+ Reply to Thread
Page 3 of 5 First 123 45 Last
Results 51 to 75 of 109
  1. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #51
    I start OSCP in two weeks. I'm excited. Keep the updates coming, you are kicking ass.
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #52
    Day 50

    Well it says I'm down to 40 days lab time. I'm feeling pretty good about my progress, finished 2 more boxes in the last couple of days, even with the holidays. I've been alternating back and forth between some of the harder boxes and random other ones. To the best of my knowledge I have about 20 boxes left in the lab and 1 more network secret to go. Its definitely getting harder, the low handing fruit is gone. I seem to have mostly web based applications left to exploit, and that can be kind of slow for me.

    I had fallen into a rut of using my core 'goto' tools. Now I'm expanding and going thru some of the other resources on the distro. Finally used OpenVas once, did a few scans, but it didn't really help me any. Xprobe2 has proved useful, don't always trust the results of a single tool, try and double check things.

    34 rooted, I finnally escalated the limited shell I've had hanging around for 1 month.
    Reply With Quote Quote  

  4. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #53
    Do you think you are missing out on info from previous boxes? Do you feel like you've thoroughly pillaged them? How long do you spend on post-exploit enumeration? Have you developed a methodical method yet or do you still kind of make it up as you go?

    you have 40 days left? You'll have them all before it's finished!
    Reply With Quote Quote  

  5. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #54
    I'm sure I've missed something from boxes, Whether or not its important I don't know. They have a tendency to make important things reasonably obvious. With the occasional something buried deeper, and a healthy mix of decoys or teases. I'm defiantly getting into harder boxes now, so its slowing my progress. Combined with my ADD and OCD, I focus for a while then move on.

    I guarantee I'm not doing the most thorough job looting. There's 3 key things I focus on. Files in home/root directories/documents/desktops, Netstat for machines connecting to and from and Password hashes. I dig deeper when my gut feels the need.

    Whether I can finish them all I don't know there defiantly getting more obscure entry points, or require other dependencies. Did root another one EDB the flavor of the month, I probably need to go back to the admin network.

    35 Down, and I think 19 to go.
    Reply With Quote Quote  

  6. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,284

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #55
    You're making good progress. I am sure you will do well on the exam.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  7. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #56
    Does anyone know the scheduling delay when you want to schedule your exam? I'm thinking of rushing the exam because I have a security conference I'm going to to in 10 days, and there's also a job posting requesting it. I don't actually mind failing it , I'm inclined to pay for more lab time regardless of how I do, or should I say work will

    Day 54
    I got a lead on the admin network , and it made me feel pretty stupid, but that's life. Running with it I've gotten 2 of the machines in the admin network, and the last network key! I've actually made more progress there and in the IT network than the dev network.

    Happy New Years everyone.

    Score is 37 rooted 17 to go (or so I think)
    Reply With Quote Quote  

  8. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,284

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #57
    Just click on the link they sent you in the email. You can pick a day and time that's available. You'll get a confirmation email after that. At the exact time your exam starts you'll get an email with info on how to connect to exam. Pretty easy process.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Oct 2014
    Posts
    17

    Certifications
    C|EH, Security+, MCITP Enterprise Administrator, Zen desktop, Zen server, ITIL V3 Foundation, CCENT
    #58
    I Have seriously enjoyed reading through the experience thus far. I am looking forward to doing this one.

    I shall start in a few weeks.
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Oct 2014
    Posts
    17

    Certifications
    C|EH, Security+, MCITP Enterprise Administrator, Zen desktop, Zen server, ITIL V3 Foundation, CCENT
    #59
    Forgot to mention. I wish you all the luck for your exam.
    Reply With Quote Quote  

  11. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #60
    Thank you for the encouragement everyone.

    Day xx

    I've slowed down a bit and took an entire day away from the labs. I did get into a 3rd box in the admin network, but its not what i'd call an accomplishment. It was , how to put this, sad. Gave up creds easily, and it even had the credentials for the Metasploit box. Which isn't as big as an advantage as you would think. I would say i'm still not proficient with it as an automated tool. It also looks like it doesn't count as a 'target' in the count, so I'm removing it from my estimated totals.

    The last box in the admin network looks a bit more challenging, at least for me. I haven't found a good entry point yet at all. You also have the additional challenge of maintaining access across 2+ networks. Most of my remaining boxes, look to be mostly web based attacks of either SQLi or LFI/RFI. And the other albatross of Pedro still hanging around my neck. I just cant find the damn item to send to him.

    I have right about 30 days left of lab time, but I will be at a conference in Miami in next week. I've decided not to rush the test this week, and I'll wait till my time expires. I enjoy the labs too much, at least some times.

    I'd like to point out to the ones working up to the class, that there is often more than 1 way to get into a target. Often I've got into one, and noticed installed software that I know has some kind of exploits available for it, But I didn't approach it from that route. Often it looks to be harder than what I did. Consider all of your options.

    I'll throw a note about passwords, some are reusable but most are not. Some are extremely simple, most are not. I've had minimal success with John the ripper, I think it only broke 2 for me, and they were so easy they were intended to be found. I'd almost say if it doesn't find it in 5 minutes its not going to. Find a good site for breaking hashes, they'll provide you a link to the OFFSEC one, but I had better luck at a different one.
    ALWAYS try the OBVIOUS.

    38 rooted, 15 to go
    All networks found
    MSF creds as well.
    Reply With Quote Quote  

  12. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #61
    Day 61

    Things have defiantly slowed down, trying to get back into work after the holidays, I rooted one that I had the information I needed for it already. Sometimes you have to fall back and review what you have in a little detail. I've been looking for one running a webpage that my next target is checking, but I haven't found which one its checking. It did highlight that i was sloppy when going thru the early machines. Information I consider standard to collect now, didn't always get collected when I started, so I've gone back to some of the machines. It also really tests how well you documented your exploitation process.

    Back to the web server, I still havent found what its talking too, so I thought I got clever. I ran wireshark for a day logging all Arp requests to or from that machine. I figured if it connects to another machine, It would have to arp it to start the connection sequence. In theory it worked but the only thing I identified was a connection to a DNS Server. I still think the whole process is a valid test, and and in the bigger scheme of things you might get a overview of some of lab connections by mapping all their arp requests, there will be some false starts, and you'll have to filter out all student requests.

    You'll have to evalaute the false Domain/DNS/SMB type of requests, but whats left might give you idea of the web interconnects. I also tried a directed arp-scan at my target interrogating for every lab ip address. but it only responded to its own, and in a directed fashion. So you wont see its responses , just requests in most cases.

    I'll have some time this weekend, but I'll be out of town for 5 days, So I probably won't update for a week or so.

    39 down 14 to go
    Reply With Quote Quote  

  13. Member
    Join Date
    Jan 2016
    Posts
    56
    #62
    hey jebjeb cheers for the thread its a good read.

    I have a random question thats been bugging me. During your lab time, how often did other students working on a machine impact you? Like has it been quite common to be halfway through an exploit to have someone revert the machine.

    Also, how full would you say the course is, as in, is it difficult for yourself to find a machine to work on so that you don't do the above to someone else?
    Reply With Quote Quote  

  14. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #63
    Day 62

    Small update, I finished another machine last night. It was actually an easy one, sometimes you just overlook small details. It was in the Dev network where most appear to be Windows machines.



    invictus_123: Its not too bad, If you consider the publicly know numbers. There's 42 machines with 3 duplicates in the current version of the main lab network. They have it it subnetted into a /23 so there's 500 open IPs. Each student has 2 ips, his vpn one and his win 7 lab VM. While I have run into a couple of people, its impossible to tell the real scope of students. Often you won't know unless they change something on your target while your watching. After you compromise a machine, and you check NETSTAT you have some idea of how many people were interacting with it, but your not ever sure.

    I guess you could sniff all broadcasts over time to get an idea about how many students there are, but I seldom had an issue in the main area. I did have a small overlap with another student, where our particular work schedule aligned, and we were both trying to take over 1 of a small group of machines in another network to use it as a pivot platform to another one. I do recommend you check how long since the last revert of a machine, it will give you a idea of how active it is, and reverting it yourself, kind of stakes out a flag that your there. But many people won't bother checking.

    So I don't think you'll have any real problem finding targets to work on.

    Late update: rooted one more, and one thing to note, when dealing with SMB exploits, there are many that use NULL or blank creds. But sometimes you'll get different results if override them and add creds you may have.

    41 down 12 to go, and I'm going dark for a week.

    One of my remaining ones Im confused about, its a type of "proxy or gateway" to another network, but it has a revert listing in the control panel. I'm not sure if I need to hack it or not.
    Last edited by Jebjeb; 01-10-2016 at 04:56 PM. Reason: late update
    Reply With Quote Quote  

  15. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #64
    Still the same day, but had a nice run of luck/skill and appears that I've swept almost all of the Dev network, one left. That's 3 machines today alone. They all have some narrow crack of things you have to leverage thru. Ill mention one general hint, some of these networks are proxies, and not all of your return addressing can get thru.


    43 down / 10 to go

    Nevermind the last ones a proxy and not in scope, confusing because it has a revert ip in the control panel. And marked another one off as well.

    43 down 7 to go
    Last edited by Jebjeb; 01-10-2016 at 09:19 PM. Reason: additional info
    Reply With Quote Quote  

  16. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #65
    I started the OSCP yesterday. I'm really enjoying the content so far. Thanks for posting! You are awesome!
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Jul 2015
    Location
    Texas
    Posts
    8

    Certifications
    A+, Net+, CCNA, CCNA Security, Linux +, Project +, CEH
    #66
    Good luck, you're very lucky, unlike some of us, who loath challenges. Let us know if your progress, it may motivate us enough to sign up as well.
    Reply With Quote Quote  

  18. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #67
    Day 69

    Well back and refreshed, time away did some good. I juggle some information I already knew and knocked off my personal albatross of Pedro this morning.

    I'm left with some of the harder machines left in the lab now, ghost, sufferance, humble as well as an unknown name, cory and jack. I feel good that I'm ok for the test either way. but will certainly try and knock off as many as possible. I also will reserve some time to go back and do the buffer exploit lab and a few other exercises that seem to be mentioned frequently in feedback.

    Its a bit of a relief, I feel like I'm on the downhill side now, and under no pressure. I'm not denying the test will be hard, but its going to be completed no matter what. I encourage anyone who's intimidated,frustrated, or just stumped to keep at it. The machines are all set up to exploit, some are easier than others. But your success isn't truly measured by the number of shells you get. Its what you learned, its the critical thinking and thought processes you develop to approach the problems. Even if you never take the test its a valuable experience.

    44 down 6 to go
    Reply With Quote Quote  

  19. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #68
    Loving the thread. Great job!

    You'll pass, no doubt in my mind. Now the questions is... Is OSCE next?
    Reply With Quote Quote  

  20. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #69
    Haven't given it much thought yet certainly an option considering how much I've enjoyed this. But i have to consider what to invest my time on as well, I'm not a pen tester, so I have to consider what helps me develop the most.
    Reply With Quote Quote  

  21. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #70
    I'm not a pen tester either. Hell, my job has nothing to do with computers at all.

    I wonder how difficult it would be to become a pen tester with only an oscp, lol.
    Probably pretty impossible.
    Reply With Quote Quote  

  22. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #71
    What do you guys do for a living?
    Reply With Quote Quote  

  23. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #72
    I teach English to college students in China.
    Reply With Quote Quote  

  24. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #73
    Are you looking to get into pentesting? Or, is it just purely fun. BTW if it's the latter. I've never done anything so HARD, that's been so fun in my life!!
    Reply With Quote Quote  

  25. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #74
    Purely for fun.
    Reply With Quote Quote  

  26. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #75
    Whatever day

    I'm pretty dead in the water, trying to get back into the pace of work, and having no luck in the labs. There's a reason I left these till the end. Beat my end against Jack for a while, then went back to Sufferance. Have I told you how much I hate there 'hints', damn near useless. Its frustrating when you have just a bit of something that you can grab on to, but cant do anything with it. Sufferance is just teasing me. Jacks a little more cold, I haven't found anything to grab onto except the damn webpage, cant find any other landing page or port. I'll probably switch up targets again tomorrow so as to keep my blood pressure normal.

    As for what I do for a living, I'm a Joke of all trades for a Systems Integrator, I do Admin work, programming,engineering, and any thing else I get interested in.
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 5 First 123 45 Last

Social Networking & Bookmarks