help or point in the right direction would be greatly appreciated
-
FluffyBunny Member Posts: 245 ■■■■■■□□□□You're on the right trick @gersey. Now it's a matter of trouble-shooting.
In cases like these, consider:
* Would it be best to use a complex, or a simple payload?
* Which port on your Kali box should you be pointing the payload at?
* Should you choose a staged or an unstaged payload?
* When generating the payload, are there things you need to be wary of? (Hint: yes there are) -
McxRisley Member Posts: 494 ■■■■■□□□□□FluffyBunny said:wd40 said:As per a post on TechExams it will cost 2000$ per user per year.
I'll take "Things that make me go NOPE" for $100, Alex.
UPDATE: If anyone has completed the PHP: A1 injection or the CREST SNMP lab plz PM me so that I can figure out why these two labs will nto work for me.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect. -
LostnDumb Member Posts: 4 ■■□□□□□□□□Oh my GAWSH this is frustrating. I can't figure out what I might be doing wrong with my payload. I know where it goes. I know how to get it there. I know how to reboot the system. But the service opens the DLL and does nothing. ::BEATING HEAD ON WALL::
-
LostnDumb Member Posts: 4 ■■□□□□□□□□LostnDumb said:Oh my GAWSH this is frustrating. I can't figure out what I might be doing wrong with my payload. I know where it goes. I know how to get it there. I know how to reboot the system. But the service opens the DLL and does nothing. ::BEATING HEAD ON WALL::
EDIT:
HINT: If you do it right, you'll know before the Windows box logs in. -
NavyMooseCCNA Member Posts: 544 ■■■■□□□□□□I need to review the CompTIA labs again. I was pretty tired when I looked at it and I was more than a little confused with the objectives for the first lab. I am struggling with the labs I am finding. Not enough step by step for a newbie to know what to do. When I was getting my CCNA the labs were great for learning how to perform a task. The ones in Mike Chapple's book is lacking and I've been struggling with successfully completing the labs.
I might be too left brained to easily learn how to do pentesting.'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil
-
LostnDumb Member Posts: 4 ■■□□□□□□□□NavyMooseCCNA said:I need to review the CompTIA labs again. I was pretty tired when I looked at it and I was more than a little confused with the objectives for the first lab. I am struggling with the labs I am finding. Not enough step by step for a newbie to know what to do. When I was getting my CCNA the labs were great for learning how to perform a task. The ones in Mike Chapple's book is lacking and I've been struggling with successfully completing the labs.
I might be too left brained to easily learn how to do pentesting.
Just give it time and remember Google is always your friend in this stuff. Also, the INFO section and the questions are huge hints to the objectives and where to go. I'm by no means good at pen testing, but after staring and googling, I was able to figure most stuff out. -
LonerVamp Member Posts: 518 ■■■■■■■■□□Also keep in mind they are not intending the labs to be teaching labs. They expect you to go elsewhere to find the answers/research. These are mo like practice labs or similar to some simulation you might find during an exam (in theory, I guess). Expectations.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
NavyMooseCCNA Member Posts: 544 ■■■■□□□□□□I haven't had a chance to circle back to these labs. I'm still struggling with the labs in the Pentest+ books, which don't provide much information.
'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil
-
charismaticx Member Posts: 163 ■■■■□□□□□□I'm actually stuck on the last question on brute force. I can't figure out how to connect to the http server.
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE -
LostnDumb Member Posts: 4 ■■□□□□□□□□charismaticx said:I'm actually stuck on the last question on brute force. I can't figure out how to connect to the http server.
-
charismaticx Member Posts: 163 ■■■■□□□□□□I didn’t even know Jimmy had two passwords. I actually couldn’t figure out how to use john the ripper so I used hydra. I actually just finished the lab just now. It was a combination of being creative and looking at the file path. I didn’t have a problem getting the passwords but I wasn’t even sure on how to access the web server. I’m starting to wonder if there was another way to connect to the Apache server but I was relieved when I saw the token.
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE -
FluffyBunny Member Posts: 245 ■■■■■■□□□□I actually couldn’t figure out how to use john the ripper so I used hydra.
Funnily enough, I used Hydra for all four. -
charismaticx Member Posts: 163 ■■■■□□□□□□Didn’t the sweepstakes end a while back. I already took the Pen test + exam and passed.
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE