Attention Pentesters - CompTIA & Immersive Labs

shochanshochan Member Posts: 1,014 ■■■■■■■■□□
Go sign up to test your skills for free...you only have about 20 or so days to get through all the material & it is A LOT of labbin!
https://immersivelabs.com/comptia-competition

Go check it, cheers & Hi5!
CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
«1

Comments

  • coffeeluvrcoffeeluvr Member Posts: 734 ■■■■■□□□□□
    Thanks!
    "Something feels funny, I must be thinking too hard. - Pooh"
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Just to be clear, for the sweepstakes part you only need to do the 4 labs in that particular objective.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Wowwowewa . . . 
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    Huh, that looks fun :) I'll have a go, if only to have a chance to grab a Network+ voucher.
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    edited March 2019
    Huh, that looks fun :) 
    Update: they were fun :smile: Even if the first few steps were frustrating due to the way their labs work. Two hints:
    1. Changing focus before typing takes time. The labs have no problem reacting to mouse-clicks, but after changing focus to a Terminal it can take a few seconds before I can type.
    2. If you're wondering which IP is supposed to be your target: ImmersiveLabs provide that information through the menu-bar at the top. For example, for the DNS labs, hover the word "DNS".
    As prep for CompTIA Pentest+ these labs are pretty darn good. When we discussed the cert a few months back I'd already concluded that you need some pentesting experience to answer the questions; these labs solidify that opinion. 

    EDIT:
    Gah, that DLL hijacking is doing me in! I just don't speak enough C# to quickly hack together what I need. 

    EDIT:
    Guaaraghgh! That focus-not-typing issue with the labs is really, really ticking me off. :angry:

    EDIT:
    YESYESYES! Oh frickin' heck I've gotten it to work. 

    I had completely overlooked the "KALI" label in the ImmersiveLabs menu-bar. I thought you only had the Win2k8 box to work with, so I was trying to work locally. I still don't understand why my own C# code wouldn't work; that would have been much simpler. 
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    edited March 2019
    Holy ****, wait, there's a kali box on that lab? Here I've been transferring binaries through the copy/paste thing!

    But yeah, I feel that pain. Navigating that interface and knowing what to do take a bit. Click Questions to see what you're supposed to do. Click Info to see some more, well...info. Hover/Click on the systems in the top bar to see their info and access them. To copy+paste, go to CTRL+ALT+SHIFT to open/close the clipboard helper.

    Maybe they added the kali yesterday, because I totally swear for the first two days there was only the Win2k8 box, and very few people solving it.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    Holy ****, wait, there's a kali box on that lab?
    Top menu-bar, to the left of the "DLL Hijack" title, there's a "Kali" label. 

    ImmersiveLabs support suggested that I take the "Welcome to ImmersiveLabs" lab, which did in fact point out that the menubar will often include multiple VMs.

  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    That's gotta be new...I'll check tonight after work. I mean, I knew about and used other boxes/items in the other labs, and nothing else was provided in that one previously.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Just wanted to add, I was able to connect from work for once, and I can confirm, that kali box for that lab is new. Hooray!

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    LonerVamp said:
    That's gotta be new...I'll check tonight after work. I mean, I knew about and used other boxes/items in the other labs, and nothing else was provided in that one previously.
    Folks on Reddit are saying the same thing :D "That wasn't there yesterday!"...
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    Does anybody know what the actual cost for this platform is? It's pretty cool but since they don't have prices readily available I can only assume that it's in the several thousands of dollars.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    McxRisley said:
    Does anybody know what the actual cost for this platform is? It's pretty cool but since they don't have prices readily available I can only assume that it's in the several thousands of dollars.
    Yeah, I couldn't find it either.  
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    The lab was interesting, I was hoping to get a CPE Certificate after finishing the lab.
    As per a post on TechExams it will cost 2000$ per user per year.


  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    edited March 2019
    wd40 said:
    As per a post on TechExams it will cost 2000$ per user per year.

     I'll take "Things that make me go NOPE" for $100, Alex.
  • NetworkingStudentNetworkingStudent Member Posts: 1,407 ■■■■■■■■□□
    dang $2,000 a year wowzers.

    I played around with the labs last night for a few hours.  For some reason I couldn't stop playing around with the labs, I was learning alot.  
    When one door closes, another opens; but we often look so long and so regretfully upon the closed door that we do not see the one which has opened."

    --Alexander Graham Bell,
    American inventor
  • gerseygersey Member Posts: 1 ■■□□□□□□□□
    Man I have been beating my head against a wall with the DLL hijacking lab I know the correct dir for the corrupt dll but cant seem to get much past that I have tried reverse_tcp and reverse_http payload with msfvenom and msfconsole neither seem to work I dont want the answer but any help or point in the right direction would be greatly appreciated  
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    You're on the right trick @gersey. Now it's a matter of trouble-shooting. 

    In cases like these, consider:
    * Would it be best to use a complex, or a simple payload?
    * Which port on your Kali box should you be pointing the payload at?
    * Should you choose a staged or an unstaged payload?
    * When generating the payload, are there things you need to be wary of? (Hint: yes there are)
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    edited March 2019
    wd40 said:
    As per a post on TechExams it will cost 2000$ per user per year.

     I'll take "Things that make me go NOPE" for $100, Alex.
    Ya, that's insanely overpriced. As for the labs, has anyone finished the SNMP lab in the CREST training section? I have notified support of an issu with the lab not functioning properly, but they claim it works even though no one has completed it...

    UPDATE: If anyone has completed the PHP: A1 injection or the CREST SNMP lab plz PM me so that I can figure out why these two labs will nto work for me.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • LostnDumbLostnDumb Member Posts: 4 ■■□□□□□□□□
    Oh my GAWSH this is frustrating. I can't figure out what I might be doing wrong with my payload. I know where it goes. I know how to get it there. I know how to reboot the system. But the service opens the DLL and does nothing. ::BEATING HEAD ON WALL::
  • LostnDumbLostnDumb Member Posts: 4 ■■□□□□□□□□
    edited March 2019
    LostnDumb said:
    Oh my GAWSH this is frustrating. I can't figure out what I might be doing wrong with my payload. I know where it goes. I know how to get it there. I know how to reboot the system. But the service opens the DLL and does nothing. ::BEATING HEAD ON WALL::
    OK. I can't stop shaking my head. I tried EVERYTHING and then I made a new friend who showed me what they did compared to what I  did, and they didn't see the THREE letters I typed wrong. FluffyBunny is right that you just need to focus on one very small thing when generating a payload that you wont think matters until you realize one cannot be run that way. I feel so dumb for taking 4 days on this but that's something I wont soon forget!
    EDIT:
    HINT: If you do it right, you'll know before the Windows box logs in.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    edited March 2019
    I need to review the CompTIA labs again. I was pretty tired when I looked at it and I was more than a little confused with the objectives for the first lab. I am struggling with the labs I am finding. Not enough step by step for a newbie to know what to do. When I was getting my CCNA the labs were great for learning how to perform a task. The ones in Mike Chapple's book is lacking and I've been struggling with successfully completing the labs.

    I might be too left brained to easily learn how to do pentesting.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • LostnDumbLostnDumb Member Posts: 4 ■■□□□□□□□□
    I need to review the CompTIA labs again. I was pretty tired when I looked at it and I was more than a little confused with the objectives for the first lab. I am struggling with the labs I am finding. Not enough step by step for a newbie to know what to do. When I was getting my CCNA the labs were great for learning how to perform a task. The ones in Mike Chapple's book is lacking and I've been struggling with successfully completing the labs.

    I might be too left brained to easily learn how to do pentesting.

    Just give it time and remember Google is always your friend in this stuff. Also, the INFO section and the questions are huge hints to the objectives and where to go. I'm by no means good at pen testing, but after staring and googling, I was able to figure most stuff out.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Also keep in mind they are not intending the labs to be teaching labs. They expect you to go elsewhere to find the answers/research. These are mo like practice labs or similar to some simulation you might find during an exam (in theory, I guess). Expectations. :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    I haven't had a chance to circle back to these labs. I'm still struggling with the labs in the Pentest+ books, which don't provide much information. 

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • charismaticxcharismaticx Member Posts: 163 ■■■■□□□□□□
    I'm actually stuck on the last question on brute force. I can't figure out how to connect to the http server. 

    Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect

    Goals: PNPT; OSCP; GPYC; GSE
  • LostnDumbLostnDumb Member Posts: 4 ■■□□□□□□□□
    I'm actually stuck on the last question on brute force. I can't figure out how to connect to the http server. 
    Think about the services/ports you used to discover passwords of any other users. Jimmy has 2 passwords and only one you use. Why don't you see if other services/ports allow users other than specified in the info and figure out if there's a password there? Most people use the same password to access their computer as they do their email, work email, and anything else. Discover one and it might be the way you get into another.
  • charismaticxcharismaticx Member Posts: 163 ■■■■□□□□□□
    edited March 2019
    I didn’t even know Jimmy had two passwords. I actually couldn’t figure out how to use john the ripper so I used hydra. I actually just finished the lab just now. It was a combination of being creative and looking at the file path. I didn’t have a problem getting the passwords but I wasn’t even sure on how to access the web server. I’m starting to wonder if there was another way to connect to the Apache server but I was relieved when I saw the token. 

    Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect

    Goals: PNPT; OSCP; GPYC; GSE
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
     I actually couldn’t figure out how to use john the ripper so I used hydra.

    Funnily enough, I used Hydra for all four. :)
  • dkorzhevindkorzhevin Member Posts: 51 ■■■□□□□□□□
    Overpriced IMHO. I strongly suggest to look at: https://www.hackthebox.eu/

  • charismaticxcharismaticx Member Posts: 163 ■■■■□□□□□□
    Didn’t the sweepstakes end a while back. I already took the Pen test + exam and passed.

    Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect

    Goals: PNPT; OSCP; GPYC; GSE
Sign In or Register to comment.