+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 63
  1. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #1

    Default Started OSCP 4/9/2016

    After reading a lot of OSCP threads these past few months, I've decided to start my own. These threads have really helped me a lot so I hope maybe one day this one will help others too. So I got my email on Saturday evening, downloaded everything I had to and went to bed to start fresh on Sunday morning. I spent most of the day just enumerating, and it was a bit long so I thought I'd give a shot at Alice. Turns out, it was really an easy one so it wasn't that a big challenge for me. That was it for me for the day, so day 1, 1 host down. I After work on Monday I decided to take a shot at Oracle since I was already a bit familiar with the services running on it. I got root on it after about half an hour. I then started enumerating Mike, and fortunately or unfortunately, I got admin credentials by just running a scan. I found another way to get in, but just can't seem to get it to work, even though I'm pretty sure the way I'm trying is the right way. So I guess we can say I got root access to it since I was able to get the proof.txt file but I'll go back at it a second time eventually to have a second way in. After this I decided to take on Bob. I was able to get a low privileged shell with Metasploit yesterday evening but I want to try to avoid using it. I can confirm that I just got a shell to it without Metasploit so it's pretty nice although it seems to be a bit clunky. Now, I'm trying to escalate privileges on it.

    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Jan 2016
    Location
    Novato, CA
    Posts
    53

    Certifications
    OSCP,Network+,Security+,MTA-Net,MTA-Sec
    #2
    Welcome to the club man! Bob is a fun one! You will hear it a lot of you can never do enough enumeration if you get stuck. There will always be something missed. Looking forward to seeing this thread grow!
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #3
    Quote Originally Posted by Slyth View Post
    Welcome to the club man! Bob is a fun one! You will hear it a lot of you can never do enough enumeration if you get stuck. There will always be something missed. Looking forward to seeing this thread grow!
    I finally got it tonight, I actually did do enough enumeration, it's the commands that I was running that weren't right. Feels awesome though to see NT AUTHORITY\SYSTEM . So after 5 days, I've got Alice, Oracle, Mike, Bob, Bob2.
    Last edited by JasminLandry; 04-15-2016 at 05:10 PM.

    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #4
    After having an unsuccessful long battle with Tophat, I decided to take a break with it and give a shot at Kraken. Turns out it was a good decision since I was able to root it in a short amount of time. That's all for tonight, hopefully I'll be able to get a couple over the weekend.

    Reply With Quote Quote  

  6. Member
    Join Date
    Apr 2016
    Posts
    45
    #5
    great progress!
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Apr 2016
    Location
    Ann Arbor
    Posts
    15

    Certifications
    OSCP | GWAPT | CISA | CPTE | ITIL Foundations | Network + | A+ | MCP | MBA
    #6
    The PWK course was so much fun. The OSCP challenge, well... you'll see. In hind sight I would do it all over again. My advice though is to go through the course manual and the videos in order. Do video, then manual, video, manual, etc. Document everything to the point where it's repeatable. Document the course exercises and document every box you pop in the lab. Good luck!
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #7
    Quote Originally Posted by 9emin1 View Post
    great progress!
    My progress has slowed down over the weekend as I've been stuck on Gh0st for the past 2 days. I spoke to an admin and he told me I'm on the right track and close to the solution to get a shell, just need to keep poking around.

    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Apr 2016
    Posts
    9

    Certifications
    CompTIA Security +, ITIL V3 Foundations
    #8
    Is there much call for this cert? I think its a good one because they make you actually do a pen test to get it.
    Reply With Quote Quote  

  10. Member
    Join Date
    Apr 2016
    Posts
    45
    #9
    Quote Originally Posted by JasminLandry View Post
    My progress has slowed down over the weekend as I've been stuck on Gh0st for the past 2 days. I spoke to an admin and he told me I'm on the right track and close to the solution to get a shell, just need to keep poking around.
    It's good to know that you're on the right track at least. I'm struggling to understand how and why things work. Good luck! Keep updating on your progress!
    Reply With Quote Quote  

  11. Member
    Join Date
    Jan 2016
    Location
    Novato, CA
    Posts
    53

    Certifications
    OSCP,Network+,Security+,MTA-Net,MTA-Sec
    #10
    Welcome to the club man! After each host you root you learn what to look at/new attack vectors/what not to skip and what not to do in the future. You will notice them start to drop quickly then back to slow again. OffSec really makes you work for root/SYSTEM tho. But its all in good fun. Good luck on the course!
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #11
    I didn't have much time to continue on it today but I am so close to getting a shell on Gh0st. But for some reason, it's just not working, I'm expecting output but I receive absolutely nothing. I'm sure it's something simple and easy that I'm missing.

    Reply With Quote Quote  

  13. Achieve excellence daily
    Join Date
    May 2012
    Location
    Washington State
    Posts
    1,340

    Certifications
    CISSP
    #12
    Did you skip over the training material or are you bouncing between the lab and the training material?
    When you go the extra mile, there's no traffic.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #13
    Quote Originally Posted by CarlSaiyed View Post
    Did you skip over the training material or are you bouncing between the lab and the training material?
    I read the PDF, watched a couple of videos, but I noticed it was as if he was reading the book so I stopped watching them. But I do go back to the book once in a while.

    Reply With Quote Quote  

  15. Achieve excellence daily
    Join Date
    May 2012
    Location
    Washington State
    Posts
    1,340

    Certifications
    CISSP
    #14
    Thanks! I am reading the PDF and working through the exercises but haven't tried attacking anything yet. I'm making notes and scripts as I go through the PDF.
    When you go the extra mile, there's no traffic.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #15
    I've been doing that as well, it really helps. I am using OneNote for my notes so it saves automatically on OneDrive and it syncs on my phone so I can review them on my way to work. For me that was the best solution.

    Reply With Quote Quote  

  17. Senior Member danny069's Avatar
    Join Date
    Nov 2012
    Location
    NYC
    Posts
    999

    Certifications
    A+, Security+, ACMT, CASP, CEH, CCNA R&S, A.S. & B.S. Cyber Security Systems/Digital Forensics, M.S. Cyber Security
    #16
    This reminds me of a game, how many "bosses" are there? Sounds like fun, I will start this when I have the time and money.
    I am a Jack of all trades, Master of None
    Reply With Quote Quote  

  18. Achieve excellence daily
    Join Date
    May 2012
    Location
    Washington State
    Posts
    1,340

    Certifications
    CISSP
    #17
    @Jasimin I use OneNote as well, love it. I intend to create a section called Lab Machines and create a page for each lab machine.
    When you go the extra mile, there's no traffic.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #18
    Quote Originally Posted by CarlSaiyed View Post
    @Jasimin I use OneNote as well, love it. I intend to create a section called Lab Machines and create a page for each lab machine.
    We really think alike, that's exactly what I did except mine is called Lab Servers! I have a section for lab details, with a subpage for links that I have found useful, another page for processes that I follow (ie start with this tool, then do this....). Then I have another section regarding the PDF and videos and exercices and then the last section for all machines. Each machine page also has subpages for info I found. One for Enumeration, Post Exploitation, Exploits, proof.txt & network-secret.txt, etc. I find it really easier to manage it this way.

    Reply With Quote Quote  

  20. Achieve excellence daily
    Join Date
    May 2012
    Location
    Washington State
    Posts
    1,340

    Certifications
    CISSP
    #19
    Love the idea of sub pages for each machine on enumeration, exploit, post-exploit, proof / network-secret! This seems to be an organizational test in addition to a technical test!
    When you go the extra mile, there's no traffic.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #20
    So for the past few days I've been able to root 2 more and I've been able to get a shell on Gh0st. I also did find the correct exploit for it but just can't seem to get it working. After about 12 hours of total work on it, I decided to move on to other servers for now and get back to it later.

    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Apr 2016
    Location
    Ann Arbor
    Posts
    15

    Certifications
    OSCP | GWAPT | CISA | CPTE | ITIL Foundations | Network + | A+ | MCP | MBA
    #21
    Quote Originally Posted by CarlSaiyed View Post
    Love the idea of sub pages for each machine on enumeration, exploit, post-exploit, proof / network-secret! This seems to be an organizational test in addition to a technical test!
    Carl, yes it very much is. If you keep good notes and records during the lab, you will find it is much easier come time to write the report.
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Apr 2016
    Location
    Ann Arbor
    Posts
    15

    Certifications
    OSCP | GWAPT | CISA | CPTE | ITIL Foundations | Network + | A+ | MCP | MBA
    #22
    Quote Originally Posted by JasminLandry View Post
    So for the past few days I've been able to root 2 more and I've been able to get a shell on Gh0st. I also did find the correct exploit for it but just can't seem to get it working. After about 12 hours of total work on it, I decided to move on to other servers for now and get back to it later.
    Gh0st was a fun one. Congrats on getting a shell.
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #23
    Gh0st was a fun one. Congrats on getting a shell.
    Thanks, still haven't been able to escalate my privileges though. I tried again over the weekend but no success. So after 2 weeks, I'm at 10 hosts rooted, 1 low priv shell and I also have the IT network unlocked. I'm also really close at getting 2 more. Hopefully I'll be able to get them tonight.

    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Nov 2012
    Location
    Montreal
    Posts
    588

    Certifications
    OSCP, CEH, SSCP, EJPT, CCNA:Security, CCNA:R&S, MCSA:W2K8, Linux+, LPIC-1, SCLA
    #24
    I was able to root 2 more hosts tonight. So here are the ones I have until now after 15 days:

    Alice, Oracle, Bob, Bob2, Mike, Kraken, Phoenix, Tophat, Barry, Payday, Ralph, Dotty and a shell on Gh0st.

    Of all these 13 hosts, I've only used Metasploit twice so it's pretty nice to see that I don't necessarily need to rely on it.

    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Apr 2011
    Location
    DMV
    Posts
    212
    #25
    Is metasploit not allowed in the final exam?
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks