[CTF] 召IT JJ一齊玩CTF
async94
141 回覆
5 Like
0 Dislike
囉完pr後再等三年左右passport後先可以
見你咁講,你應該做緊web pentest?
多多指教新加坡有冇remote
我最近睇發現香港完全冇remote工
仲想話揾下香港remote番添
樓上呢條link,可以pm佢入discord,佢哋好似幾active
https://twitter.com/BlackB6a?s=09
我最近睇發現香港完全冇remote工
仲想話揾下香港remote番添
樓上呢條link,可以pm佢入discord,佢哋好似幾active
https://twitter.com/BlackB6a?s=09
應該 Crypto 啲公司有remote ? Offsec 自己都有請人,請唔請我係另一回事
巴打我啱啱報左OSWE
我見考試個pts allocation好似冇oscp講得咁details
可唔可以confirm下我so far online見到嘅info
兩部機
85/100分合格
每部要交一份PoC script print local and proof.txt
我見example report有幾個vuln,都align我見到話要chain埋佢地
但唔明個分係點分配,suppose唔洗priv esc,咁我搵到每個vuln就around 10-20分咁
?
全部vuln print到proof+local就50分
我見考試個pts allocation好似冇oscp講得咁details
可唔可以confirm下我so far online見到嘅info
兩部機
85/100分合格
每部要交一份PoC script print local and proof.txt
我見example report有幾個vuln,都align我見到話要chain埋佢地
但唔明個分係點分配,suppose唔洗priv esc,咁我搵到每個vuln就around 10-20分咁
?全部vuln print到proof+local就50分
咦我好似揾到個網寫得好 details了,但連kali都係佢比你,咁rdp入去,啲ide果啲就要啲咩自己到時先裝?
What Do You Need To Know About The Exam?
The exam is scheduled for 47 hours and 45 minutes. During this time, proctors assigned by the Offensive Security company would be able to monitor your machine and you. 15 minutes before the exam starts, the proctor assigned to you will check the requirements to be eligible for the exam. Since these procedures can take up to 15 minutes, we suggest setting up the test environment and requirements ahead of time. Furthermore, there should not be any electronic equipment on the table where you will take the exam.
In total, there are 5 separate machines in the exam. 2 of these machines have local.txt and proof.txt files. You need to get them and your reports.
The other 2 are machines are exact copies of the first 2 machines, where you can perform debugging operations. Therefore, the credentials of these 2 machines are shared with you, and you can do white-box pen-testing. The last machine is the Kali Linux machine that you can use if you want.
Except for the Kali Linux machine, other machines have web applications written in different programming languages. You are expected to examine the web application source codes using two debug machines, identify specially placed vulnerabilities and write the exploit code. Using the exploit code prepared, you have to exploit machines and read local.txt and proof.txt files.
Each machine consists of 2 stages. In the first stage, you need to access and read the local.txt file using authentication bypass vulnerability. In the second stage, you need to read the proof.txt file with the remote code execution vulnerability. Authentication Bypass operations are evaluated with 35 points, while Remote Code Execution operations are evaluated at 15 points. The minimum score to pass the exam is 85. It is also necessary to write a single exploit code that reads local.txt and proof.txt for at least one machine.
It is strictly forbidden to use any source code analysis tool, vulnerability scanning tool, or automatic exploitation tool in the exam. Operations are required to be completely manual. The ysoserial tool can be used for deserialization.
What Do You Need To Know About The Exam?
The exam is scheduled for 47 hours and 45 minutes. During this time, proctors assigned by the Offensive Security company would be able to monitor your machine and you. 15 minutes before the exam starts, the proctor assigned to you will check the requirements to be eligible for the exam. Since these procedures can take up to 15 minutes, we suggest setting up the test environment and requirements ahead of time. Furthermore, there should not be any electronic equipment on the table where you will take the exam.
In total, there are 5 separate machines in the exam. 2 of these machines have local.txt and proof.txt files. You need to get them and your reports.
The other 2 are machines are exact copies of the first 2 machines, where you can perform debugging operations. Therefore, the credentials of these 2 machines are shared with you, and you can do white-box pen-testing. The last machine is the Kali Linux machine that you can use if you want.
Except for the Kali Linux machine, other machines have web applications written in different programming languages. You are expected to examine the web application source codes using two debug machines, identify specially placed vulnerabilities and write the exploit code. Using the exploit code prepared, you have to exploit machines and read local.txt and proof.txt files.
Each machine consists of 2 stages. In the first stage, you need to access and read the local.txt file using authentication bypass vulnerability. In the second stage, you need to read the proof.txt file with the remote code execution vulnerability. Authentication Bypass operations are evaluated with 35 points, while Remote Code Execution operations are evaluated at 15 points. The minimum score to pass the exam is 85. It is also necessary to write a single exploit code that reads local.txt and proof.txt for at least one machine.
It is strictly forbidden to use any source code analysis tool, vulnerability scanning tool, or automatic exploitation tool in the exam. Operations are required to be completely manual. The ysoserial tool can be used for deserialization.
佢教你用既都基本上有晒係入面 你唔洗做local privsec local 係會係啲code入面搵到
你唔洗做local privsec local 係會係啲code入面搵到啱啱開始喺atutor個blind sqli到
見佢用grep揾翻個function想話用ide直接step in好似易好多
好似睇過有個utube review話pull唔到啲source code落自己機,要喺佢部機裝要嘅tools(i guess he mean ide) whitebox test
見佢用grep揾翻個function想話用ide直接step in好似易好多
好似睇過有個utube review話pull唔到啲source code落自己機,要喺佢部機裝要嘅tools(i guess he mean ide) whitebox test
佢個到已經裝左vscode
但最好有兩手準備
