+ Reply to Thread
Page 7 of 7 First ... 34567
Results 151 to 172 of 172
  1. Junior Member
    Join Date
    Jul 2016
    Posts
    12

    Certifications
    CISSP | CRISC | ISO27001 Lead Implementer
    #151
    Congrats and great thread, really helpful for those of us starting out on the OSCP journey.
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Aug 2013
    Posts
    10

    Certifications
    CCNA R&S, CCNA Sec, PRINCE2, ITIL
    #152
    Hi Sheiko,

    Congrats on the pass.

    How many hours did you dedicated for OSCP ?
    Reply With Quote Quote  

  4. Member
    Join Date
    Apr 2016
    Location
    USA
    Posts
    63

    Certifications
    A+, Network+, Security+
    #153
    Congratulations Sheiko.

    My OSCP journey is still a couple of years away. Im starting the eJPT and eCPPT within the next few months. OSCP being my long term goal.

    Much respect, wish I was in your shoes.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #154
    Quote Originally Posted by GOGONUT2K View Post
    How many hours did you dedicated for OSCP ?
    ~800 hours
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Jul 2016
    Posts
    5
    #155
    Hi @Sheiko37, your story is doubtless inspiring. Could you have a look at my background as I have mentioned in this post ->

    iOS Dev. Want to do OSCP. Tried Kioptrix. :shock: Please guide, thanks.

    and advise me in this regard? Thanks.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Sep 2011
    Posts
    16

    Certifications
    GCIH, CCNA (R&S + Security), A+, Net+, Sec+, Proj+, 70-680, CIW x 3
    #156
    Congrats on your pass! This was a good read. @adrenaline19 How did you do on your exam?
    Reply With Quote Quote  

  8. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #157
    Hi Sheiko37,

    Well useful information, I did felt some parts of course material are exhaustive where it is not required to focus too much. It was like with hints and rest we need to research and find out. I believe that's how they have designed for interested people to take the challenge. I did had the same on going thru the material and over a period kept it aside and started to focus research and understand a lot. I have taken two attempts and failed in both. I have taken a break and starting to work again on it. I'm not going to rush, but with steady pace. One good thing is you spent 6 months, I started this course Last july and ON & Off trying my best . Lets see, eventuall I will WIN
    Cheers
    Reply With Quote Quote  

  9. Junior Member Registered Member
    Join Date
    Dec 2016
    Location
    Vancouver
    Posts
    4

    Certifications
    CISSP, Sec+, Linux+, ITILv3, PRINCE2
    #158
    Hello all,

    I hope I'm reviving too old a thread? I've lurked on these forums for some time now, during the course of my earning certifications this past year.

    Sheiko37, congrats and thank you for your posts! I feel like your first post after your first exam attempt. For a lack of better terms, I got my butt handed to me in my first attempt with the OSCP exam yesterday. I only got the dev exploit done, and stumbled and failed to make ANY inroads into any of the boxes - including going ape crap with MSF on one box - which I thought would be "easy" - in hindsight I'm fairly certain I went down one of offsec's infamous rabbit holes of - look here I'm an easy win - when it was really was not....

    Do not get me wrong, I had no intention, or dreamed of getting it done the first try - I aimed for two rooted boxes and couldn't even achieve that. I followed much of this threads', as well as many reviews about exam prep - scheduling, distraction free, breaks, pre-compiled exploits, scripts for scanning, file transfers etc all done. My problem is enumeration and knowledge. I also have my lab report done and all the course exercises. And prepped as much as possible my exam report - based off the template offsec provides.

    Today I licked my wounds for the most part. Hoping to pick myself up again and get back into the labs tomorrow. I'm very concerned whether I can complete the exam successfully.


    Are there any good resources anyone can recommend on SMB and UDP (SNMP, specifically) knowledge, and SQLi? I've googled and then some. Trust me, if anyone that has done or doing the OSCP knows google is your best friend. I've also used the oscp forums a lot to get my the machines down. My count is awfully low for five months, currently at 22 rooted machines, and the IT network unlocked.. (full-time job, part-time job, and young family kind of gets in the way of solid time dedication at times)

    The one resource I've avoided like the plague is the offsec IRC. (rude responses right off the bat, not even the classic typical "try harder"). I've kept my posts on the oscp forums to a minimum as well as contacting the offsec staff to a minimum. I understand this is a learning experience and challenge. I'm having trouble "what" to google for as well the "right" material to google for.

    Any advice/thoughts/tips is super appreciated. Thank you. In the mean time, vulnhub and more lab time is my immediate solution.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Mar 2014
    Posts
    624

    Certifications
    Alphabet-soup
    #159
    For SMB I found the Mad Irish site to be useful (Mad Irish :: Hacking Windows shares from Linux with Samba). For the SNMP and SQLi portions of the exam I found the course material to be the best resource. If you haven't already done so, go through EVERY exercise in material. There's a lot for SQLi in the lab against your Windows machine. As for going down the rabbit hole, I noticed on a lot of the reviews people finished with 90 points. That might tell you something. The best advice I was given was to set a timer on my phone for 3 hours and to not work on a single task (local access and priv escalation are separate tasks) for more then that before rotating to a new machine/task. This keeps you from getting tunnel vision or following a rabbit hole. As an example, I had 3 boxes in the first 3.5 hours. Within another two hours I had a verified list of accounts on another box along with which services they could access. I spent another 15 hours rotating between that box and the one that I had made no progress on. I finally figured out what I needed to do to get access to the other box, got my local and priv escalation in 10 minutes of each other. I was never able to get the box that I had a list of accounts for. I used the timer to keep from getting tunnel vision and it paid off.
    Reply With Quote Quote  

  11. Junior Member Registered Member
    Join Date
    Dec 2016
    Location
    Vancouver
    Posts
    4

    Certifications
    CISSP, Sec+, Linux+, ITILv3, PRINCE2
    #160
    Awesome. Thanks for the advice.

    I actually finished all the exercises in the first month. It took me a solid 2-3 weeks to take my time through it. Unfortunately I did forget some of it since it has been some time since I completed it. I will definitely review the course material - of which I reviewed the SQL material many times to try and get a better grasp on it..

    I'm still a little wary of me being able to finish it, but for now I will continue on and see how it goes.

    Thanks again!
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Dec 2014
    Posts
    11

    Certifications
    CEH, OSCP
    #161
    A suggestion to those who are yet to appear for the exams or are going to start soon. Please make the lab and exercise report in the first month itself. Don't keep it for last. I got my pass email today and was on 65 points so definitely these reports helped. By the time my exam finished I was badly exhausted and barely had any energy to make the exam report, I just couldn't sleep thinking am on 65 points and hanging by the thread.

    Also another tip would be to try and root as many machines as possible, I managed to root all the lab machines so had several different scenarios which helped me in the exam.

    I rooted 3 machines and 1 low priv in the first 12 hours and made no progress in the remaining 12. The low priv machine -priv enumeration was so exhausting that I had nightmares where I was still checking that machine for any weakness. I switched off after the 12 hour mark so ensure you sleep for at least 3-4 hours post that.
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Dec 2014
    Posts
    11

    Certifications
    CEH, OSCP
    #162
    Hey tuxster, we have been at this stage too. I guess you are stressing way too much. Considering the certs displaying against your name you shouldn't be stressing out this much. The exam is definitely tough if you go with fear in your mind. I'd suggest you to try and do as many machines as possible. Take help of forums, anyone or anything who could give a proper nudge. Always try simpler stuff first then increment your attack vector and the payload. Also for SQL why not just take help of fuzzers, use burpsuite and fuzz the vulnerable part. From my experience the attacks are not that difficult or complex. You just need to add several bits together, you'll understand as you progress through the labs. Exam/Labs are easy if you give them time and especially if you don't fear it.

    Also sorry to hear that you had a bad experience on IRC, I used to be frequent over there and helped out few people with nudges who helped me out too and that way made some great friends.
    Reply With Quote Quote  

  14. Junior Member Registered Member
    Join Date
    Dec 2016
    Location
    Vancouver
    Posts
    4

    Certifications
    CISSP, Sec+, Linux+, ITILv3, PRINCE2
    #163
    Thanks for the advice! I've been reading a few things lately. I just seem so "stuck" with my current 22 machines. I went back to re-root several, and will re-root all of them. I have number files from previous boxes, but the information does not "click" to me what I should do with it.

    I will hop back in the IRC channel very soon. Will post here in a bit, when I make some actual progress.

    I've also downloaded the vulnhub VM's that Sheiko found/recommends for the OSCP.
    Reply With Quote Quote  

  15. Junior Member Registered Member
    Join Date
    Feb 2017
    Posts
    3
    #164

    Default My oscp journey

    This is actually one of best treads so far which i found very useful to tackle OSCP. I just started my journey towards OSCP and my lab starts on April 1st. Finally, thanks for all the people who share their valuable thoughts on their towards OSCP, and i hope i will share my experiences in near future.
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Feb 2017
    Posts
    16
    #165
    I very usefull thread, indeed. I begin my OSCP journey at the 23rd of April so every info on it is more than welcomed!!!!! Thanks
    Reply With Quote Quote  

  17. Member
    Join Date
    Sep 2016
    Location
    London| United Kingdom
    Posts
    65

    Certifications
    CISSP| CEH| CISA| CISM| CGEIT|CRISC|
    #166
    Quote Originally Posted by VoyagerOne View Post
    This is actually one of best treads so far which i found very useful to tackle OSCP. I just started my journey towards OSCP and my lab starts on April 1st. Finally, thanks for all the people who share their valuable thoughts on their towards OSCP, and i hope i will share my experiences in near future.
    How's your journey been? Are you able to share an update?
    Reply With Quote Quote  

  18. Junior Member Registered Member
    Join Date
    Apr 2017
    Posts
    1
    #167
    Well sh!+, I wasn't nervous until this thread. Now I haz the fear.
    I start on the 28th.
    Reply With Quote Quote  

  19. Member
    Join Date
    Jan 2017
    Posts
    96
    #168
    Quote Originally Posted by Deadlykeyboards View Post
    Well sh!+, I wasn't nervous until this thread. Now I haz the fear.
    I start on the 28th.
    By all means, keep us posted!
    Reply With Quote Quote  

  20. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    56

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #169
    Congrats Sheiko37! Well deserved!!

    Quote Originally Posted by !nf0s3cure View Post
    Well, good post. I think with your experience I will try to get a SANS 560 or similar and then try. Not sure if anyone can make a recommendation if 560 will help at all?
    I took 560 earlier this year and I started PWK about two months ago. 560/GPEN helped a TON!! It explained things a whole lot better so I was ready to pick up the more practical tips in the PWK course material. I'm still green for web app hacking and coding, but gaining more experience in the PWK lab.

    560 - great for methodology, history, the business side (scope docs, reports), went deeper into powershell, wmic, command line scripting. Excellent course, I recommend taking one where Ed is teaching.

    PWK - excellent lab for practicing those skills. The course material has some great practical examples but is in no way deep enough to properly grasp the subject. I have yet to take the OSCP exam so take all this with a grain of salt.
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Aug 2015
    Location
    Miami, FL
    Posts
    10

    Certifications
    CISSP, CEH, CCSM, CCNA (R&S), i-Net+, A+, Network+, Security+
    #170
    It is worth using and practicing with Metasploit for the labs and VulnHub? I ask because the rules for the OSCP exam state that you can only use Metasploit for one machine so I’m thinking it’s not worth it, unless I’m wrong?
    Reply With Quote Quote  

  22. Junior Member Registered Member
    Join Date
    Nov 2017
    Location
    Northern Ireland
    Posts
    1
    #171
    I'm really glad I stumbled across this forum. I sat the OSCP for the first time last weekend and got my ego and my *ss handed back to me on a silver plate. I was over-confident and under prepared. It seems a lot of people here have the same experience. Still, if it were easy everyone would be certified OSCP - that's why I value this certification (or will, when I actually get it), you have to sweat for it.

    I have read everyone's advice here and will make good use of it when I eventually pull myself together and man up enough to rearrange a resit date. Possibly over the Christmas holiday. I hope then to be able to come back here and say I passed. In the meantime it's back to the VMs in Kali and lots of practice.

    Thanks for the advice guys and well done to everyone who has passed. Hats off too you all. For everyone else, good luck.
    Reply With Quote Quote  

  23. Junior Member Registered Member
    Join Date
    Nov 2017
    Posts
    1
    #172

    Default Can someone please clarify this exam question - BO - 25 points

    Many people on this forum who took the OSCP said that out of the 5 questions on this exam there is one question which BO (25 points) and to tackle this question first when sitting for the exam.

    My question is for Buffer Overflows are we expected to write new code or modify existing code and how many lines of code (in general) are we talking about here in the exam ?

    My biggest weakness is writing code or having the creativity to write code hence I am a windows sysadmin for 15 years not a programmer and I am **** scared that after spending couple of months preparing for this cert I cannot get this cert because I don't know to write code or modify code.....and get this 25 points.

    Can someone please clarify this for me who have already passed the exam what am I getting myself into ?

    Waiting for your replies to PLEASE guide me.....
    Reply With Quote Quote  

+ Reply to Thread
Page 7 of 7 First ... 34567

Social Networking & Bookmarks