+ Reply to Thread
Page 3 of 3 First 123
Results 51 to 70 of 70
  1. Senior Member LinuxRacr's Avatar
    Join Date
    Jul 2010
    Posts
    634

    Certifications
    B.S. IT Security, A.A.S. Electronics Engineering Technology, ITIL V.3, A+, Security+, Linux+, Project+, CCENT, CCNA (R&S, Security), MTA: 98-364
    #51
    Good work!
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #52
    Hello All,

    I am back with my updates after quite a some time. Work was eating away much of my time these days and the remaining time I was spending in the lab and hence couldn't update it on time.

    Last week, I took few days off from my work and that was the time I was spending most of the time in the labs. Without any stress/work load, I was just enjoying my time in the lab and got hold of some of the most important machines in the labs. I took down the Domain controllers and the journey to them was really really long and tough. Initially I got hold of a machine, which paved way for another machine using a client side attack and I have to make use of that to compromise the DCs. It was really a beautiful journey and I really loved it.

    After getting off the Domain Controller, I decided to work on gh0st. It was more of a CTF kind of machine rather than a real world one. When I was doing this machine, at times I thought "Am I going inside a never ending Rabbit hole and wasting my time!!!!". We have to pay a very closer attention to every minute detail we get from every source to crack this machine. It sure taught me a lot of cool things. And for the privilege escalation of gh0st, the default g0tmilk post was more than sufficient, but it needed some twisting and tweeking in the exploit section.

    And for the remaining time of the week, I was honing my windows privilege escalation skills. I was just going through Fuzzy and other blogs available and was experimenting with my Windows VM. I feel more confident in this area, than I was about 2-3 weeks before and hope to get more better in the coming days.

    As I get to solve more machines, I get a feel that the offsec journey is more of a puzzle. It is like you are given the required pieces of information and it's upto you to figure out how they fit together. Every single piece of information you gathered from a machine is worth and might even pave way for even other 2-3 machines

    By the time of writing this, I have 32 full privilege shells and 3 low privilege shells. Let me see how far I can go further.
    Last edited by saraguru; 05-12-2017 at 03:48 AM.
    Reply With Quote Quote  

  4. Junior Member Registered Member
    Join Date
    Apr 2017
    Location
    CT
    Posts
    4

    Certifications
    A+
    #53
    Nice! Keep up the good work.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Feb 2015
    Location
    Tampa, FL
    Posts
    266

    Certifications
    GPEN/GCIH/CEH
    #54
    Saraguru,

    How d you know what you need to modify in the various exploits? I as working trough a vulnhub and while I figure that at some points I would have had an idea of what needed to be fixed , ultimately its only through searching and finding guides to the specific exercise was I able to get through it. I feel like i'm missing something.
    Reply With Quote Quote  

  6. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #55
    Quote Originally Posted by SaSkiller View Post
    Saraguru,

    How d you know what you need to modify in the various exploits? I as working trough a vulnhub and while I figure that at some points I would have had an idea of what needed to be fixed , ultimately its only through searching and finding guides to the specific exercise was I able to get through it. I feel like i'm missing something.
    I am not quite sure what kind of exploits you are talking about SaSkiller. If you are talking about privilege escalation exploits, I found that, most of the time the error messages which you get while compiling or running are a good point to start googling for. Those errors might be due to some missing libraries or incompatible ones. In rare cases I have to go through the code and it will require only very little or no modification in 90% of the cases.

    If you have any specific scenario, then if you describe it, may be I can provide you more information
    Reply With Quote Quote  

  7. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #56
    Quote Originally Posted by jtoca View Post
    Nice! Keep up the good work.
    Thanks a lott jtoca
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Feb 2015
    Location
    Tampa, FL
    Posts
    266

    Certifications
    GPEN/GCIH/CEH
    #57
    Quote Originally Posted by saraguru View Post
    I am not quite sure what kind of exploits you are talking about SaSkiller. If you are talking about privilege escalation exploits, I found that, most of the time the error messages which you get while compiling or running are a good point to start googling for. Those errors might be due to some missing libraries or incompatible ones. In rare cases I have to go through the code and it will require only very little or no modification in 90% of the cases.

    If you have any specific scenario, then if you describe it, may be I can provide you more information
    Thanks, I had a feeling tat would be e case as well, I'm jut going to keep at it.
    Reply With Quote Quote  

  9. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #58
    Hello All,

    As of yesterday, my lab time for OSCP came to an end. And all I could get in two months was 33 admin/root shells and 3 limited shells. I am a little sad that I couldn't get hold of the Admin network but I'm far more happy with what I have learnt. Two months duration flew off very very fast and I already started missing the lab. As a beginner to the pentesting field, I learnt a tonne out of the course and it is beautifully designed. I am planning to take up the exam soon and in case I didn't manage to pass, I am planning to buy an extension for just 15 days and prepare a bit more. Let's see what awaits for me!!
    Reply With Quote Quote  

  10. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #59
    Hi All,

    I took up my exam this Sunday and Offsec beat me this time!!!

    I thought I'll briefly describe my experience here...My exam started at around 2:30pm and in about 2hrs i got a 25 point machine. Next I started to attack the next 25 pointer but couldn't make any progress. So, I decided to go on with the 20 pointer machine and even there I couldn't get a shell. It was around 6:00pm at the time and I was really really sad to an extent that I thought of giving up at that moment. Then, I took a shower, had some snack and started attacking 10 pointer. It fell within just 30 min and I began gaining my confidence again. And about 8:30pm I got a low privilege shell on another 20 pointer machine. So, within 6hrs or so I got full shell on one 25 pointer, one 10 pointer and low privilege shell on another 20 pointer. I still had my Metasploit lifeline left at this point. So, I thought that I can definitely make it this time. But my bad time started from there. I tried everything I knew on the remaining 2 machines, but every path I took led me to a block. I tried taking breaks and switching between the machines. But nothing worked for me. About 12:30pm the next day, I decided to give up and let Offsec win me this time.

    But this was a good experience for me and I am planning to buy extension for 15 days and take up the exam again sometime in June.

    Result after Round #1: Offsec (1) - Me (0)

    Let me see if I can win Offsec in the 2nd round of the Match.
    Reply With Quote Quote  

  11. Member
    Join Date
    Jun 2015
    Location
    Hartford CT
    Posts
    45

    Certifications
    CISSP, CEH, ECSA, CCNA
    #60
    Sorry to hear 🙁
    Your preparation and efforts are good. You can easily clear next time. Have a break and try again.
    Reply With Quote Quote  

  12. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #61
    Quote Originally Posted by sesha437 View Post
    Sorry to hear 
    Your preparation and efforts are good. You can easily clear next time. Have a break and try again.
    Yah, even I'm thinking about having a break and trying it once again!!!

    I'm planning to take the next round sometime in june. Till then may be I'll practice with machines from vulnhub. Privilege Escalation is something which I must definitely focus on for now

    Though I'm not sure if I can make it the next time!! Fear starts enveloping me just by thinking about taking the exam
    Reply With Quote Quote  

  13. Member
    Join Date
    Sep 2016
    Location
    London| United Kingdom
    Posts
    65

    Certifications
    CISSP| CEH| CISA| CISM| CGEIT|CRISC|
    #62
    Quote Originally Posted by saraguru View Post
    Hi All,

    I took up my exam this Sunday and Offsec beat me this time!!!

    I thought I'll briefly describe my experience here...My exam started at around 2:30pm and in about 2hrs i got a 25 point machine. Next I started to attack the next 25 pointer but couldn't make any progress. So, I decided to go on with the 20 pointer machine and even there I couldn't get a shell. It was around 6:00pm at the time and I was really really sad to an extent that I thought of giving up at that moment. Then, I took a shower, had some snack and started attacking 10 pointer. It fell within just 30 min and I began gaining my confidence again. And about 8:30pm I got a low privilege shell on another 20 pointer machine. So, within 6hrs or so I got full shell on one 25 pointer, one 10 pointer and low privilege shell on another 20 pointer. I still had my Metasploit lifeline left at this point. So, I thought that I can definitely make it this time. But my bad time started from there. I tried everything I knew on the remaining 2 machines, but every path I took led me to a block. I tried taking breaks and switching between the machines. But nothing worked for me. About 12:30pm the next day, I decided to give up and let Offsec win me this time.

    But this was a good experience for me and I am planning to buy extension for 15 days and take up the exam again sometime in June.

    Result after Round #1: Offsec (1) - Me (0)

    Let me see if I can win Offsec in the 2nd round of the Match.
    Good effort Saraguru! Well done.
    Reply With Quote Quote  

  14. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #63
    Hello All,

    I am realllllly happy to say that I have successfully tamed the Offsec beast and I am an OSCP now.

    The two months journey has been awesome and I enjoyed rooting each and every machine in the lab. After facing failure in my first attempt, I did some practicing with Vulnhub machines, doing nearly 1 VM per day on weekdays and 2 machines on the weekends.

    I was mentally more prepared for the second round and had some idea of what to expect and how to tackle them. Just when there was about an hour left for the exam to end, I escalated a linux machine and obtained enough points to pass the exam. The moment when I saw the # for that linux machine it is just unforgettable . I got 4 out of 5 machines and couldn't manage to get the fat 25 pointer.

    Next, I am gonna have fun for some days and think about doing SLAE soon, followed by OSCE may be at the end of this year or in the beginning of next year ( not having enough money now ). Anybody doing SLAE now or about to start OSCE may be in a month or two??!
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Oct 2015
    Posts
    159

    Certifications
    GCIH, C|EH, MCSA Windows 10
    #64
    Congrats on passing. Can you list the vulnhub machines you did? I'm hoping to go after OSCP after I finish the GCIH.
    Reply With Quote Quote  

  16. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #65
    Quote Originally Posted by fabostrong View Post
    Congrats on passing. Can you list the vulnhub machines you did? I'm hoping to go after OSCP after I finish the GCIH.
    Thanks a lot fabostrong. I started doing more of Vulnhub only after I failed in my first attempt. First I did the VMs suggested by Sheiko37 which you can find in the below link:
    OSCP (starting 13/12/2015)
    After doing those, I practiced few other things:
    Hackfest ( Tri-series )
    DC416: 2016 ( i did only 1 from this )
    SkyDog 2016: Catch me IF you can
    PwnLab: Init
    Tommy Boy: 1
    6Days Lab: 1.1
    The Necromancer: 1
    Mr. Robot: 1
    Stapler: 1

    Note: I did some of these VMs and few others not listed here, even before registering for OSCP.

    Vulnhub is a great place to get a feel of what we are gonna face in OSCP lab. It is where I gained much knowledge in a short term as we have walkthrough available ( though it is against offsec style of learning I think one can learn a great deal by this method, I rarely see walkthrough now ).
    Last edited by saraguru; 06-05-2017 at 03:27 AM.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Oct 2015
    Posts
    159

    Certifications
    GCIH, C|EH, MCSA Windows 10
    #66
    Quote Originally Posted by saraguru View Post
    Thanks a lot fabostrong. I started doing more of Vulnhub only after I failed in my first attempt. First I did the VMs suggested by Sheiko37 which you can find in the below link:
    OSCP (starting 13/12/2015)
    After doing those, I practiced few other things:
    Hackfest ( Tri-series )
    DC416: 2016 ( i did only 1 from this )
    SkyDog 2016: Catch me IF you can
    PwnLab: Init
    Tommy Boy: 1
    6Days Lab: 1.1
    The Necromancer: 1
    Mr. Robot: 1
    Stapler: 1

    Note: I did some of these VMs and few others not listed here, even before registering for OSCP.

    Vulnhub is a great place to get a feel of what we are gonna face in OSCP lab. It is where I gained much knowledge in a short term as we have walkthrough available ( though it is against offsec style of learning I think one can learn a great deal by this method, I rarely see walkthrough now ).

    Thanks a lot and congrats again!
    Reply With Quote Quote  

  18. Member
    Join Date
    Jan 2017
    Posts
    96
    #67
    *Applauds*
    Reply With Quote Quote  

  19. Junior Member Registered Member
    Join Date
    Feb 2017
    Posts
    3
    #68
    Hey Saraguru,

    Congrats man u really did a great in cracking the OSCP and detailing your journey for us. Finally all the best for your future endeavors.
    Reply With Quote Quote  

  20. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #69
    Quote Originally Posted by VoyagerOne View Post
    Hey Saraguru,

    Congrats man u really did a great in cracking the OSCP and detailing your journey for us. Finally all the best for your future endeavors.
    Thanks a lotttt VoyagerOne!!
    Reply With Quote Quote  

  21. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #70
    Quote Originally Posted by Dr. Fluxx View Post
    *Applauds*
    Thanks a lot Dr.Fluxx!!
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 3 First 123

Social Networking & Bookmarks