+ Reply to Thread
Page 3 of 3 First 123
Results 51 to 72 of 72
  1. Member
    Join Date
    Jan 2017
    Posts
    96
    #51
    I'm still in prep mode..but i hear that Pain and Sufferance boxes are the most difficult.
    I'm paying close attention to all of these OSCP threads.
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Feb 2017
    Posts
    16
    #52
    i hear that Pain and Sufferance boxes are the most difficult.
    I'm paying close attention to all of these OSCP threads.
    I depends. For me Pain was easier than many, so called, easy machines. Actually it depends on your skillset!!!!!
    Reply With Quote Quote  

  4. Member
    Join Date
    Apr 2017
    Posts
    41
    #53
    Quote Originally Posted by Dr. Fluxx View Post
    I'm still in prep mode..but i hear that Pain and Sufferance boxes are the most difficult.
    I'm paying close attention to all of these OSCP threads.
    Yeah I'm saving those guys for last. I've heard from multiple people though that they have had harder times with other boxes compared to those, so it's all relative.

    As an update:
    I finally got DOTTY after being on it for 3 weeks. I also got JD and DJ which was basically the same machine, and a low privilege shell on FC4.

    ALICE
    BOB
    BOB2
    BETHANY
    MIKE
    BARRY
    PHOENIX
    ALPHA
    BETA
    TOPHAT
    SUSIE
    ORACLE
    GAMMA (Low Privilege)
    JD
    HOTLINE
    PAYDAY
    LEFTTURN
    DOTTY
    JD
    DJ
    FC4 (Low Privilege)
    Reply With Quote Quote  

  5. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #54
    You're doing a great job! How many days do you have left on your lab time?
    Reply With Quote Quote  

  6. Member
    Join Date
    Apr 2017
    Posts
    41
    #55
    Quote Originally Posted by adrenaline19 View Post
    You're doing a great job! How many days do you have left on your lab time?
    I still have 60 days. I got KRAKEN and HELPDESK yesterday. I made the mistake of not checking secondary connections and dumping hashes on all machines, I'm going to have to go back and do that because some of the machines I haven't got yet require another host's connection first.

    ALICE
    BOB
    BOB2
    BETHANY
    MIKE
    BARRY
    PHOENIX
    ALPHA
    BETA
    TOPHAT
    SUSIE
    ORACLE
    GAMMA (Low Privilege)
    JD
    HOTLINE
    PAYDAY
    LEFTTURN
    DOTTY
    DJ
    FC4 (Low Privilege)
    KRAKEN
    HELPDESK
    Reply With Quote Quote  

  7. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #56
    Do you have a post exploit script? Once you've popped the box, how are you collecting info?

    You really need to be thorough. If you haven't gained access to another network yet, you've missed something in one of your boxes.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Feb 2017
    Posts
    16
    #57
    @adrenaline19 Are you sure?!?..I gained access to all three sub-networks but not from any of the machines ROOTED by Hausec!!!
    Reply With Quote Quote  

  9. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #58
    You're coming along nicely. I would say that you're probably only a few weeks away from being ready for an exam attempt? I remember only having 24 boxes popped and I passed the OSCP on the first time.
    Reply With Quote Quote  

  10. Member
    Join Date
    Apr 2017
    Posts
    41
    #59
    Quote Originally Posted by adrenaline19 View Post
    Do you have a post exploit script? Once you've popped the box, how are you collecting info?

    You really need to be thorough. If you haven't gained access to another network yet, you've missed something in one of your boxes.
    I do, I just get so excited I forget to run it.

    Quote Originally Posted by Mefistogr View Post
    @adrenaline19 Are you sure?!?..I gained access to all three sub-networks but not from any of the machines ROOTED by Hausec!!!
    Thanks for the hint

    Quote Originally Posted by BuhRock View Post
    You're coming along nicely. I would say that you're probably only a few weeks away from being ready for an exam attempt? I remember only having 24 boxes popped and I passed the OSCP on the first time.
    This is good to know! I'm saving Pain, Sufferance and Humble for last.
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Jul 2017
    Posts
    16
    #60
    Quote Originally Posted by adrenaline19 View Post
    Do you have a post exploit script? Once you've popped the box, how are you collecting info?

    You really need to be thorough. If you haven't gained access to another network yet, you've missed something in one of your boxes.
    Would you recommend us a post exploit script you used?

    Thank you!
    Reply With Quote Quote  

  12. Member
    Join Date
    Apr 2017
    Posts
    41
    #61
    SEAN, MAIL, and KEVIN downed this weekend.

    ALICE
    BOB
    BOB2
    BETHANY
    MIKE
    BARRY
    PHOENIX
    ALPHA
    BETA
    TOPHAT
    SUSIE
    ORACLE
    GAMMA (Low Privilege)
    JD
    HOTLINE
    PAYDAY
    LEFTTURN
    DOTTY
    DJ
    FC4 (Low Privilege)
    KRAKEN
    HELPDESK
    MAIL
    SEAN
    KEVIN
    Reply With Quote Quote  

  13. Member
    Join Date
    Apr 2017
    Posts
    41
    #62
    No real updates this week, I've kinda taken time off to spend time with the family a bit more since I've been doing this since I get straight home from work until bed time for the past month. I have done some simple recon on the rest of the machines and the machines in the IT department and they all require other hosts, which I don't have a problem with, but I'm having some serious issues with some of these. One machine I've been working on for awhile just is not working for some reason, even an admin checked everything I was doing and said it should be working, yet it's not. This might be one of those times I ping another student in the forums and ask how they got their payload working.
    Reply With Quote Quote  

  14. Member
    Join Date
    Apr 2017
    Posts
    41
    #63
    NIKY and JEFF downed. God those were some fickle machines.... I never reverted so much in my life

    ALICE
    BOB
    BOB2
    BETHANY
    MIKE
    BARRY
    PHOENIX
    ALPHA
    BETA
    TOPHAT
    SUSIE
    ORACLE
    GAMMA (Low Privilege)
    JD
    HOTLINE
    PAYDAY
    LEFTTURN
    DOTTY
    DJ
    FC4 (Low Privilege)
    KRAKEN
    HELPDESK
    MAIL
    SEAN
    KEVIN
    NIKY
    JEFF
    Reply With Quote Quote  

  15. Member
    Join Date
    Apr 2017
    Posts
    41
    #64
    It's been awhile since I gave an update. Not much has changed, to be honest I've ran into a wall in terms of getting machines via proxy. I did manage to get TIMECLOCK and FC4 (which OffSec said is not really OSCP relevant -- that along with Pain and Sufferance). I've identified vulnerabilities on Humble and Ghost, it's just a matter of exploiting them. I also know the path to root Gamma but I'm running into some serious issues with port forwarding (hint hint). My exam date is scheduled for the 18th now, I had to change it since I had some things come up. Honestly I think in terms of OSCP prep I'm reading more Vulnhub write ups than I am doing PWK machines. I do have a question for those OSCP re-takes, in the event I fail my first attempt, I read that you can retake 4 more times. What happens if you fail after the 4th time? Do you have to repurschase PWK?
    Reply With Quote Quote  

  16. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #65
    FC4? Did you maybe mean EDBMACHINE as being less relevant?
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  17. Member
    Join Date
    Apr 2017
    Posts
    41
    #66
    Quote Originally Posted by LonerVamp View Post
    FC4? Did you maybe mean EDBMACHINE as being less relevant?
    I believe that's the one. G0tm1lk mentioned it in a post on the offsec forums, I'm trying to find it. Also as a piece of advice for anyone -- If you're trying to exploit something and it isn't working (script or metasploit) against a certain app, it doesn't take long to download the app itself and develop a POC on your own machines so you can see what's going wrong.
    Reply With Quote Quote  

  18. Member
    Join Date
    Apr 2017
    Posts
    41
    #67
    ^ Whoops, it wasn't g0tm1lk but another admin
    https://forums.offensive-security.co...+sufferance%2C
    Q: How do i know when i am ready to take the OSCP exam


    A:
    Of course, a very difficult question to answer.
    In general, we suggest *at minimum* hacking all the machines in the "Student network" apart from pain, sufferance and fc4. This will give you the bare skills needed to pass the exam. Of course, we cannot guarantee this estimate.


    By this standard the ones I'm missing are
    Slave/Master
    Ghost
    Humble
    Observer
    Cory
    Tricia
    Pedro

    The reason being most of these require another host to be compromised before moving on, so I saved them for last. Also forgot to edit in my first post that I rooted Gamma, which in my opinion is one of the hardest machines.
    IMO Aside from Ghost/Humble/Sufferance/Pain the hardest ones have been:
    Gamma
    DOTTY
    BETHANY
    BOB
    Beta

    Honerable mentions:
    LEFTTURN
    FC4
    Sherlock
    Last edited by Hausec; 08-29-2017 at 02:40 PM.
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Feb 2017
    Posts
    16
    #68
    I do have a question for those OSCP re-takes, in the event I fail my first attempt, I read that you can retake 4 more times. What happens if you fail after the 4th time?
    "After the 4th failed exam onwards, a student may schedule an exam retake after 6 weeks."

    I think, it means, you can retake the exam as many times as you wish, as long as 6 weeks have passed!!!!!
    Reply With Quote Quote  

  20. Member
    Join Date
    Aug 2017
    Posts
    64

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #69
    This is a great thread. Have you scheduled your exam yet?
    Reply With Quote Quote  

  21. Member
    Join Date
    Apr 2017
    Posts
    41
    #70
    Quote Originally Posted by m4v3r1ck View Post
    This is a great thread. Have you scheduled your exam yet?
    Thanks, and yes, it's scheduled for the 18th.
    Reply With Quote Quote  

  22. Member
    Join Date
    Apr 2017
    Posts
    41
    #71
    So today is the day. I got the email as scheduled and started. I downed the first 25 point machine in the first few hours (2 hours were spinning my wheels thanks to a certain program having a bug, so realistically this should've taken me 45 minutes), I got a low priv shell on a 20 point machine the next hour then rooted it two hours later, then got another low priv shell on a 20 point machine. The other 25 pointer I have no freakin clue where to even begin so that'll probably sit. So I'm just going to work on getting the 10 pointer and escalating on the other 20 pointer and I should pass. Easier said than done right? At this point, even I do fail, I'm not disappointed at all because I think this wasn't a bad attempt for my first try.
    Reply With Quote Quote  

  23. Member
    Join Date
    Apr 2017
    Posts
    41
    #72
    Unfortunately I wasn't able to escalate on the second machine or get the 10 point machine which I'm convinced should be worth more than 10 points because that is NOT easy. Overall, like I said, I'm not that disappointed in myself, I'm just kind of irritated that I couldn't get the "easy" machine which would've possibly made me in passing range. I'll reschedule for a weekend this time and I'll be much more relaxed since I have experience going in and know what I messed up on the first machine. Like Neo, I didn't make the first jump.
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 3 First 123

Social Networking & Bookmarks