+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 30
  1. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #1

    Smile I can show you the door, But you got to Walk thru for OSCP

    Hello all,

    I came across this forum recently, though I have been member of ethicalhacker. Its been quite interesting to read everyone's experience and their walk through OSCP. Its been inspiring and thought to start my thread, which might help people with similar kind of background and their thoughts to attempt OSCP.

    I'm working in IT for very long number of years, lets say, 20+years and have worked in Development when starting my career with C,C++,VC++ language and moved into ASP,VB, JScript etc... Over a decade transitioned myself into Testing like Performance testing, Functional automation testing on multi domain areas. You guys can get an idea when I said 20 years into IT means I have worked in most domains. My interests started focussing into Security testing being niche area and one cannot master all aspects of it and got to focus on certain area and specialise and slowly build up specialities in it.

    Now back to reality and hope not to bore too much on history....

    Around 2 years back, started to study security testing and build up my basic knowledge on it. I'm very much into Windows environment and Linux/Unix environment is like foreign land though on my career I have come across unix environment while testing application, my knowledge was in and round listing, copy, move, change directory, change permission level. I came across OSCP and there was a debate in myself to whether opt for OSCP or eCPPT. I understood the magnitude of OSCP and necessary time to develop my skill, considering my family and work nature, I preferred to do eCPPT. It was a wonderful journey which put me to crawl and foot strong enough to manage and stand myself. Completed the course and felt very happy. I thought to myself that the website I come across would have vulnerability SQLInjection and XSS injection, directory traversal etc.... But again the reality is not every website is like that in outside world. I tried to implement my newly developed skill at my workplace though my role was Automation specialist. There was a good understanding from my management on my skill and trying to bring in new technology into work place.

    ummmm, I believe readers should be given ample break enough to understand the path I'm trying walk, So I do not want you guys to get exhausted on my first post, Okay for now, I give a Break........Cont.....
    Last edited by unkn0wnsh3ll; 07-01-2015 at 09:05 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #2
    Now its your choice to continue the second post at a stretch or take a break and come back

    Continuing from previous post, My work place was happy on new technology and new process I'm trying to bring into place. There was a new position put in place at infrastructure team "Security Manager" [Please dont think I was given that opportunity ] One of the senior person in the infrastructure team was given Security Manager and I started interacting with him and shown some demos and my qualification which resulted positive for me.

    At this point of time, Atleast for the market purpose, I need to equip with other certifications and hence opted for Certified Ethical Hacker sponsored by company and ECSA out of my pocket. Frankly speaking Certified Ethical Hacking is very well worth in terms of more in theory and considering the study like BootCamp in training institute and writing the multiple choice answers at the end 4 days is not giving much technical knowledge. Since I had idea of eCPPT, I somehow sailed past the CEH and ECSA and that year was like big achievement to me as I got completed eCPPT, CEH, and ECSA. At workplace only couple of people who knows the value of Security understood the achievement. There was a career move which had to do with more of travelling. This eventually put me off the Security domain for last two years to be precise, though I have been updating myself with articles which i read across blogs. After couple of jumps in my career, I have settled with my current job and thinking of continuing my passion to study OSCP.

    By the way, I would like to highlight, I do not know whether I will enter into Security Domain or not, but the passion keeps me to learn new. I have gone through so many reviews on OSCP and understood, I need to equip myself first before opening the door. I'm not sure if I'm taking right approach, but first thing I started to Hit in my list was Buffer Overflow. I do not have idea why I choose this, but I have interest for Exploit Research Development and hence I was dragged into it....I started to learn through corelean, Fuzzsecurity, SecuritySift, Grey Corner, Security tube websites and understood the basic concepts. These websites helped understand concept on different people's point of view and when working on video based Megaprimer on Vivek Ramachandran's Securitytube, It straight hit my head while practicing the demo. It is such an awesome subject, I'm still in amateure level, yet to learn DEP, ASLR, ROP concepts. But I think for OSCP level basic should be fine, though when I get time, I will try to learn these too before starting OSCP...

    Next I'm also started working on shell script... Trying to bridge the gap of my simple commands and learning grep, Sed, Awk, find commands to write shell script...Learning Python is in queue, but when working on Exploit research primer, I was able to write Basic Exploit POC and develop to working exploit. Not sure if this python knowledge is enough for OSCP... May be You guys could tell me...

    I have setup a virtual lab at home where I have downloaded vulnerable ISO's. I was able to do Nebula level00, though I came across few hints on website. ISO's like De-Ice, Holynix etc is also in my lab. I do not have clue on how to break in after certain level.

    I understand certain steps like reconnaissance, finding out Services,ports and versions of OS, Services etc, but the thing is it straight hits blank what next. Then started working on based on information gathered, I have venture into those service and try find out exploits etc... I believe eCPPT is like working on website security testing, where we are given with vulnerable ISO and start to test it. Whereas, on OSCP every newbie or a learner might have faced this, after this particular process "What Am I to do with this information?"....

    To continue......
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Jul 2014
    Posts
    7

    Certifications
    OSCP, OSCE
    #3
    It sounds like you're more than enough prepared to take OSCP...

    For OSCP, you're practice with python and your ability to write basic exploit POCs is more than sufficient to jump into the labs and begin learning even more. In my opinion, you should just jump in, and all the practice (and fun) you'll get in the labs will be more valuable than trying to prepare outside of the course
    Reply With Quote Quote  

  5. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #4
    Thanks Jaxin for your input, it is giving me confidence... I will think about it sure....
    Reply With Quote Quote  

  6. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #5
    If you are comfortable with the Linux CLI, you should do well in the course.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  7. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #6
    Hi Mr.Agent
    To some extent confident on basics, but not sure or used sed/awk/find/grep a lot.....also would like to know some of linux basics on mounting, etc....Just trying to brush up on those, again I believe when I join course i could pick up these, but just to make sure to save little bit of googling during the course time By the way thanks for your encouragement...
    Reply With Quote Quote  

  8. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #7
    Update:
    After my couple of post and my ongoing preparation, I started to continue to work on couple of Buffer Overflow exploit. damn, one of the exploit I created a week back was overwritten by me, as the exploit I was dealing with similar filename (Freesshd and Freefloatftp). So continued with new work on FreeSShd and it was not was not working with my exploit as expected...Something was wrong and couldn't identify it, Code wise all looked fine, so went through video on SecurityTube and verified, they all looked perfect but still didn't work. After spending 1.5 hrs, I moved away from this and started to watch movie sometime (hardly after 20 minutes), Now mind started wandering again to check on exploit. I again started to write the exploit from the beginning by Injecting 'n' number of "A"'s, created pattern, find out the offset on both register, Identified Bad Chars, Located JMP ESP address , then overwrite them accordingly, finally add Shellcode, Executed, Still not working. This Cycle went on twice. On the second attempt, deleted all the variable and values from Python script and created from scratch and executed it, At that moment noticed In ImmunityDebugger, that only one line of Shellcode Hex values are loaded, Now I'm sure shellcode variable is not sent fully, then realized the silly mistake I did, Its obviously to add the Brackets on Shell code. Bingo, straight it worked. Hours spent on reworking and identifying this silly mistake 2 hours. Though the time spent may be too much, but worth learning as next time, wouldn't make this mistake or even if I make it, I would be able to find out quickly.

    Now going through SEH Exploit with which it completes in Securitytube Exploit Research Megaprimer. After this planning to spend sometime learning Buffer Overflow Megaprimer which I believe focus on Linux with C coding, compiling etc...

    Hope I did not bore you with this stuff explaining, I hope it may help someone if they face similar kind of issue in different aspect...

    To cont...
    Reply With Quote Quote  

  9. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #8
    This will be a big help for you in the OSCP course.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  10. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #9
    Another amazing couple of days, worked on parallel with Vivek's video (Security Tube) on EchoServer-Memcpy V2 and V3 modules. V2 was straight forward, but V3 troubled a lot, thought to myself it would be easy piece of cake during the first part. I was feeling to optimistic at one point and paused the video to complete my exploit and ran it, Ding, It crashed and was not sure of finding a way and spent till late midnight... Went to bed as got to go work in the morning. Watched the 2nd part video and understood I wouldnt have sorted even If I worked myself to find the issue. Awesome learning on v3 Echo-Server memcpy. I think with this its for the day. Another two more downloaded to work during the weekends to see how far I'm confident (Its one Digital TV Player and DVD Professional Exploit).
    See you soon......

    cont.......
    Reply With Quote Quote  

  11. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #10
    Finally, took some courage to dive into course, expected start date 19-Jul-2015. I hope in this 1 week period, I will try to work on Linux based exploits and create and compile C programs etc...Again, I have read the concepts of Linux exploits by googling, it looks like mostly all based in command line with gdb, objdump and pass Vulnerable/junk characters/shell code in command line....fingers crossed.... Going forward I will keep my update in this thread. Guys if anyone else joining please see you can reach me on IRC with my same username unkn0wnsh3ll. I see Mocambo is starting next week, hope if OK with you we can join together to motivate each other and work on the course.....
    Ciao, Cheers.
    Reply With Quote Quote  

  12. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #11
    Further update, got my credentials and VPN connection to test, I have been using Virtual box in the past, but installed VMware fusion this time after one of my colleague suggested it. It is awesome, VPN test passed.
    One doubts to clarify to you guys who has taken OSCP.... After installing KALI linux latest version on to VMware, i have booted it and checked ifconfig, it was displaying in different series compared to the one I installed in Virtual box... I got it in 172 series in VMWare (NAT connection which is default i selected ) whereas virtual box shows 192.168.x.x series....But anyway, as per lab guide I am able to ping from the list given to me.
    Reply With Quote Quote  

  13. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #12
    Hi all,

    Accounts activated today early morning with my started pack and videos, lab guide, pdfs etc...
    So far looking good, Day1 going on well with exercise and Video on parallel.
    I will keep update on the same,

    Cheers
    Last edited by unkn0wnsh3ll; 07-21-2015 at 10:39 AM.
    Reply With Quote Quote  

  14. Member
    Join Date
    Jul 2015
    Posts
    59
    #13
    Quote Originally Posted by unkn0wnsh3ll View Post
    One doubts to clarify to you guys who has taken OSCP.... After installing KALI linux latest version on to VMware, i have booted it and checked ifconfig, it was displaying in different series compared to the one I installed in Virtual box... I got it in 172 series in VMWare (NAT connection which is default i selected ) whereas virtual box shows 192.168.x.x series....But anyway, as per lab guide I am able to ping from the list given to me.
    Both 172.16.0.0/12 and 192.168.0.0/16 are private IP spaces (as well as 10.0.0.0/8 per RFC 1918. When using NAT in this manner, it does not matter what your private IP ranges are (you should still use something in RFC 1918. Additionally, you can change your virtual network adapter to serve out whatever CIDR addresses you want.
    Reply With Quote Quote  

  15. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #14
    Quote Originally Posted by MrAgent View Post
    This will be a big help for you in the OSCP course.
    Hi Mr.Agent,

    As you said, on looking at the OSCP material, it is helping a lot...for Buffer overflow ... I hope I can complete Buffer overflow module little earlier than I thought....... Anyway I'm still in initial modules....
    By the way, understanding through mindmap helps a lot....

    To new joinees,

    I got mindmap for netcat from google, which is quite very handy...
    http://www.mindcert.com/category/mind-mapping/. Again, if you can prepare by yourself, its well good...
    Last edited by unkn0wnsh3ll; 07-21-2015 at 10:38 AM.
    Reply With Quote Quote  

  16. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #15
    Oh my god with this sharing problem in VMware, it took my whole evening yesterday study time. Not sure what was the trouble, I had downloaded and setup my lab with Kali-Linux i386 (no pae) version using VMWare Fusion. Drag and Drop / Copy and paste from Host to Guest was working fine. But share folder was not working, I couldnt see VMWare share folder directory in Desktop in KaliLinux. Seems there was some mounting problem. Tried Uninstall and install VMWare Tools, then it was evident that Linux-Headers was not updated. As per google advice tried with apt-get install Linux-headers-$(uname -r), it replied back saying linux-header not found for the kernel version 3.18. So unfortunate, eventually started to check my mail to download KaliLinux as given in link. Again it was easy to import the .vmdk files from the list (though I had around 10-12 .vmdk files totaling to 3.2GB size.

    All I was trying is open VMWare fusion, File->Import->navigate to directory to select the .vmdk file, All the files are greyout and not allowed to select in Mac. Fedup with this process, tried creating New Virtual Disk as Debian 7.x and tried adding as existing virtual disk, now one of the file is enabled to select. Now I was able to get the Kali Linux setup as sent in email as link by Offsec.

    Now still the question remains,
    1. Why did the download had more than one .vmdk files,
    2. Why was I not able to select any .vmdk files when trying to import
    3. Why was only one .vmdk file was available to select (which was hardly less in size compared to other) out of approx 10 files.
    Can some one clarify me please.....

    Cheers
    Reply With Quote Quote  

  17. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #16
    Hi all,
    Just a clarification, when we work on exercise modules, we work module by module, eventually at certain exercise we come across certain vulnerability (like SMB/SMTP etc). We know it is vulnerability and there is a way which has been suggested by scanner... Do you start exploiting immediately or still continue on exercise and finish the exercise lab, then start to exploit the network....?

    I'm aware which exploit to use at this early stage (just in second week of course)but do not know or aware of certain things like uploading the exploit into vulnerable system. Could someone point me how you guys have approached....? (like finished exercise and start rooting machines or work in exercise and parallely root machine when you come across.)

    Cheers
    Reply With Quote Quote  

  18. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #17
    Well, well, well, Here it comes,
    Got fed up / tired on compiling the exploit downloaded from EDB. So used Metaspolit to explore and get necessary proofs on two machines...Still, I'm yet to try compiling the exploit in windows environment and try it manually... I had trouble with cross compiling and the executable which came with exploit didn't connect to vulnerable machine.....So pwned - 2

    In one of the exploit version, it says stdafx.h or rpc.h no such file or directory...or other one has some syntax error...with Vim editor, I find difficult to say if syntax is correct or not with that huge code.....So will try installing an editor like TurboC or Visual Express in Windows environment....

    Owned: 2, Vulnerable count: x-2 (Do not want to disclose the x value set by OSCP guys)

    Cheers
    Reply With Quote Quote  

  19. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #18
    Well, well, Starting sounds good right?, Yep true,

    Got one more into my bucket... Again I believe this is what they refer as Low hanging fruit... Still yet to setup Visual Studio 2005 onto WinXP. Since mid of last week, Project was going live, which got me tied up and couldn't spend more time to setup VS2005. Anyway, Yesterday took a random IP from control panel, Sounds interesting, looks like it is an BufferOverflow on linux environment. The trouble is before starting the course I did few Buffer overflow on Windows and didn't try in Linux . So I got to work on it for couple of days with the help of Mr.Vivek Ramachandran SecurityTube.net, though the concepts are same, need to get some information like how to findout return address, etc without crashing the service...(May be I'm wrong on my assumption, but will be clarified after my study on the same) and will catch up back here...
    Ciao
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    May 2013
    Posts
    1,123

    Certifications
    GWAPT, GSEC, Associate of (ISC)2, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #19
    Quote Originally Posted by unkn0wnsh3ll View Post
    Hi all,
    Just a clarification, when we work on exercise modules, we work module by module, eventually at certain exercise we come across certain vulnerability (like SMB/SMTP etc). We know it is vulnerability and there is a way which has been suggested by scanner... Do you start exploiting immediately or still continue on exercise and finish the exercise lab, then start to exploit the network....?

    I'm aware which exploit to use at this early stage (just in second week of course)but do not know or aware of certain things like uploading the exploit into vulnerable system. Could someone point me how you guys have approached....? (like finished exercise and start rooting machines or work in exercise and parallely root machine when you come across.)

    Cheers
    I have been approaching it by going through the course material and then once done, I will have around 60 days to attack machines. I have also been working on my scripting so hopefully that approach works well.
    Reply With Quote Quote  

  21. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #20
    sorry guys, Forgot to update my score

    Identified Vulnerability in 1 machine yesterday. I couldn't provide the detail of exploit as it was very interesting in terms of Webexploit.... hope will exploit it in a day or two then another as posted earlier on BufferOverflow exploit machine, which I need to work on Linux BOF exploit....

    Owned: 3, Vulnerable count: x-3 (Do not want to disclose the x value set by OSCP guys)


    Cheers
    Reply With Quote Quote  

  22. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #21
    Quote Originally Posted by TechGuru80 View Post
    I have been approaching it by going through the course material and then once done, I will have around 60 days to attack machines. I have also been working on my scripting so hopefully that approach works well.
    Hi techGuru80, I'm doing slightly different, I watched videos and studied manual till the chapter before buffer overflow. (I wanted to finish full video and exercise manual first, but started feeling very sleepy day after day and not motivation for me), So started to scan and exploit as some exercise matches in student lab to exploit. Working along that side, I try to get myself comfortable in information gathering which sometimes points at different direction. If those direction are in my scope of knowledge I try to exploit. Now as I have come across buffer overflow, I take a step back to learn on that concept for a day or two or so and start back again....Its just a trail and error basis, I'm trying to fit my study style which gives some moral boost in terms of exploit , learn and exploit pattern.
    Cheers
    Reply With Quote Quote  

  23. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #22
    Well, here come again,

    Fortunately or unfortunately, I got a vulnerable machine which possibly may have bufferoverflow exploit and which kept going on loop where there is possibility it could have another vulnerability to take advantage. Checking with offsec admin, I was told to take up another machine and come back to this with fresh look.

    Here I took a machine which I understood after roughly 3 days that it may be Bob ... On initial exploit I confirmed myself that it is BOB. But damn, I didnt think it will eat me for next 10 days (by the way, 10 days includes my week day working on lab around 4-5 hours, and weekend 5-6hours). I'm pretty sure the more the days I take, the more I'm going to learn on this machine. I tried different attack vectors and got struck with low priv account. After a lots and lots of try with pointer from our buddy Jollyfrogs, able to crack Bob(and his twin brother) yesterday night. Wow, it was awesome to finally get escalated to privileged user and gather the necessary details. Again, it was an awesome learning during this course of fight against BOB's. By the way , while fighting with BOB, for refresh, just reverted a random IP which was not used for quite sometime and checked in UI, it seems the name was Bethany, Ooops, then decided, I have to equip myself into Bob's and then move step by step rather one big step.

    Owned: 5, Vulnerable count: x-5 (Do not want to disclose the x value set by OSCP guys)

    Cheers
    Reply With Quote Quote  

  24. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #23
    Hi all,

    Good time in weekend, though with bit tight schedule, I was able to crack on one more machine...Quite interesting, I cracked it using metasploit, and trying manually where I do have found a way to perform it. Hence the count as below

    Owned: 6, Vulnerable count: x-6 (Do not want to disclose the x value set by OSCP guys)

    Cheers
    Reply With Quote Quote  

  25. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #24
    Hi all,

    Since my last post in August, its been busy in lab and work. At times I was going on with couple of lab machines for couple of weeks. Im taking slowly and not in a hurry though at the same time keeping the pace on Lab machines as if there is any gap then it is very hard to push motivate myself to get into lab.

    Currently Working on Sufferance,Bethany,Sean,Fermitter.

    Owned: 15, Vulnerable count: x-15 (Do not want to disclose the x value set by OSCP guys)

    Cheers
    Reply With Quote Quote  

  26. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #25

    Default Where Am I?

    Its been quite little long, Lab is keeping busy with more complex virtual machines and at the same time work is taking toll. Balancing both is quite hard at the moment. My 90 days lab time finishes this Saturday.

    So what did I learn since the time I have joined, it was a roller coaster ride. Initial few machines was easier and some were tough which took over couple of weeks. Once on grabbing over 14+ machines, one gets to understand what to look for and usage of tools to complement and exploit the machine. There are some simple machines which over complicate the way we start thinking.

    What Am I going to do next after the lab finishes? - ummm, planning to take exam to see how my skills are and where it needs to be sharpened. I will keep you updated post exam and my developments.

    Cheers
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks