+ Reply to Thread
Page 2 of 7 First 12 3456 ... Last
Results 26 to 50 of 170
  1. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    1,211

    Certifications
    CISSP, CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #26
    Quote Originally Posted by Sheiko37 View Post
    It's disheartening when I read people getting root access on multiple machines within the first week of the course, where I have just one (with help) nearly a month in, and I've not been light on study either, hours every night. I guess the certification attracts the kind of student who already has knowledge in this domain. I'm either well behind the average student, or maybe the certification has a very high failure rate.
    A lot of those users got some experience and they have some good programming skills others are using metasploit, etc, etc and the last part is do not believe everything you read!!!!
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Jun 2012
    Posts
    27

    Certifications
    CISSP, CEH, CCNA Security, CCNA R&S, A+, Network+, Security+, B.S., M.S.
    #27
    Same here. I pwned 2 machines in 2 weeks. Its incredibly slow for me. Hope it will get better. I avoid using metasploit or vulnerability scanner and try to do everything manually, just to get a better feel of what I doing. I feel like I'm learning a lot though... Sometimes I tried to ask admin for advice, but the answer I get most of the time is that I missed something and need to enumerate more. Now I just pick 1 machine at a time and work on it till the end - even if I have no idea what I'm looking for, I feel its better than jump from machine to machine looking for easy ones.
    Reply With Quote Quote  

  4. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    1,211

    Certifications
    CISSP, CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #28
    I stopped my lab, begin again next month, I will follow one suggestion I got in another thread, attack only the Windows machines because I have more knowledge of that OS and then attack only the Linux.

    Lets see if my speed increase.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #29
    Update: I've finished the course material but left the last chapter that steps through a full penetration test, I'll come back to it. I'm spending about 4-6 hours each day studying.

    I have root/administrator privileges on four boxes and a low privilege shell on a 5th, which I'm 95% sure I'm using the right exploit and the issue is on my end with my Kali Linux or Metasploit installation, so I moved on. I'm still working with two friends who've passed the OSCP, they're not giving me answers but just helping with resources, general knowledge, syntax issues, etc. I know that will result in accusations of "spoon feeding" and "hand holding"...

    If knowledge acquisition is your goal then I highly recommend working with others through your study, there's no reason to limit yourself.

    I still have disagreements with the way the course is delivered, but whatever, it's their product they can do whatever they want with it. To quote my friend who passed the OSCP - "I knew nothing coming into the OSCP, and that's why I still know nothing now".

    If I get some time tonight I'll put together a list of some useful resources and topics I've been going through.
    Reply With Quote Quote  

  6. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    1,211

    Certifications
    CISSP, CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #30
    Good, keep going
    Reply With Quote Quote  

  7. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #31
    If you really study the course material, you are given 5 boxes for free. I don't know where you are going wrong. I'm 3 days in and it's the most fun I've ever had of any game. I treat it like WoW or any other game and I'm loving it! Last August, I couldn't have explained I.P.'s to you, but now I'm putting boxes in the OSCP. I couldn't be happier!
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #32
    The only box that I've gotten with information directly from the manual was the ColdFusion vulnerability, and even then they really only tell you the vulnerability exists which is about 10% of the effort needed for administrator privilege on that box.

    There's a lot of duplicate boxes so I wonder if people consider them in their count of successful exploits.

    I recommend anyone like me who comes into this with little knowledge to work backwards, start with Metasploit, Nessus, etc. then work backwards on how you'd achieve that manually.

    My immediate weakness at the moment would be password cracking. I find myself with either woefully inadequate lists that find nothing, or brute force attempts that would take days.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #33
    I'm back to floundering again. I honestly don't think I'll get through this, it really is just a challenge and not a course. I've spent maybe 40 hours on it this week and am making almost no progress. It's like I've picked up a book in a foreign language and am just scanning for patterns trying understand anything.
    Reply With Quote Quote  

  10. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #34
    Not with that attitude you won't.
    Enumerate, enumerate, enumerate! Try Harder, then enumerate some more!
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  11. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    1,211

    Certifications
    CISSP, CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #35
    Quote Originally Posted by Sheiko37 View Post
    I'm back to floundering again. I honestly don't think I'll get through this, it really is just a challenge and not a course. I've spent maybe 40 hours on it this week and am making almost no progress. It's like I've picked up a book in a foreign language and am just scanning for patterns trying understand anything.
    Sit back one moment, the OSCP material is not easy and will not work try to do everything at once. Take one target you think is going to be easy, attack only that target, check the offensive forum for some tips, they will not tell you how to do it, they will tell you tips where to focus, and keep testing only that machine.

    For example I think the three first machines are Windows OS, take one of those (If Windows is your strong OS), attack and attack a little more, try different ways to upload files, run exploit, etc, etc until you get that machine.

    Now when you get that machine, it will take a while because you mention foreign language, in that moment you already learned some foreign words or phrases, it will take time.

    Do not scan all the network and try to attack one machine using web attack, exploit, etc.

    Avoid for the moment to crack passwords, that method is time consuming and you are not learning too much.

    Just focus in one machine, one objective then you will move on with more confident to learn new words and sentences with a second machine.

    Be pentest require patience, persistence and strategy. I will not come by default.
    Reply With Quote Quote  

  12. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #36
    Stop focusing on the goal and start enjoying the journey.

    Treat it like a game and be patient.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #37
    I appreciate the feedback.

    Quote Originally Posted by adrenaline19 View Post
    Stop focusing on the goal and start enjoying the journey.
    It's true, I need to pace myself and expect it to take well over the initial 90 days.
    Reply With Quote Quote  

  14. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #38
    I'm HexCartel in the IRC. Hit me up if you need too!

    I know my first time around I was demotivated, but it was simple things that I was overthinking. Enumerate and analyze. Don't just enumerate

    Another good tip is to go look at vulnhub.com and peek into the walkthroughs! Maybe, you'll find something.

    Also, you can try the NMAP NSE scripts. Guaranteed one of those will lead you to pop 5+ windows boxes with just one exploit.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #39
    I open up the virtual machine and in literally less than 10 minutes I have a root privilege shell on a machine I spent 6 hours on yesterday.
    Reply With Quote Quote  

  16. Junior Member Registered Member
    Join Date
    Dec 2015
    Posts
    2
    #40
    Good to hear, Sheiko. Hang in there.

    My lab time starts the end of January. I'm going in with the Edison perspective (even though I think he was an ass to N.Tesla and this might not have even been his original idea): "I haven't failed. I've found 10k ways that don't work."

    I expect to fail dozens of times per day and hope to fail quickly. In my career, I've found I learn the most when I'm troubleshooting an issue for an extended period to figure out why the feck it's not working. It's frustrating, sure, but I believe the benefits once I've found the solution are far greater than if someone had simply showed me what to do. It makes a deeper impression on the ol' gray matter.

    Of course, it's easy for me to say this prior to starting my lab time but I still hope to value the part of the journey where I'm banging my head against the wall. It's my belief that, as long as you don't stop trying, your lab time should amount to a fantastic learning experience.
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Jul 2015
    Posts
    9

    Certifications
    CCNA R&S, CCNA Security, SEC+
    #41
    Quote Originally Posted by SweetBabyMosez View Post
    Good to hear, Sheiko. Hang in there.

    My lab time starts the end of January. I'm going in with the Edison perspective (even though I think he was an ass to N.Tesla and this might not have even been his original idea): "I haven't failed. I've found 10k ways that don't work."

    I expect to fail dozens of times per day and hope to fail quickly. In my career, I've found I learn the most when I'm troubleshooting an issue for an extended period to figure out why the feck it's not working. It's frustrating, sure, but I believe the benefits once I've found the solution are far greater than if someone had simply showed me what to do. It makes a deeper impression on the ol' gray matter.

    Of course, it's easy for me to say this prior to starting my lab time but I still hope to value the part of the journey where I'm banging my head against the wall. It's my belief that, as long as you don't stop trying, your lab time should amount to a fantastic learning experience.
    I start 30 Jan
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #42
    I'm still going, 4-6 hours daily but very slow progress. What I've been doing and learning is so scattered it's hard to log it.

    I'm spending a lot of time on foundational subjects rather than sinking hours/days into specific attack vectors. I might find a specific exploit or vector on a box which I'm 90% sure is the way in, make a note, then move on. I have too much else to learn to get stuck on a single box/vector for days.

    There's a lot of tools not covered by the course material that are really useful, dirb, nikto, burp, etc.

    I'm still occasionally working with my OSCP passed friend, about once a week I'll share my screen with him for an hour and come away with a list of things to learn. It's immensely helpful to have peers to talk to, for example I had a misconfiguration on my Kali machine that prevented any staged payloads, FTP transfers, and other services, we fixed it in a few minutes, and I'd been to two admins on IRC with no success, so now I can go back to about a half dozen machines to try everything that previously wasn't working.
    Reply With Quote Quote  

  19. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #43
    Sheiko, you have so many bad things to say about OSCP. You should just quit.
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    Mar 2015
    Location
    North VA, USA
    Posts
    17

    Certifications
    CEH, MCDBA, OCP 10g, 11g
    #44
    adrenaline19. How many boxes do you have in the lab? Please tell us.
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Dec 2015
    Posts
    6
    #45
    @Sheiko37 - Based on your background/experience - diving into this adventure as you have- knowing what you know now about the material being "light", the challenging labs and trying to learn everything as you go what would you do differently or feel would work best to approach the learning curve? You have mentioned you have access to some colleagues/acquaintances that have experience with the material/tools and have passed the course, it appears having a mentor is the most valuable option to combat the knowledge gab? Also, it seems one could easily lose track of where to allocate effective time on tools/techniques etc. without the guidance of someone possessing pentesting experience to help you understand basics?

    Keep going brother. Your input is greatly appreciated.
    Reply With Quote Quote  

  22. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #46
    I'm not using metasploit or openvas at all.

    80 days of lab time left.

    8 full shell, 1 limited.
    Last edited by adrenaline19; 01-19-2016 at 09:01 PM.
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Jul 2015
    Posts
    9

    Certifications
    CCNA R&S, CCNA Security, SEC+
    #47
    Quote Originally Posted by Sheiko37 View Post
    for example I had a misconfiguration on my Kali machine that prevented any staged payloads, FTP transfers, and other services, we fixed it in a few minutes, and I'd been to two admins on IRC with no success, so now I can go back to about a half dozen machines to try everything that previously wasn't working.
    Can you document these so as to help others?
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #48
    Quote Originally Posted by adrenaline19 View Post
    Sheiko, you have so many bad things to say about OSCP. You should just quit.
    To be positive, the Coldfusion vulnerability is the best experience so far. To those unfamiliar, they basically give you the vulnerability in the course material and it's up to you to work either direction from that, i.e. forward to actually exploit the vulnerability, which is quite complicated, and backwards to understand how you'd know to even look for the existence of it, in this case Nikto was the path.

    That to me is a real hint, because even though you're given the vulnerability there's still a lot of work to do, but you have a clear and practical path forward. Whereas the "hint" they give you in IRC is some obscure line about winter or snow (snow > cold > Coldfusion... duh).

    That's basically how I've been working with my colleague, he might notice a box that should be vulnerable to a SQL injection, show me the basics of Burp, or tell me to try a web shell on a box (web shells are another thing not mentioned in the course material), then I'll go learn those things on my own.

    Quote Originally Posted by cysec View Post
    @Sheiko37 - Based on your background/experience - diving into this adventure as you have- knowing what you know now about the material being "light", the challenging labs and trying to learn everything as you go what would you do differently or feel would work best to approach the learning curve?
    I'd either find a study group before signing up, and maybe come prepared with a routine to trade ideas and knowledge, or I'd just not do the course at all and look at something like eLearnSecurity or Pentester Academy.

    Quote Originally Posted by djctwo View Post
    Can you document these so as to help others?
    The default MTU.

    root@kali:~# ifconfig tap0 mtu 1000

    I couldn't figure out why FTP transfers and staged shells were hanging, the admins were telling me to enumerate more and I wasted a lot of time trying to find some kind of FTP file size limiting service or firewall restrictions.
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #49
    I spent about 4 hours yesterday and another 4 hours today on a box and managed to get just a low privilege shell, which was still incredibly complicated, you could piece together most of it by Googling but information is sparse and there's definitely no easy single exploit to run. It's another situation where some level of coding knowledge is absolutely mandatory and not just "a plus", thankfully I had an admin who was to the point helpful.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #50
    I took some time off for a four day weekend, it's looking a lot more likely that I'll be extending my access by another three months. I've currently got 7 root/administrator shells (9 if you count duplicates), 1 limited shell, and 4 where I've found the vulnerability but haven't made progress, 45 days left of lab access.

    I found this page which I think is mandatory reading for anyone considering the OSCP - https://www.offensive-security.com/o...ns-job-market/. The important point is their attitude towards other certifications, that they're not an "effective measure of ones technical abilities", so you can expect exactly that with the OSCP, i.e. your technical abilities to be measured.

    The lack of course material for the OSCP is by design, the certification is attempting to impose a filter on the job market.

    I still think it's misleading to call it a "training course" because that implies some sort of structure to the lab environment, instead you are only given access and nothing more. In a way the OSCP is like an extended job interview, you're there to be evaluated, not trained.

    That all can be interpreted as an overreach, or a superior certification, up to you to decide.
    Last edited by Sheiko37; 01-27-2016 at 02:16 AM.
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 7 First 12 3456 ... Last

Social Networking & Bookmarks