+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 72
  1. Member
    Join Date
    Apr 2017
    Posts
    41
    #1

    Default Just Another OSCP Journey

    I've been in information security for a few years now and pentesting is about 30% of my job. I'd like to do it full time one day so researching how to get there showed the OSCP. Since I read about it, I knew I wanted it. I created a website, www.hausec.com, to document what I've done in preperation for PWK -- from Vulnhub write-ups to cheatsheets. I have a section dedicated to my OSCP progress and I'll basically be copy+pasting from here to there and vice versa.

    Here's what I've done to prepare for PWK (About a year ago now):

    At home I have a giant whiteboard attached to my wall. On it, I’ve drawn a tree diagram with my goal of OSCP at the top. I have four components I want to “check off” before I registered for the OSCP. They are:

    Vulnhub VMs
    Homelab(Psuedo Windows environment)
    Books
    Videos
    Homelab was the first thing I crossed off. I simply installed an ESXI server on an old box I had laying around and build a Windows environment with server 2003, 2008 R2, 2012 R2, XP, Win 7, Vista, and Win8. The point of this was to purposely make misconfigs in the domain (e.g. DNS Zone Transfers) that will simulate what a real environment will be like.

    Vulnhub VMs were the things that took me the longest. I’ve done a lot of research and read a lot of blogs on people who have taken the OSCP, and of those that listed Vulnhub VMs, I’ve gone and downloaded and added to my list. It’s as followed:
    • 64Base
    • Droopy
    • FristiLeaks
    • IMF
    • Kevgir
    • Kioptrix 1-4
    • LordofTheRoot
    • Metasploitable 2
    • Mr.Robot
    • NullByte
    • Pwnlab_init
    • PwnOS 1.0
    • SickOS 1.2
    • SickOS 1.1
    • Stapler
    • trll
    • trll2
    • Vulnix
    For some of these I've done a write-up as I’ve noticed that write-ups greatly help me remember what I did. To assist me with these, I compiled a cheat sheet as well that can be found here.

    Next are books. I have five books that I have read since my preperation:
    • Metasploit, the Penetration Tester’s Guide
    • Practical Malware Analysis (Definitely not needed for OSCP but this helps with my job)
    • Hacking Exposed 7
    • Violent Python (Also not too necessary, but does help)
    • RTFM (More of a reference guide, but still helpful)
    Finally there are 4 video topics I've watched from Pentester Academy: Learn Pentesting Online, it’s a subscription to watch them and I got it when it was on sale.
    • Python
    • Powershell
    • Network
    • Webapp
    • Shellcoding
    With the exception of a few videos and some chapters in the books, I've accomplished all of these so I registered for PWK starting on June 24th for 90 days.

    I work full time, and I'm still in school part time, so I figured I would need the most time as possible. Once my lab time is up I’ll attempt the exam. I know if I were to take the exam now I would probably not even root one box, but I feel as though my preparation over the last year has prepared me for the PWK. The plan is when the lab opens up, to download all the training material. I won’t even begin scanning or pentesting; I’m just going to go through the course material and do the labs, taking notes when appropriate. I won’t be posting anything specific here, but I’ll be keeping personal notes.

    Once I’ve finished the labs and course materials, I will then start pentesting the machines in the environment and document those as well. I’m prepared to have my confidence crushed, as others have before, and truth be told I doubt I’ll pass the OSCP on the first try as it usually takes a few, but I'll definitely try my hardest.
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #2
    This is a great preparation for OSCP Hausec!!! Hope you have a great time in lab and enjoy it as much as I did. Good luck and have Fun
    Reply With Quote Quote  

  4. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #3
    Awesome writeup! Your prep is exactly what I had in mind for when I go for the OSCP. I'll definitely be following your thread/blog.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  5. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #4
    Good stuff! I think doing the vulnhubs is a little overkill, but it will mean you get to hit the ground running and already have an idea for your own personal enumeration checklist!

    Good luck!
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    168

    Certifications
    CISSP, CEH, CCNA Security, CCNA R&S, VCP5-DCV, VCP-Cloud, MCSA 2012, MCSA 2008, MCSA 2003, Security +, Net+, A+
    #5
    I'm a month in. I didn't touch the videos until last weekend and they really help. I assumed they were the same as the PDF and they aren't. Use them both!
    Reply With Quote Quote  

  7. Member
    Join Date
    Jan 2017
    Posts
    96
    #6
    Everything sounds great training wise...looks like my set up, but you work full time, school full time AND youre going to try this in 30 days?
    That's going to be hard as hell.
    Reply With Quote Quote  

  8. Member
    Join Date
    Apr 2017
    Posts
    41
    #7
    Quote Originally Posted by Dr. Fluxx View Post
    Everything sounds great training wise...looks like my set up, but you work full time, school full time AND youre going to try this in 30 days?
    That's going to be hard as hell.
    Nah, school part-time, work-full time and I bought the 90 day package. It's still a lot though, so here's to no life for the next 3 months.
    Reply With Quote Quote  

  9. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #8
    Just wanted to circle back around now that I had a chance to check out your site. I love it! That ********** is going to take you places!
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  10. Member
    Join Date
    Apr 2017
    Posts
    41
    #9
    Quote Originally Posted by LonerVamp View Post
    Just wanted to circle back around now that I had a chance to check out your site. I love it! That ********** is going to take you places!
    Thanks! I personally have to take notes or else I forget things, so I figured why not just make them available to everyone?
    Reply With Quote Quote  

  11. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #10
    I guess this site censors ch34tsh33t... but not with a space: cheat sheet
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  12. Member
    Join Date
    Nov 2011
    Location
    UK
    Posts
    49
    #11
    Hi Hausec,

    Sounds like you have a solid plan, i have been in the PWK labs for 2 weeks now and loved every minute of it. That being said i havent touched the lab machines yet, well i did have a go at Alice but used metsaploit. I am currently putting 2-3 hours a night (mon-fri) and 10-14 hours per day over the weekend.

    Give me a shout if you wanna bounce ideas around.

    Thanks
    Chard
    Reply With Quote Quote  

  13. Member
    Join Date
    Jul 2016
    Posts
    30

    Certifications
    A+, Net+, Sec+, Linux+, CCNA, CSA+, CEH, OSCP
    #12
    Quote Originally Posted by Hausec View Post
    Nah, school part-time, work-full time and I bought the 90 day package. It's still a lot though, so here's to no life for the next 3 months.
    We've all been there man.. PM me if you want an invite to the TE OSCP Discord. Join up and come chat if you need any help.
    Reply With Quote Quote  

  14. Member
    Join Date
    Apr 2017
    Posts
    41
    #13
    Quote Originally Posted by Chard26 View Post
    Hi Hausec,

    Sounds like you have a solid plan, i have been in the PWK labs for 2 weeks now and loved every minute of it. That being said i havent touched the lab machines yet, well i did have a go at Alice but used metsaploit. I am currently putting 2-3 hours a night (mon-fri) and 10-14 hours per day over the weekend.

    Give me a shout if you wanna bounce ideas around.

    Thanks
    Chard
    Absolutely, thanks!
    Reply With Quote Quote  

  15. Member
    Join Date
    Apr 2017
    Posts
    41
    #14
    Quote Originally Posted by rex0r View Post
    We've all been there man.. PM me if you want an invite to the TE OSCP Discord. Join up and come chat if you need any help.
    Yes, definitely.
    Reply With Quote Quote  

  16. Member
    Join Date
    Apr 2017
    Posts
    41
    #15
    I've started the PWK course. Right on time, OffSec emailed me everything. I have my videos and the PDF which I'm watching now. As others have stated, the videos is the primary way of learning, with PDFs being the thing you do after. So watch a video on a module > then read about it. I do have a question for those who have done this --- the documentation is unclear on what is good enough for "documenting" the exercises. Do just screenshots suffice?
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Sep 2015
    Posts
    23

    Certifications
    OSCE, OSCP, CEH, CCSK, MCSA
    #16
    That's probably a question better asked in Offsec's forum or directly on their support chat...
    I didn't document the exercises myself.
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    Mar 2017
    Location
    Washington State
    Posts
    6

    Certifications
    Security+, GSEC
    #17
    I'll be eager to see any updates, Hausec. This one is definitely on my list of certifications...
    Reply With Quote Quote  

  19. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #18
    Quote Originally Posted by Hausec View Post
    ...I do have a question for those who have done this --- the documentation is unclear on what is good enough for "documenting" the exercises. Do just screenshots suffice?
    On the Offsec support web site, you should be able to find an example or two for lab reports, plus you can check the exam rules/requirements and they should also contain a report example. Both should, in general give some guidelines as well. Combine the report examples with the guidelines and your own common sense about what you'd like to see/include in the report, and you should be a winner. But feel free to check with support directly.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  20. Member
    Join Date
    Apr 2017
    Posts
    41
    #19
    Quote Originally Posted by LonerVamp View Post
    On the Offsec support web site, you should be able to find an example or two for lab reports, plus you can check the exam rules/requirements and they should also contain a report example. Both should, in general give some guidelines as well. Combine the report examples with the guidelines and your own common sense about what you'd like to see/include in the report, and you should be a winner. But feel free to check with support directly.
    I'll check that out then, thanks.

    Yesterday I finished the Buffer overflow & fixing exploit modules and they were the toughest yet, but that was expected from what I read so far. They weren't overly difficult but I do have experience doing them before. I heavily recommend doing the t-r-0-l-l-2 VM off Vulnhub and read my walkthrough on it to get a decent understanding of what is going on during a buffer overflow and then you'll have an easier time with the modules. I think I had a more difficult time with the fixing exploits modules than I did buffer overflow, but I was just over-complicating things and had to keep it simple. The examples in the module do not need any more than 3 changes each. Also, remember to re-generate the shellcode after reconnecting to the VPN, as it will change things.

    I will say the buffer overflow example for Linux was vastly different from what I've seen in the past and it was interesting how they did it. I probably will have to revisit that before my exam.

    Another note: While they explain buffer overflows VERY well, it helps to make a quick cheat-sheet for them. Mine has 10 steps on what to do, so I'm not scrolling through 20 pages.
    Reply With Quote Quote  

  21. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #20
    Are you doing all of the extra exercises at the end of each chapter too?
    Reply With Quote Quote  

  22. Member
    Join Date
    Apr 2017
    Posts
    41
    #21
    Quote Originally Posted by adrenaline19 View Post
    Are you doing all of the extra exercises at the end of each chapter too?
    Yes, I'm literally going through the PDF and doing everything it asks.
    Reply With Quote Quote  

  23. Member
    Join Date
    Apr 2017
    Posts
    41
    #22
    I finished the PDFs 3 days ago and started on the labs. I knocked out Alice quite easily then started on Phoenix and found my entry point but some student kept reverting the VM so I moved on to BOB. BOB was a challenege for sure. I have never escalated privileges in Windows before so it was such a good machine for me to take on. I used the forums and in the end had to utilize a hint from an admin but I got it. For those about to start: Give this a read: FuzzySecurity | Windows Privilege Escalation Fundamentals

    I'll poke around some more machines today but I was working on BOB for about 4 hours yesterday and another 4 today, so I'm going to go take a breather for a bit.
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Apr 2017
    Posts
    12
    #23
    Hello, Hausec
    I am also doing my preparation for OSCP. I will take this course next year may be in aug 2018.
    This is my plan before OSCP ->

    1. First learning Python basics and then practice using this site :-> Practice Python

    2. After basic i will learn some basics of python scripts for python and practice on them. These two things i will take about 3 months

    3. After that python I will take time in learning Bash Shell atleast basics and concepts about linux and their commands.

    4. Then I will start vulnhub machines solving. This will take atleast 2 months to me and may be more then that.

    5. To grasp knowledge of metasploit i am thinking to read online site of metasploit unleashed

    6. Book i will read to Pentesting by Georgia

    7. There is website -> hackthebox which have 22 machines [windows + linux] may be like OSCP. So i will take time to solve this too before OSCP

    8. And give two months to PWK ebook and video 2014 version so that my time save before taking OSCP Course

    Also i am not going to install windows series as victim machine as i will read blogs of raj chandel and note them in my both notebook and keepnote

    But Hausec, i am getting a serious problem this time.
    I am using both Vmware and Virtualbox.
    Parrot OS in vmware
    De-ICE 100 target machine in vulnhub
    window 7 target machine [using just for pinging purpose so that i get ip address]

    When i ping vmware machine[parrot] then it pinging fine
    But when i try to ping virtualbox machine[window 7] then i am not getting pining fine

    And hence i am not getting ip of victim machine.

    Vmware setting -> vmnet0 -> automatic
    Virtualbox setting -> Host Only Adapter

    I tried every setting but failed.

    Can you help me in this matter please
    Thanks
    Reply With Quote Quote  

  25. Member
    Join Date
    Apr 2017
    Posts
    41
    #24
    Not sure man, I never crossed streams like that, I always used VMWare.


    Also update:
    Bethany down. This thing took me 3 days and was 2x as hard as Bob in my opinion. I recommend reading over the AV evasion section for this box and brushing up on Powershell.
    Reply With Quote Quote  

  26. Member
    Join Date
    Apr 2017
    Posts
    41
    #25
    Took some major confidence blows as I couldn't get a shell on Phoenix. I know the vulnerability and I can exploit it, but cannot get a shell talking back to me. I moved on to Barry which is essentially a Vulnhub VM that's very popular and easily got a less-privileged shell but having some major compiling issues that won't allow me to escalate to root. After banging my head on that for 4 hours I moved to MIKE which felt like the first machine I knew what I was doing on and got root on it after a few hours. I'm kinda disappointed in my slowness but I just get burned out after a while and miss things that are obvious.

    So far:
    ALICE
    BOB
    BETHANY
    MIKE
    BARRY (Low privilege)


    What's everyone's opinions on using Nessus in the labs? I know in the videos they said to give it a shot and it's obviously not allowed to be used on the exam, but I think from a learning perspective it can be good to show which machines have which vulnerabilities and then work backwards from discovering it on your own.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks