+ Reply to Thread
Page 2 of 4 First 12 34 Last
Results 26 to 50 of 90
  1. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #26
    It's been several days since my last update but I have been making a ton of progress on the course. I have just made it to the port redirection and tunneling chapter, which is close to the end of the pdf. I would like to go over some highlights of the chapters I have successfully completed in the last several days.

    I'll start with the file transfers section, while the exercises in this chapter are not required for your report I would HIGHLY recommend that you do all of the exercises as understanding and being able to apply these methods is a necessity for the coming chapters and for real life scenarios. I'm going to skip over the privilege escalation chapter here because it was pretty straight forward and I didn't have any issues with it.

    The next chapter is client-side attacks and this one was a tough one due to many technical issues that arise during the exercises. One important thing that I learned from this chapter was how to troubleshoot errors and track down the cause, wireshark is very useful for the type of trouble you will have here. Notice I said "you will have", yes I am saying that without a doubt you will have problems here and I think this is part of offsecs plan. Also this chapter will be the first test of your file transfer abilities, again I would suggest you become very familiar and comfortable using the various file transfer methods you are shown(FTP has been my go to method every time).

    Next up is the web application attacks chapter. This chapter is absolute hell for some people, just doing a quick surf of the student forums will show this. I myself didn't really have much trouble with this chapter other than the LFI section, I would accredit this to the Udemy courses I have done previously. I can't divulge every detail about the LFI section but I will tell you that it is very unique and while in most cases LFI vulnerabilities are typically not that hard to pull off this one in particular had a twist to it that made it a bit difficult for me to figure out. Once again your file transfer abilities are tested even further in this section. That's all I have for now, I'll be back as soon as I can with another update.

    PDF: 280/375
    Videos: 101/148
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #27
    I'm glad my posts could be of assistance dstock7337, it is my hopes that these posts will give some who are on the fence or not confident about their abilities the push they need to start the course.

    Now it has been awhile since my last post and I'm sorry for the delay. I have been very busy finishing up the course and also my 2 week vacation is over and I started back at work this week

    I have FINALLY finished the pdf and the videos. I have 3 exercises left to finish, 2 of them being ones that require you to do certain things in the labs and the other one is the dreaded port forwarding and ssh tunneling section(more on this later). Overall the course material is excellent, it is the best material I have ever seen for this type of stuff and it is also the most unique. Throughout all of the exercises, I feel that offsec really worked hard to make these a challenge. I honestly think that they sat around when drawing up the course and googled every topic included in the materials and then said "Ok now that we know what our students will find on google, how can we design exercises in which they wont be able to find a direct answer or demonstration of the exercise." I did A TON of googling throughout the course and slowly but surely would inch my way towards a solution but never finding a single article that covered the exact scenario. This is part of what makes this course amazing and a good learning experience. You need to learn to research and figure things out on your own.

    Now back to what I said previously about port forwarding and SSH tunneling, this section has several exercises and one of them is very painful and difficult. I managed to finally solve this exercise after a total of 5 hours of working on it, this was the most time I spent on any exercise in the entire course and I am very happy that I was able to get it to work. After I finished that exercise, I decided that I would move on to the next section because at that point I was fed up with SSH tunneling.

    With the pdf/videos and majority of the exercises finished, I have now moved onto the labs and oh my..... IT IS FREAKING FUN! I am currently 2 for 2 in the labs right now. The first box that got system on and retrieved the proof.txt was Alice. This machine was some of the low hanging fruit that I identified in my initial scan and through some of the course exercises. In all honesty, this box took me a total of 5 minutes to finish (yes you read that correctly 5 minutes) LOL. The next box that I finished up last night was Mike. This one wasn't one of the low hanging fruit, in fact it was the opposite. This box was unique and from looking at the forums was giving a lot of people some trouble, but I wanted to test myself. It took me around 4 and a half hours (I think) to finish this box and the excitement I got with every step I made towards finishing it was immense. Again I didn't really find this box to be difficult, it was more a matter of figuring out how a few things worked.

    Now my fellow readers/OSCP future candidates, I am going to give you the most valuable piece of advice( well at least it has been for me)that you will ever get while doing this course or searching the entire student forum........RDP EVERYTHING!!!!!! You should make this a staple of your privilege escalation process. I am not going to give out the full details on how to do this and make it work as that would take the fun out of learning the process (I know I sound like an offsec admin now lol). The only hint I will give you for this process is, RTFM. That should be all you need. Now as a disclaimer I know that there are plenty of other ways to get into a box and this will not always work or be the best way but definitely keep it in your thoughts when trying to escalate privileges.

    <rant>I have been spending around 3-4 hours a day after work and plan to spend 10-12 hours a day on the weekends, I also have a newborn daughter that was born almost 2 months ago. So for those of you thinking you don't have time or any of that nonsense, you have time. Think about it, a guy who works 9-10 hours a day and has a newborn at home has the time for this course. This is one of my biggest pet peeves, if you really want to do something, you will make time for it. Yes I don't get a ton sleep and yes I am tired some days BUT I make it happen. I have goals and nothing will stop me from achieving them. I will do whatever it takes to reach my goals. This is something those of you thinking you don't have time should consider</rant>

    Ok, now that I got that off of my chest, I'll be diving back into the labs tonight after work and hope to at least pwn 1 more box tonight.

    Boxes attempted: 2
    Boxes Pwnd: 2

    Pwnd Box Names
    Alice
    Mike
    Reply With Quote Quote  

  4. Senior Member noahp34's Avatar
    Join Date
    Nov 2012
    Location
    Fortress of Saditude.
    Posts
    111

    Certifications
    A+ Net+ Sec+, Project+,Linux+, CCNA R/S, CCNA Security and bunch of useless certs from WGU program
    #28
    This has been a fun read! Keep the updates coming!
    Reply With Quote Quote  

  5. Senior Member Moldygr33nb3an's Avatar
    Join Date
    Jul 2016
    Posts
    193

    Certifications
    A+, Network+, Security+, Project+, CSA+, CASP, CEHv9, CCNET, CCNA R&S
    #29
    Keep it going, I'm staying tuned in!
    Working on: CCNA - Security

    All your certifications are belong to us.
    Reply With Quote Quote  

  6. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #30
    A few more days have passed since my last update and I have been plugging away at the lab systems. I finally managed to take down Bob moments before this post, a feat that took me an entire day to accomplish but man did it teach me so much. This box serves as Windows Privilege Escalation obstacle course and for me was my first real privilege escalation challenge. The day before I started Bob I also managed to pwn Phoenix which was a whole other beast in itself. I can not possibly stress enough just how important attention to detail is in this course, you can spend hours looking for something and feeling lost when the answer has been right in front of your face the whole time. Its very frustrating at times but also very rewarding when you finally figure it out. I pwnd a few other boxes as well but those literally only took minutes get in, get system/root and pillage their file systems. That's all I have for now, stay tuned!

    Pwnd Box Names
    Alice
    Mike
    JD
    Barry
    Phoenix
    Bob
    Reply With Quote Quote  

  7. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #31
    Hey guys, I'm back with another update. as of this writing I have managed to pwn 2 more boxes, PAYDAY and another that I cant seem to remember at the moment, and continue to learn a great deal from each one. In fact I have even included a "Lessons Learned" section in my notes for each machine to remind me of things I encountered and things to check. Payday gave me some trouble for a couple hours, I ran nikto and my terminal nearly exploded from all of the vulns lol I'm no fool tho and I have become wise to offsecs tactics, I suspected that this was to distract me from something else. After several hours of trying different methods, I tried something that I should have tried in the first place and I got in (I wanted to slap myself in the face for not doing this sooner). Once I was in it took me all of 5 minutes to escalate to root. Also I started on the dreaded box named Pain yesterday (by accident lol) as well. I will say that I have spent considerably less time on this one than most, it took me all of 10-15 minutes to find my vulnerability. This doesn't mean that this box is easy though because it is certainly living up to its name at the moment, I currently have a low priv shell and I know what needs to be done next its just a matter of making it work. I will say that before I started this course I was very nervous and worried about how quickly or slowly I would make progress in the labs and I feel like that I am moving pretty swiftly at the moment.

    Also on a side note, I had a phone interview yesterday with a contracting company that has several positions open in a few areas and it VERY well. Of all the options we talked about, I told the recruiter that I was most interested in one of the junior level red team positions. It sounded like they were needing people ASAP, so fingers crossed that I get the job. That's all I have for now, stay tuned!

    Pwnd Box Names
    Alice
    Mike
    JD
    Barry
    Phoenix
    Bob
    Payday
    (Another that I cant remember but will add it when I get home and check my notes)
    Last edited by McxRisley; 01-17-2017 at 11:49 AM.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Nov 2015
    Posts
    13

    Certifications
    A+,S+,N+,CCENT,eJPT,C|EH
    #32
    Good luck on the job bro. Id love to know how easily people pass OSCP who have worked in the field a little while
    Reply With Quote Quote  

  9. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #33
    So Last night I managed to root PAIN!!!!! I spent probably close to 6 hours on it, an hour of which I probably could have saved since I thought my exploit wasn't working when it really was. When I noticed that the exploit had worked, I jumped up and did a celebration and then cooked some steaks (yes I really did this lol). This was a really fun box but not the most satisfying one that I have completed. So far I would rank BOB as the most rewarding box for me personally.

    As for the box I mentioned yesterday that I couldn't remember the name of, it was RALPH. RALPH was another great learning experience as well, while there is more than one way or even 3 ways in some cases to exploit these boxes, the way I exploited RALPH was very interesting to me. Something I have realized throughout the course is, you can have all of the scripting and coding experience in the world but that is not enough for this course nor is it necessary. So many people get caught up in this aspect of it and I feel like its a very deep rabbit hole that should be visited after the course. This knowledge will help BUT the big thing about this course is knowing what to look for and trust me, you will have many moments where you spend hours on a box and then something pops out at you that you never even thought of looking at or trying. If you don't know to look for it, you will never see it. But the lesson here is that once you do notice these things and figure them out, you will never forget to check for it again (hopefully lol).

    Pwnd Box Names
    Alice
    Mike
    JD
    Barry
    Phoenix
    Bob
    Payday
    RALPH
    PAIN
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Jan 2017
    Posts
    2
    #34
    Thank you for sharing your experience!

    I'm starting with OSCP this weekend, I'm excited about it
    Reply With Quote Quote  

  11. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #35
    Well I'm back with another update and I don't have a whole lot to report on today but here it goes. I spent many hours enumerating a certain box that I have previously pwnd and have found may way into another box (I am not listing those names here so that it does not spoil it for those who have not yet noticed this connection in the labs). I'm hoping to get this exploit going and pwn the box I have discovered today after work.

    UPDATE ON RED TEAM POSITION
    So I finally got a call back today and although I didn't get the job (yet), I did get what I consider to be somewhat good news. They said that lots of people in enroll in the PWK course but very few actually achieve the OSCP cert. They also said that IF I earn the cert then they would definitely be interested in speaking to me further about the position. So needless to say this has further stoked the fire under my ass and changes my plans for the course up a bit. My new plan as of right now is to pwn 30+ boxes in the labs ( these 30 boxes will include all of the boxes that are considered to be the most difficult) and take my first crack at the exam with hopes of passing. If I don't pass, at least I will have an idea of where I stand and what I need to work on. I'm switching gears and cranking up my effort from 100% to 200% from now on. I've been in this exact same situation before when I was trying to get my first job in infosec. I was told "You don't have your security+? Come back and talk to us when you do." I WILL earn this cert and I WILL get this job, mark my words...
    Reply With Quote Quote  

  12. There is no spoon. p@r0tuXus's Avatar
    Join Date
    Nov 2016
    Location
    KCMO
    Posts
    517

    Certifications
    ITIL-F, A+, S+, CCNA
    #36
    I'm really "rooting" for you, mainly because I plan to follow your approach with the certs and hope to be on a red-team one-day soon also. I'm hoping the "who you know" will compensate for a lack of a degree. Congratulations on your successes so far, your thread has been fun to read!
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Apr 2014
    Posts
    144
    #37
    This has been my favorite OSCP thread outside of jolly frogs.

    Very fun and encouraging read. Good luck. In the course, the exam and the job
    Reply With Quote Quote  

  14. Member
    Join Date
    Jan 2017
    Posts
    96
    #38
    McxRisley,

    Can you post the link to the hacking udemy courses because I have two of them that are in my baskets to purchase I just want to make sure they're the right ones.

    I'm just as determined As You Are the right now I'm doing a ton of preparation beforehand
    Reply With Quote Quote  

  15. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #39
    So I'm back and its been a looooooooong weekend. I spent all weekend in the labs and managed to take down 5 more boxes. I have noticed that they are starting to become increasingly difficult for me. Now for those wondering how I go about selecting my targets, I had the whole initial lab scan plan and all that but I have just been going down the list IPs that I discovered in order. I know everyone has their own methodology on this such as picking out the low hanging fruit first, but this is how I decided to do things. I did have a slight issue over the weekend though, I installed veil-evasion on my student VM and this pretty much broke certain features of metasploit that were needed for the course. After spending over an hour talking to an admin, we decided that the best thing for me to do was just re-download the student VM and use that. This is where KeepNote really shines, you can attach files within KeepNote. So I attached the necessary files to folders in KeepNote, threw the backup on dropbox and pulled it down onto my fresh new VM and I was good to go. Needless to say, I have been learning A TON in throughout my time in the labs. I have decided to spend a little bit of each time reviewing my notes from the lab machines just to keep the methods and processes fresh in my head. I will say that of all the things I have done in the labs so far, a technique that I learned last night from a fellow student was probably the most interesting and coolest thing I have done yet. We have dubbed this technique "The Inception Shell". If you are curious as to what this is or how it is performed, I cannot disclose that as it is needed for one of the lab machines. If you're a current student, when you get to this box in the labs and go to the forums, you will notice other students talking about a similar method. I wish I could say more as this is an awesome technique but unfortunately I can't

    I also scheduled my first exam attempt for 8:00 am on March 5th so the pressure is on! LOL In all honesty I have done my best to remain positive throughout my time in the labs but sometimes it's hard to fight off that voice in the back of your head that's telling you that you may not be able to do this. Make no mistake, the test has me worried, but I will do my best. If I don't pass on the first attempt, at least I will be able to gauge where I am at and what I need to work on.

    About the two Udemy courses I took, unfortunately I am at work at the moment and cannot access Udemy for some reason but the two courses I took were by Zaid Sabih. They were "Learn Ethical Hacking From Scratch" and his web app pen testing one which I can't remember the name of at the moment.

    Pwnd Box Names
    Alice
    Mike
    JD
    Barry
    Phoenix
    Bob
    Payday
    RALPH
    PAIN
    Alpha
    Pedro
    Beta
    Bethany
    Mail
    Left Turn
    Reply With Quote Quote  

  16. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    459

    Certifications
    SSCP, Security+ +4
    #40
    Quote Originally Posted by Dr. Fluxx View Post
    Can you post the link to the hacking udemy courses because I have two of them that are in my baskets to purchase I just want to make sure they're the right ones.
    Just do a search in Udemy for "Zaid Sabih." You'll find all of his courses.

    You'll probably want "Learn Ethical Hacking from Scratch." He has a few others.
    Last edited by tedjames; 01-23-2017 at 05:40 PM.
    Reply With Quote Quote  

  17. Member
    Join Date
    Jan 2017
    Posts
    96
    #41
    Thanks guys.

    These are the 2 that I have on tap:

    Learn Website Hacking / Penetration Testing From Scratch
    Learn Ethical Hacking From Scratch
    Reply With Quote Quote  

  18. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #42
    So it's been a few day and the PwnFest continues! I've managed to pwn 4 more boxes so far this week, three of which were GREAT challenges and I learned a lot from. The three that I thought were really are Gamma, Dotty and Sherlock. The 4th machine was Tophat and it literally took me five minutes to root that system. i have been getting better and better at privilege escalation throughout this course and I would to mention to tools that have proved invaluable to me during time in the labs: linuxprivchecker.py and windows-priv-checker. These 2 tools automate all of the checks for and spit it out into your terminal, VERY VERY handy. Of course don't get the impressions that these tools escalate privileges for you because they don't, they merely do all of the recon for you. You still need to know what to look for such as: misconfigured services, weak folder permissions ,etc.

    I have set a goal for myself to try and get at least 1 system a day and so far I have managed to do this. On work days I'm usually able to finish one box and get started on another. On the weekends I'm averaging two boxes a day, sometimes three. Hopefully I can keep up this pace and hit my goal of at least 30 boxes pwnd before my exam on March 5th.

    Pwnd Box Names
    Alice, Mike, JD, Barry,Phoenix
    Bob, Payday, RALPH, PAIN, Alpha
    Pedro, Beta, Bethany, Mail, Left Turn,
    Gamma, Tophat, Dotty, Sherlock
    Reply With Quote Quote  

  19. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #43
    The weekend has passed and once again I'm back with another update. This weekend was a VERY productive weekend for me in the labs. I managed to pwn 7 boxes this weekend, 5 of which I took down on Sunday. The most challenging of these 7 boxes was easily gh0st. gh0st is a very unique system because it is not really a technical challenge, it is more of a mind game/trolling challenge. Although this box probably has no application in the real world, it still teaches some valuable lessons. The other 6 boxes that I took down really weren't that much of a challenge for me, but then again what is easy for me may prove to be quite difficult for others and vice versa. My efforts this weekend has put me up to a grand total of 26 boxes pwnd. At this point I am WAY ahead of schedule and should easily achieve my goal of at least 30+ boxes before taking the exam. I am actually planning to make it to the mid 30s by the end of this coming weekend.

    Pwnd Box Names
    Alice, Mike, JD, Barry,Phoenix
    Bob, Payday, RALPH, PAIN, Alpha
    Pedro, Beta, Bethany, Mail, Left Turn,
    Gamma, Tophat, Dotty, Sherlock, DJ
    gh0st, Susie, ORACLE, Help Desk, Kraken
    Hotline
    Reply With Quote Quote  

  20. Junior Member Registered Member
    Join Date
    Jan 2017
    Posts
    2
    #44
    Thank you for sharing the experience, incredible OSCP thread.

    I started the course last week and feel a little overwhelmed... any advice from your experience?
    Reply With Quote Quote  

  21. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #45
    Join the TechExams discord channel at https://discord.gg/AQwaeGf

    The channel is growing nicely and there are lots of good resources listed along with current students who can help nudge you in the right direction if you need it.
    Reply With Quote Quote  

  22. Member
    Join Date
    Jan 2017
    Posts
    96
    #46
    Is this exclusive to OSCP students only?
    What about those who are in pre exam prep stage?
    Reply With Quote Quote  

  23. Member
    Join Date
    Jan 2016
    Location
    Malta
    Posts
    52

    Certifications
    A+, Net+, MCSE 2000, CCNA, eJPT, LPIC1, OSCP
    #47
    Quote Originally Posted by Dr. Fluxx View Post
    Is this exclusive to OSCP students only?
    What about those who are in pre exam prep stage?
    You're more than welcome to join.
    Reply With Quote Quote  

  24. Member
    Join Date
    Jan 2017
    Posts
    96
    #48
    Quote Originally Posted by luger View Post
    You're more than welcome to join.
    Thanks!
    I will definitely be there.
    Reply With Quote Quote  

  25. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #49
    It has been over a week since my last update and I am happy to announce that I have reached my goal of at least 35 hosts including the 4 hardest ones(pain,gh0st,sufferance,humble). As of last night I took down my 35th host which leaves just a couple of hosts left in the public network. Although I hit my goal last night, that is not what I am most proud of at this moment. What I consider my greatest achievement in the labs so far is taking down humble. Humble is a BEAST and has numerous hurdles within it, just when you think you are finished.....nope, still another step left. Humble taught me a lot and one of the things that made it so difficult was the nature of the privilege escalation and the fact that no other host in the labs will prepare you for it.

    Another really good system that I would like to mention is the exploit database system or also known as punchout(for this current version).
    For those of you who don't know, the exploit database machine is the only system in the labs that is not static. Meaning that every few months offsec completely changes the system. This one was even more of a puzzle than ghost and one that I thoroughly enjoyed. I am hoping that thi host changes before my lab time is up so that I can take a crack at the new one. I have also discovered the other networks recently and have begun poking around and messing with port forwarding and tunneling, which is my weak spot.

    One very important lesson that I have been learning as of lately is the need to thoroughly read through any exploit that you use. This is something that offsec tries to teach during the course but you will hit a wall very quickly if you don't actually do it. Now I am now programmer and my scripting skills are almost non-existent but I am able to read through exploits and find things that may not work or need changed at this point.

    At this point I'm hoping that I can push my hosts numbers into the mid 40s before my exam. I am also going to be focusing on writing buffer overflows for a couple of the machines in the labs just to get some more practice in before the exam.

    Pwnd Box Names
    Alice, Mike, JD, Barry,Phoenix
    Bob, Payday, RALPH, PAIN, Alpha
    Pedro, Beta, Bethany, Mail, Left Turn,
    Gamma, Tophat, Dotty, Sherlock, DJ
    gh0st, Susie, ORACLE, Help Desk, Kraken
    Hotline, Sufferance, Joe, Punchout(EDB), Humble
    Timeclock, Sean, FC4, Core, Kevin
    Reply With Quote Quote  

  26. There is no spoon. p@r0tuXus's Avatar
    Join Date
    Nov 2016
    Location
    KCMO
    Posts
    517

    Certifications
    ITIL-F, A+, S+, CCNA
    #50
    Quote Originally Posted by McxRisley View Post
    I am hoping that this host changes before my lab time is up so that I can take a crack at the new one.

    And this is why I love your thread!
    Congrats on your success and I hope it continues.
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 4 First 12 34 Last

Social Networking & Bookmarks