+ Reply to Thread
Page 3 of 7 First 123 4567 Last
Results 51 to 75 of 170
  1. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #51
    You have 45 days left. All of a sudden you might just get it! Cheer up man.

    I know it's frustrating and probably the hardest task you've ever undertaken. You'll get through it!

    How bad do you want it and why?
    Last edited by rudegeek; 01-27-2016 at 08:40 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #52
    44 days left, success today so now 10 root/administrator shells and 1 limited.

    I need to start talking with regular students in IRC rather than admins (one today was so obtuse it's basically satire). There's absolutely no talk at all in the general chat, but simply mentioning you're working on certain boxes and you start getting private messages. I suspect there is a lot of unseen talk going on.
    Reply With Quote Quote  

  4. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #53
    Nice I'll get on the IRC and seek you out. What are you registered as?
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #54
    rudegeek, pm'd

    11th box hacked today, the knowledge needed for this one was around Windows SAM.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #55
    Day 51 and up to 14 boxes hacked, though of the last three, one was through Metasploit, one was a very common exploit also used on other boxes, and the third was incredibly complicated (for me) and I don't really understand one step in the process despite success.

    I'm not confident for the exam because I feel like I'm just learning tricks and not a deeper understanding of any of the many topics of penetration testing. You might learn to hack a specific IP in the labs, but most of the knowledge acquired there would be only applicable to that exact situation.

    That's the problem with the OSCP. It's a very loosely structured course with very little depth, and despite what their website says it is not self-paced, your lab access is limited, and the only measure of success is accumulation of trophies in the form of successful hacks.

    What sort of environment does that create? How does that encourage the student? You don't have the luxury to pause everything and spend a month reading about SQL injection or buffer overflows, you're racing to accumulate "tricks" because the clock is ticking.
    Reply With Quote Quote  

  7. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #56
    Its a little bit more like a real world environment. Many penetration efforts, performed by using the well known tricks, while under the gun. The subject matter is so incredibly vast in scope, that its close to impossible to delve into all of it. Much of this course is designed to teach you how to use the tools, not teach you the nuanced concepts behind the vulnerabilities. That's why its Pentesting with Kali, not Sql injection 101.

    The only suggestion I can make is get what you can out of it, and make notes of the things you want to research deeper.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Mar 2015
    Location
    North VA, USA
    Posts
    17

    Certifications
    CEH, MCDBA, OCP 10g, 11g
    #57
    Sheiko,
    A 3 month extension only costs $200 per month. So the clock is not really ticking. Go try to take a SANs course for $600. That will buy you about 30 mins of class time.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #58
    Quote Originally Posted by Jebjeb View Post
    Much of this course is designed to teach you how to use the tools, not teach you the nuanced concepts behind the vulnerabilities. That's why its Pentesting with Kali, not Sql injection 101.
    Well the material has something like 50 pages on buffer overflows (in a manual of about 370 pages) using tools like Infinity Debugger, EDB, and then barely a paragraph or nothing at all on many other tools. It's as if it were put together just on the preferences and personal interests of the author.

    Quote Originally Posted by Jebjeb View Post
    The only suggestion I can make is get what you can out of it, and make notes of the things you want to research deeper.
    Definitely, I've already started this list.

    Quote Originally Posted by mabraFoo View Post
    Sheiko,
    A 3 month extension only costs $200 per month. So the clock is not really ticking.
    It is a limited window of access and therefore not self-paced, unlike the CISSP for example, where you buy resources and have as long as you want to prepare - that is self-paced.
    Last edited by Sheiko37; 02-02-2016 at 09:54 PM.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #59
    I've said before that the OSCP is equivalent to being dropped in France with nothing and being told to learn French, well coincidentally I hacked a box today with a French language pack and you actually do need to know French to navigate the file system.
    Reply With Quote Quote  

  11. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #60
    LOL. Awesome! What boxes have you rooted?
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #61
    ALICE, BOB, BOB2, ORACLE, ORACLE2, PHOENIX, KRAKEN, MIKE, FREEBSD, MAILMAN, SHERLOCK, IT-JOE, SRV2, THINCMAIL, RALPH, and SIPSERVER.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #62
    Had success today with OTRS and found a good perl web shell (/usr/share/wfuzz/wordlist/fuzzdb/web-backdoors/pl-cgi/cmd.pl).

    In regards to web shells and exam scoring, if anyone wants to decipher the admin chat below that would be helpful.

    <OS-xxxxx> hi, i've read in the exam full marks aren't given for a web shell even with root/system privilege, is that true?
    <admin_> Hello
    <admin_> Yup
    <OS-xxxxx> can i ask how much the mark down is for a web shell?
    <admin_> 0 points
    <OS-xxxxx> ah so no marks at all for a web shell, even with root/system privilege?
    <admin_> Again, no
    * admin_ has quit
    Reply With Quote Quote  

  14. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #63
    That's not true. When you take the exam it tells you in the exam document that you do get some points for a limited shell.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  15. Member
    Join Date
    Jan 2016
    Posts
    56
    #64
    Quote Originally Posted by MrAgent View Post
    That's not true. When you take the exam it tells you in the exam document that you do get some points for a limited shell.
    I dont think that is quite correct.

    The exam details page says that proof of exploit needs to be given in a SHELL. If you can execute system commands in a web shell, it isnt too difficult to turn that into a reverse shell.

    "You must provide the contents of the proof files IN A SHELL with the "type" or "cat" from their original location. Obtaining the contents of the proof files in any other way will result in zero points for the target machine."

    src:
    https://www.offensive-security.com/exams/#!index.md
    Reply With Quote Quote  

  16. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #65
    Quote Originally Posted by Sheiko37 View Post
    ALICE, BOB, BOB2, ORACLE, ORACLE2, PHOENIX, KRAKEN, MIKE, FREEBSD, MAILMAN, SHERLOCK, IT-JOE, SRV2, THINCMAIL, RALPH, and SIPSERVER.
    You're making great progress!

    I'm at:

    SIPSERVER, ALICE, BOB, MAILMAN, UBUNTU7, THINCMAIL, ORACLE,SRV2 MIKE, REDHAT, KRAKEN, ORACLE2
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #66
    Quote Originally Posted by rudegeek View Post
    ORACLE, ORACLE2
    http://i.imgur.com/Fbc9us2.jpg
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #67
    What do others do for you basic starting enumeration?

    I run a Zenmap "Intense scan plus UDP", then all TCP ports if I feel there's not enough to work with. Nikto and dirb if a web server is running, some Nmap scripts for smb and smtp if the services are open, also enum4linux. That's my starting point. Is there anything important I'm missing?
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #68
    If anyone's had success with privilege escalation on TIMECLOCKDEV and want to give me a hint, please pm me.
    Reply With Quote Quote  

  20. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #69
    Ill be on IRC later today. Hop on and maybe you can get a push in the right direction.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #70
    @MrAgent, pm'd, our time zones might not match up.

    I also had my first successful brute force today, every machine seems to be set with default credentials, but the application on this one forces username/password creation on installation so there are no defaults. I was able to brute force this one with a Nmap script and then replicate it in Burp Suite. I was starting to think brute forcing just wasn't a part of the labs.
    Last edited by Sheiko37; 02-10-2016 at 12:58 PM.
    Reply With Quote Quote  

  22. Junior Member Registered Member
    Join Date
    Feb 2016
    Location
    Lagos, NG
    Posts
    1

    Certifications
    MCP,CCNA,eJPT,SSCP,ISO 27001 LI
    #71
    Currently on BOB, BOB2, ORACLE, ORACLE2, MAILMAN, SRV2, THINCMAIL.
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Jun 2012
    Location
    A wonderful cardboard box
    Posts
    22

    Certifications
    Security+, CCNA, ITILv3 Foundation, Project+, CISSP, C|EHv8
    #72
    I plan on starting soon. I look forward to it. But, then again, I love really hard puzzles. I'm kind of a masochist in that regard.

    I've done some courses on hacking, so I've done a few buffer overflows, got to beat up some kneecapped Windows XP boxes, and managed to pivot into a Windows 8 box. I've gotten into a few servers, and can enumerate most things (except stuff that likes to change the returned enumeration values to something else to confuse you and waste time throwing exploits that don't work).

    My team also came in second place at a SANS Netwars course. Of course, I also had a couple of really really REALLY smart people on my team that helped.

    As for the negative comments, stop it. That way of thinking will sink you faster than any challenge the OSCP may send your way. It's frustrating, the instruction is vague, the admins are unhelpful, got it. But people get through this every day, and they do it because they have a positive attitude. My advice is to whoop this exam's tail, and then, with your credentials in hand, write them a very professional letter about what you found lacking, and dedicate some time to helping those who also might be confused.
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #73
    I'm currently spending about 35 hours a week on the OSCP and have hacked 19 machine so far, so I'm floating at least ok whilst being critical.

    I suspect the course has a very high failure rate. I know four people irl who've done the OSCP, two didn't sit the exam, one failed his first attempt, and the other passed first attempt - so in five exams that's two no-shows and one fail.

    I don't think emailing Offensive Security would achieve anything, as I've said in another post I believe the certification is the way it is by design, based on their opinions on InfoSec, employment, and certifications.

    dedicate some time to helping those who also might be confused.
    Well I am, through pm here, IRC, the Offensive Security forums, and when I'm done with this I intend to go back through my notes and post a more comprehensive list of what knowledge and skills are expect to succeed in the labs, plus I'll set email notifications for Tech Exam private messages so in months/years to come people can message me for advice (though I'm far from a guru). I hate the idea of information security as an exclusive club where the members taunt those who know less than themselves.
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #74
    Well I spent about four hours tonight on FC4 and got absolutely nowhere, I even had a real clue from an admin, though it's one of those moments where they may have well responded in French.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #75
    I ended up getting FC4 after just misreading something in the exploit code, my privilege escalation on Linux is getting better. I think what threw me off was the Offensive Security forums this time, they're usually good to get some ideas but threads on FC4 were riddled with overly vague and misleading hints. I was looking into a lot of irrelevant areas, some people really buy into the idea of total obscurity with advice, it's like they're trying to write poetry - "think, look, with your shell open your eyes and what is revealed, enumerate, the truth will be seen" - I'm exaggerating (slightly) but you get the idea.

    I had a look at the reporting on the weekend and it's going to be massive. If you want the OSCP to count towards CPE credits for your CISSP then you need to do a full report on all lab devices and course exercises, that's on top of the exam report, it'll be maybe 300 pages.

    I have 25 days left and have hacked 22 devices. If my total is less than 30 devices hacked by the time my access expires then I'll extend, otherwise I'll let the lab access lapse, spend the time off writing the report and schedule the exam 1-2 weeks later.
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 7 First 123 4567 Last

Social Networking & Bookmarks