+ Reply to Thread
Page 2 of 4 First 12 34 Last
Results 26 to 50 of 91
  1. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,322

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #26
    Awesome work m4v3r1ck! I'm following your thread closely as I start the course on September 30th.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Aug 2016
    Location
    nullsec
    Posts
    62

    Certifications
    Linux+ Prince2 Fundation Security+ eJPT
    #27
    Interesting thread to follow

    Good luck.
    Reply With Quote Quote  

  4. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #28
    Quote Originally Posted by 7777777 View Post
    Best of luck to you. I start my course next week. I would like to have the same dedication you have to the course. If you wanted a study-buddy let me know.
    Thank you! Good luck in the course. You can find me in the Slack group if you ever want to chat.


    Quote Originally Posted by JoJoCal19 View Post
    Awesome work m4v3r1ck! I'm following your thread closely as I start the course on September 30th.
    Thanks! I'm glad you're sticking with it and taking the course. It'll be fun to see you in there.


    Quote Originally Posted by hal9k2 View Post
    Interesting thread to follow

    Good luck.
    Thank you
    Reply With Quote Quote  

  5. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #29
    DAY 8

    Study time: 12 hours, total: 56 hours
    Boxes rooted: 2, total: 5/?


    Summary

    Another good day in the labs. I'm trying to crank some solid hours in as I leave for 2 more weeks of travel on Monday. I managed to root 2 more machines today, Sherlock and Bob. I had actually "rooted" a machine within 5 minutes of starting this morning. I was working on an exploit in Metasploit with all parameters set correctly, got root, and got excited. Only to realize that Metasploit skipped over to another box that I had previously rooted. It was quite strange as I set the host correctly. So, in a strange way, I figured out how to pop the same box with another method.

    After that, I decided I was going to pick something "easy" to work on. So, I looked for a box with basic ports open and went to town. Don't let the nmap scans fool you...none of these boxes are easy. I probably spent 6 hours on Sherlock and another 6 on Bob today. I've heard Bob is a great beginner box, but I've also seen people throw it up there with Humble, Pain, Ghost, etc. Only time will tell for my opinion on that. Sherlock was a tad bit annoying because you only get one crack at your exploit. If it misses, you're reverting your box and starting over. I used probably 10 reverts today on Sherlock alone.

    The exciting thing was that I have still been able to craft all of my own exploits manually. I highly recommend this as you never know when you're going to see these exploits again. Perhaps one will show up on the exam and you can use your own exploit instead of using your only use of Metasploit. Some have suggested to use Metasploit for the easy box, but I could easily get stuck on the BoF and need to use it. Always good to have in your back pocket.

    There's so much I wish I could talk about, but can't anymore! But, if anyone ever has questions, you're more than welcome to ask.

    Tips of the day:

    Here's something I did not realize: there are two methods of transferring via FTP (ASCII and binary). Binary should be your preferred choice. However, research how to use other file transfer methods as they will come up on every box.

    The offsec forums are your friend. The admins do a really good job of keeping spoilers out. I've found good resources on there and sometimes a question that you have has already been asked on the forums. Especially when it's an error with the box and a workaround has been provided.

    Rooted (5): Alice, Bob, JD, Phoenix, Sherlock.
    Reply With Quote Quote  

  6. Member
    Join Date
    Aug 2016
    Location
    nullsec
    Posts
    62

    Certifications
    Linux+ Prince2 Fundation Security+ eJPT
    #30
    Quote Originally Posted by m4v3r1ck View Post
    The exciting thing was that I have still been able to craft all of my own exploits manually.
    What are your sources to get more info about exploit writing?
    Reply With Quote Quote  

  7. Junior Member Registered Member
    Join Date
    Sep 2014
    Posts
    4
    #31
    Nice read. are u sure the poping your own box have anything to do whit apache ? you seems convince ... ?
    the reason i ask is i always use apache .... i cant agree more the IDE ... so andy

    i many case if possible i input as file.txt and write on the server as php.
    just so it dont execute in ur own browser.
    and then browse the destination... executing it on the remote srv


    Way to go , keep it up
    Reply With Quote Quote  

  8. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #32
    Quote Originally Posted by hal9k2 View Post
    What are your sources to get more info about exploit writing?
    Google mostly. I look up the specific exploit and see if anyone has done a manual version of it. Github is full of manual versions of exploits. No exploit I've found has been perfect. You have to continuously tinker. It generally takes me a few hours to get an exploit just right. Then I write down everything I did in my notes.

    Also, the forums are incredibly helpful. For example, there was a compiling issue I was having and couldn't figure it out with Google. Someone on the forums had the same issue and got help with syntax. It's a great place for these sorts of things.


    Quote Originally Posted by technobro View Post
    Nice read. are u sure the poping your own box have anything to do whit apache ? you seems convince ... ?
    the reason i ask is i always use apache .... i cant agree more the IDE ... so andy

    i many case if possible i input as file.txt and write on the server as php.
    just so it dont execute in ur own browser.
    and then browse the destination... executing it on the remote srv


    Way to go , keep it up

    I'm pretty sure it had something to do with Apache in that instance. I can't guarantee it, but I ran the exact same exploit hosting with Python and it worked. I've had no other issues with Apache outside of this though. So, if you run into a situation where you shell back into your own machine, try a different server.
    Reply With Quote Quote  

  9. Member
    Join Date
    May 2017
    Posts
    85
    #33
    Quote Originally Posted by adrenaline19 View Post
    Find the lab book syllabus and start researching each chapter now. The actual pdf and videos you receive with the course won't teach you anything. It's garbage.

    All of the real learning happens in the lab, by yourself.
    i think pdf and videos is fishing rod, the rest how to get the fish, is really depends on man behind the gun
    really need a lot of practice
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    380

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #34
    Quote Originally Posted by vynx View Post
    i think pdf and videos is fishing rod, the rest how to get the fish, is really depends on man behind the gun
    really need a lot of practice
    A man using a fishing rod as a gun to catch fish needs all the help he can get.
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  11. Member
    Join Date
    May 2017
    Posts
    85
    #35
    sure Sir.... definetely agree with that
    Reply With Quote Quote  

  12. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #36
    DAY 10

    Study time: 2 hours, total: 58 hours
    Boxes rooted: 2, total: 7/?

    Summary:

    The struggle is real and I'm not sure when it's going to end. My girlfriend asked me to take Sunday off as I was leaving for two weeks today and I obliged, so day 9 was a total of 0 hours. Given that I spent almost 60 hours on the course last week and about 5 with her, the request seemed pretty reasonable.

    I've managed to root 2 boxes today in the 2 hours of time I've had to work on boxes. The struggle I'm having is that my hotel wireless is awful, so I'm using a 4G MiFi, which isn't much better. I'm remoting into my workstation at home, which is a good setup, but the lag at times kills me. There is also a delay with keystrokes and sometimes it will randomly generate 10 of the same letter out of nowhere. I'm stuck with this, along with 12 hour work days, for the next two weeks. I'm just going to have to battle through it. Hopefully I will be able to use some work from home time to work solely on the class during a work day.

    As for the boxes I rooted today, both were pretty straightforward and didn't require a whole lot of thought in my opinion. Those boxes were Tophat and Kraken. After Bob, everything seems like cake.

    Tip of the day:

    Go through the forums and look at every sub-thread IP and its corresponding number of posts. This is just a hypothesis, but IPs with a low post count will be easier to root than IPs with a high post count. This allowed me to pick and choose today as I don't have a ton of time or patience at the moment. Hopefully the next time I post, I will be able to figure this wireless situation out. I rode with a coworker, so I don't have a rental car to go to Starbucks or somewhere with better WiFi.

    Rooted (7): Alice, Bob, JD, Kraken, Phoenix, Sherlock, Tophat.
    Reply With Quote Quote  

  13. Member
    Join Date
    May 2017
    Posts
    85
    #37
    agree with your statistics method
    Reply With Quote Quote  

  14. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #38
    DAY 12

    Study time: 5 hours, total: 63 hours
    Boxes rooted: 1, total 8/?

    Summary:

    I managed to get some decent time in the labs today. I set some scans to run overnight and decided to pick a host and attack. Today's victim was Mike. It didn't take me very long to root Mike. I'm working at half speed right now with the 4G connection and lack of multiple monitors.

    My next adventure will likely be rooting Tophat again with a manual exploit. Other than that, I don't have a lot to add right now as I'm pretty drained. Hopefully I'll get my energy back this weekend. So, sorry in advance for the short read.

    I look forward to seeing some of you new guys in the labs soon!


    Rooted (: Alice, Bob, JD, Kraken, Mike, Phoenix, Sherlock, Tophat.
    Reply With Quote Quote  

  15. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #39
    I'd like to report a small win. I was tossing and turning in bed just now thinking about how I can access faster internet speeds. At first, I thought maybe I could go to a neighboring hotel and use their internet if it's better. Forget that, I enjoy hacking in my underwear. Then, I thought of maybe just shelling out the money ($5/day) for internet. Forget that, this hotel is already getting over $1k for my stay here. If anything, the internet should be free. Try harder, m4v3r1ck.

    So, I decided to look around the room. There's a cat 6 attached to the business desk. It gets about 2 down and is on guest access. Looking a little bit harder, I notice a cat 6 plugged into the TV. Surely, it couldn't be this simple??

    I plugged in and now I'm getting 100 down. No port security at all. I believe I'm on a TV vlan with high QoS. I haven't done any network scanning as I'm ethical, but it's pretty damn tempting.

    The cable was pretty short, but thankfully I travel with my own. The only way to access the RJ-45 was through the dresser, so I took the drawer apart, plugged in, and put it back together. Now I have a secret cable that I can easily hide and internet access with top speeds. Step 1 done.

    Step 2: the hotel is blocking RDP access. But hey, I remember a certain OSCP lesson that teaches port triggering. I accessed my home machine using other methods, set up a port trigger on 8080, and voila: I'm on! I'm going to keep 8080 disabled unless I'm using it, but this has turned my week around.

    Great success.
    Reply With Quote Quote  

  16. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #40
    DAY 13

    Study time: 3 hours, total: 66 hours
    Boxes rooted: 1. total 9/?

    Summary:

    I just wrapped up a relatively good session in the labs. The new internet is fantastic. I came home from work, crashed, and woke up around 3AM pretty well rested. So, I decided to get cracking in the labs and was able to root Joe without many issues. I used Metasploit on this one, so I'll have to go back when I have time and write a manual exploit. Preferably when I have more reverts as manual exploits tend to crash boxes if you're not careful :P.

    So far, the hardest box remains Bob. I'm thankful I took on that challenge as the privilege escalation lesson I learned on that box has helped elsewhere in the labs. I'm up to 9 rooted boxes out of 44 in the public server. If I keep up this pace, I should be able to finish the public side in the next 30 days or so. This should especially be true once I'm home from travel and can dedicate full days to the labs.

    I intend to remain patient on attacking other networks until I've rooted most or all of the public network. I'm not sure that I'm ready for pivoting at this point. I've got plenty of other things to try to wrap my head around before that. I hope to challenge Pain or Sufferance when I get home from travel. Hopefully I'll have around 15 boxes by then.

    Tip of the day:

    Don't underestimate the value of rest. I've been in a fog the last few days in the labs. Stepping away from the labs to rest (even though you really want to work on your course) is incredibly valuable. In fact, I think it's nap time now. Until next time!
    Rooted (9): Alice, Bob, JD, Joe, Kraken, Mike, Phoenix, Sherlock, Tophat.
    Reply With Quote Quote  

  17. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #41
    DAY 15

    Study time: 3 hours, total: 69 hours
    Boxes rooted: 2, total: 11/?

    Summary:

    Very brief summary for today. I decided to go out on the town the weekend and see some places I've never seen. I also had to work some this weekend. I've picked up over 20 hours of comp time, so that's always nice.

    As for my rooted boxes, I've continuously been picking at the low hanging fruit. I haven't given myself much time to do anything else. I picked up Barry yesterday with some pretty low fruit and Master today with a little bit of luck. I rooted Master with a very well known exploit on a hunch. I looked at the forums afterwards and there are other exploits, so I will mark this machine as one to come back to.

    I have access to other networks now. I've been waiting to disclose this so I wouldn't reveal which box(es) provided those. I've also unlocked some ways to attack them, but I am going to continue to hold off as I want to root the entire public network first as mentioned before.

    I have a feeling I'm starting to run out of the easy boxes, but hopefully I find enough to hold me over until I get home Friday night. I may start attacking Pain on Saturday if I feel up to the challenge. I'm pretty happy with 11 boxes in 15 total lab days. I've really only been at it 8 days now, mostly part time, so I could in theory be done in 2 months or so at this rate.

    Tip of the day:

    Stay up to date on current exploits. Not every machine in the labs uses old exploits. Perhaps these vulnerabilities weren't even known when these labs were created. I'm almost certain that Poodle, Heartbleed, WannaCry, etc. type exploits will show up here or there. Plus, it's good to just have self awareness for these sort of exploits.

    Rooted (11): Alice, Barry, Bob, JD, Joe, Kraken, Master, Mike, Phoenix, Sherlock, Tophat.
    Reply With Quote Quote  

  18. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    41

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #42
    BEAST!! Keep up the great work! I started a month ago and just finishing up the exercises.. Props to your dedication and focus! I'm sure we've crossed paths in the slack channel.
    Reply With Quote Quote  

  19. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #43
    Quote Originally Posted by Hornswoggler View Post
    BEAST!! Keep up the great work! I started a month ago and just finishing up the exercises.. Props to your dedication and focus! I'm sure we've crossed paths in the slack channel.
    Thank you sir. Hit me up if you're ever on the slack channel.
    Reply With Quote Quote  

  20. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #44
    DAY 22

    Study time: 12 hours, total: 81 hours
    Boxes rooted: 2, total 13/?
    Summary:

    I've finally found some time back in the labs. The previous week I was incredibly busy with work, so I did not have much time for anything. I'm back in town for the next 2 weeks, but I will be traveling 5 of the next 10 weeks. It's going to make it a real challenge to complete this course in a timely fashion. I'm going to keep chugging along and hopefully hit the labs hard this week and next. I'd like to have 20 boxes, if not more, by day 30.

    As far as my rooting has gone, I rooted Susie and Payday today. Susie was incredibly easy and may have been the last of the low-hanging fruit. I rooted her within 5 minutes of sitting down for the day. It was a great start.

    Payday took me hours upon hours, but taught me a valuable lesson in keeping it simple. While I struggled through this box, I now have a good idea of privilege escalation and what to look for.

    Tip of the day:

    Don't avoid trying the simplest things. They may actually work.

    Rooted (13): Alice, Barry, Bob, JD, Joe, Kraken, Master, Mike, Payday, Phoenix, Sherlock, Susie, Tophat
    Reply With Quote Quote  

  21. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    41

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #45
    Yep! I'm on there as cmizeur. I'm slow as a turtle but managed to root sufferance this weekend.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Jul 2015
    Location
    Liverpool, UK
    Posts
    165

    Certifications
    A+, Net+, ITIL v3, MCITP:EDST/EDA, MCSA:2008
    #46
    Well done on your progress so far OP. Got to say, this looks like the most fun and satisfying cert out there.
    Reply With Quote Quote  

  23. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #47
    Quote Originally Posted by Hornswoggler View Post
    Yep! I'm on there as cmizeur. I'm slow as a turtle but managed to root sufferance this weekend.
    We've definitely crossed paths :P. I was there when you got root. That's huge man, congrats!

    Quote Originally Posted by Pseudonym View Post
    Well done on your progress so far OP. Got to say, this looks like the most fun and satisfying cert out there.
    Thank you sir. It's definitely a lot of emotions. Fun being one of them!
    Reply With Quote Quote  

  24. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #48
    DAY 24

    Study time: 5 hours, total: 86 hours
    Boxes rooted: 2, total 15/?

    Summary:


    Very brief summary for today as I'm pretty tired. I managed to root 2 machines in about 5 hours. Those machines were Ralph and DJ. It took me 95% of the time to root Ralph. I went down a lot of rabbit holes, but it turned out I was pretty close all around. I cheated a bit and read the forums. The forums mentioned that the box had an incredibly easy flaw and to keep it simple. While I don't think I found the easy opening, I was able to root the box by changing my mindset. It turns out, I wasn't that far off to begin with. Just taking a breather and reading simple advice helped.

    DJ took all of 10 minutes. I realized that I had seen a similar nmap scan for DJ with another box I've rooted. Decided to see if I could root DJ the same way and down he went.

    Both were done with Metasploit, so I will have to come back and work on manual exploits for these at some point. Though, I do not think either will be that difficult to do.

    I have 6 days to root 5 boxes to meet my goal of 20 in the first 30 days. This should definitely be possible as I have somewhere near 50-60 hours to dedicate over the next 5 days.

    Tip of the day:

    When you finish a box, look through your nmap scans to see if any scans look similar. Chances are, there's a similar path into the next box as well.


    Rooted (15): Alice, Barry, Bob, DJ, JD, Joe, Kraken, Master, Mike, Payday, Phoenix, Ralph, Sherlock, Susie, Tophat
    Reply With Quote Quote  

  25. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    41

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #49
    I predict you'll crush the exam. When you taking it?
    Reply With Quote Quote  

  26. Member
    Join Date
    Aug 2017
    Posts
    61

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #50
    Quote Originally Posted by Hornswoggler View Post
    I predict you'll crush the exam. When you taking it?
    I hope you're not a betting man :P. I will have to see how I feel after 60 days. I'm either going to take it with about 15 days left of lab time, so I can use whatever lab time I have left to study in case of a fail or I'll take it right after the labs are done.

    How about you?
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 4 First 12 34 Last

Social Networking & Bookmarks