+ Reply to Thread
Page 1 of 5 1 2345 Last
Results 1 to 25 of 109
  1. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #1

    Default OSCP Starts This Weekend(9/2/17)!

    Hi all,

    Posting yet another OSCP journey thread. I will be starting 90 days of lab time on Saturday (9/2) and am hoping to use this thread as a way to stay motivated, help others, and receive help myself.

    I've been intrigued by the OSCP since I first heard about it a year or so ago. I've been in IT for about 3 years now. I started in help desk and quickly worked my way up to a senior role in networking at a major company. I've managed to obtain the A+, Net+, Sec+, Linux+, CEH, and CCNA since May of last year. While these certs are nice to have, none of them prove true knowledge like the OSCP does. In fact, I was upset at how easy the CEH exam was, especially for the cost.

    I'm motivated to learn hacking the hard way and land in a red team role afterwards. My current job has a red team opening at the moment, which I've been told I would be competitive for if I obtain the OSCP. It's a 6-figure job in my dream field. What more motivation could I need?

    I've done a little bit of prep, but not a whole lot like many others you see. I've watched and finished the Python course at Cybrary and I watched most of Georgia's course there as well. I've also attempted several VMs and read the walkthroughs to those to get a feel for the methodology involved in hacking. I have a decent understanding of the concepts and applications from my CEH lab time.

    I do not have a coding background, but I'm not incredibly worried about that. I've researched some OSCP scripts that reviewers have posted and I'm able to read and edit them without much trouble. I'd love to learn more coding in the future, but right now I'm going to limit myself to learning what's needed to pass the OSCP as I'll have enough information being thrown at me to retain as it is.

    Finally, I think it's good to mention that I have full support from my girlfriend. I briefed her on the course and the hours required before I purchased it. She's as fully committed as I am. Maybe she's secretly going to enjoy the alone time, who knows!

    I'm super excited and super motivated to start this journey. The OSCP has been on my hit list for some time. I'm open to study buddies and criticisms along the way. Hopefully I can master the concepts and return the favor in the future!

    -m4v3r1ck
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #2
    Find the lab book syllabus and start researching each chapter now. The actual pdf and videos you receive with the course won't teach you anything. It's garbage.

    All of the real learning happens in the lab, by yourself.
    Reply With Quote Quote  

  4. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #3
    DAY 1

    Study time: 8 hours, total: 8 hours
    Videos watched: 52, total 52/148
    Pages read: 145, total 145/375

    Summary:

    I received all of my materials today (right on time I might add) and got cracking right away. I quickly read through the instructions and decided that I wanted to work my way up to buffer overflows by the end of the night, no matter how long it took. That way I can start fresh on buffer overflows first thing tomorrow. I managed to accomplish that. I also managed to get a limited shell on Alice. I happened to remember the exploit from a course I watched on Cybrary. I played around in the user files for a bit, but I still have no clue what I'm doing in terms of privilege escalation or post exploitation. I just wanted to test the exploit to see if I could get a shell and I did. So, I left it there for now and am pretty content.

    I left about 6 TCP/UDP nmap scans running, so I have some information to store away for later use. I figure I might as well make use of all my time instead of spending time enumerating after I'm done with the course material. My goal is to let scans run overnight every night until I've made it through the lab material or every host.

    Some takeaways:

    -Read the PDF chapter first and then watch the videos, perhaps on 1.25x-1.5x speeds on sections you are more comfortable on. The videos tend to go over everything you just did, but sometimes they do add a little extra info to the mix. So, pay attention.

    -Seriously, Joe Perry's python course and Georgia's course over at Cybrary are awesome prep material. Less than a month ago, I didn't understand Bash, grepping, or anything about Python. From those two courses alone, I've been able to zip through a lot of coding with no issues thus far (we'll see how I feel after buffer overflows). There seems to be a lot of exercises involving scripting, so this is a must if you don't want to spend hours upon hours on exercises.

    -Enumerate while you're waiting on other tasks to complete. Some of the exercises take a while to complete as you're stuck waiting on tedious scans to finish. Use this time to start TCP/UDP scanning machines in the lab. As I said earlier, the more you can enumerate before you hit the labs full speed, the more time you'll have to hack boxes. Time management is key. Get as much of your money's worth as you can.

    The nmap syntax I've been using to scan is as follows:
    TCP > nmap -vv -Pn -A -sC -sS -T4 -p- xxx.xxx.xxx.xxx -oN /root/scans/xxx.xxx.xxx.xxx.txt
    UDP > nmap -vv -Pn -A -sC -sU -T4 --top-ports 200 xxx.xxx.xxx.xxx -oN /root/scans/xxx.xxx.xxx.xxx_UDP.txt

    Until next time!

    -m4v3r1ck
    Last edited by m4v3r1ck; 09-03-2017 at 08:08 PM.
    Reply With Quote Quote  

  5. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    994

    Certifications
    Sec+, MTA, MCP
    #4
    Quote Originally Posted by m4v3r1ck View Post
    I managed to accomplish that. I also managed to get a limited shell on Alice. I happened to remember the exploit from a course I watched on Cybrary.
    Do you remember the course name?
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  6. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #5
    Quote Originally Posted by ITSpectre View Post
    Do you remember the course name?
    Advanced Penetration Testing by Georgia Weidman
    Link: https://www.cybrary.it/course/advanc...ation-testing/
    Reply With Quote Quote  

  7. Senior Member wd40's Avatar
    Join Date
    May 2007
    Location
    Bahrain
    Posts
    911

    Certifications
    CISA, eJPT, CompTIA x 6, MCP, MCTS
    #6
    I am going through the same course on Cybrary, however I am skipping the winxp exercises and the windows based tools, do you think that I should go back and do them or will the newer windows 7 exploits and Linux tools be enough for the OSCP
    Reply With Quote Quote  

  8. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #7
    Quote Originally Posted by wd40 View Post
    I am going through the same course on Cybrary, however I am skipping the winxp exercises and the windows based tools, do you think that I should go back and do them or will the newer windows 7 exploits and Linux tools be enough for the OSCP
    There are several XP machines in the lab that I've discovered already. I wouldn't skip anything. Pay close attention to her Meteasploit section as well, but learn how to also execute the same exploit without using Metasploit.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jul 2015
    Posts
    457
    #8
    Quote Originally Posted by m4v3r1ck View Post
    Finally, I think it's good to mention that I have full support from my girlfriend. I briefed her on the course and the hours required before I purchased it. She's as fully committed as I am. Maybe she's secretly going to enjoy the alone time, who knows!
    "So if you get this, you'll then be making six figures? (Damn this diamond is gonna be huge!) Whatever you need, I got you babe!"
    Reply With Quote Quote  

  10. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #9
    Quote Originally Posted by EnderWiggin View Post
    "So if you get this, you'll then be making six figures? (Damn this diamond is gonna be huge!) Whatever you need, I got you babe!"
    This guy gets it.
    Reply With Quote Quote  

  11. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #10
    You should write a small post exploit looting script. I have found it to be extremely helpful to make sure I didn't forget anything. Even if you just write down the things to grab and check them off individually, it's still better than just wandering around the box hoping to hit stuff.

    Alice is everybody's first, lol.

    If you popped her, you'll already know your next two victims.
    If you don't know what I'm talking about, go back and check your enumeration notes.
    Reply With Quote Quote  

  12. Senior Member wd40's Avatar
    Join Date
    May 2007
    Location
    Bahrain
    Posts
    911

    Certifications
    CISA, eJPT, CompTIA x 6, MCP, MCTS
    #11
    Quote Originally Posted by m4v3r1ck View Post
    There are several XP machines in the lab that I've discovered already. I wouldn't skip anything. Pay close attention to her Meteasploit section as well, but learn how to also execute the same exploit without using Metasploit.
    Thanks, I will go back to the xp sections after finishing the course.
    Reply With Quote Quote  

  13. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #12
    Quote Originally Posted by adrenaline19 View Post
    You should write a small post exploit looting script. I have found it to be extremely helpful to make sure I didn't forget anything. Even if you just write down the things to grab and check them off individually, it's still better than just wandering around the box hoping to hit stuff.

    Alice is everybody's first, lol.

    If you popped her, you'll already know your next two victims.
    If you don't know what I'm talking about, go back and check your enumeration notes.
    Thanks for the tips! I'll make note of it and do it once I know what I'm look for.
    Reply With Quote Quote  

  14. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #13
    DAY 2

    Study time: 11 hours, total: 19 hours
    Videos watched: 30, total 82/148
    Pages read: 68, total 213/375


    Summary:

    Whew, it was a long day today. Buffer overflows are no joke and this course only scratches the surface. It took a while to wrap my head around everything. I felt like I understood it all pretty well, but the exercises were tedious (but good practice). There are a couple of exercises that involve fixing broken code written in C that had me banging my head. I was about ready to give up for the night when I decided to go back to the basics and hash it out. Without giving away too much: the Immunity Debugger is your friend. I attempted to fly solo on the exercises and was pretty confidently solving them until I got stuck bad. Once I used the debugger to see where my overflows were landing, I was able to make small adjustments and land my EIP exactly where it needed to be. It feels so good getting a shell on these.

    I've managed to make my way through privilege escalation. I found the chapters on file transfers and privilege escalation to be lacking a lot of information. Up until this point, I thought the course material has been pretty thorough. There's no way you're escalating through the labs with what was provided in the course materials. It explains why I've seen so many privilege escalation guides on OSCP reviews.

    I'm going to try to knock out another 8 hours or so tomorrow. I begin 3 weeks of travel for work on Tuesday, which got scheduled after I booked my course unfortunately. Trying to plow through as much of the material as I can so I can spend time hacking away in the hotel room.

    Tip for the day:

    Make sure you back up everything. I set up a shared folder on my Windows box that I connect to my Kali machine. This is where I save all my notes/scans/etc. I also have this folder backed up with Google Drive as a redundant method. I've heard others mentioning different strategies. Some using SQL through Cherry Tree to save notes. To each their own, but make sure to make backups! You never know when these machines will give out on you.

    -m4v3r1ck
    Reply With Quote Quote  

  15. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #14
    The second exercise to finish buffer overflows is no joke. I thought it was the second hardest exercise behind the LFI RFI exercises.

    If you write down each step in buffer overflows and follow them one at a time, it won't be so overwhelming. Just focus on the step in front of you and worry about the rest after that.

    Write out an enumeration check list too. I made one and used it for every single box.
    Reply With Quote Quote  

  16. Junior Member Registered Member
    Join Date
    Sep 2014
    Posts
    4
    #15
    Sup M4v

    Nice to read your post. I am also stating this month.
    Send you an invite.

    looking forward to fallow your journey. GL
    Reply With Quote Quote  

  17. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #16
    Quote Originally Posted by adrenaline19 View Post
    The second exercise to finish buffer overflows is no joke. I thought it was the second hardest exercise behind the LFI RFI exercises.
    And here I was thinking I made it through the hardest exercise

    I think making a checklist is a good idea. It's already tedious going through notes
    Reply With Quote Quote  

  18. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #17
    Quote Originally Posted by technobro View Post
    Sup M4v

    Nice to read your post. I am also stating this month.
    Send you an invite.

    looking forward to fallow your journey. GL

    Thank you, sir. I added you. I look forward to seeing you in the labs!
    Reply With Quote Quote  

  19. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #18
    DAY 3

    Study time: 11 hours, total 30 hours
    Videos watched: 27, total 109/148
    Pages read: 74, total 287/375

    Summary:

    Another tough day in the labs. I slept in today (past noon because of the holiday) and decided that I was going to pull an all-nighter (yes, I'm crazy). I have a flight that leaves at 6am this morning and it is 4am now, so I'll be heading to the airport soon. I figure by the time I get off of work, I'll be up for around 36 hours and will just want to crash. I come back home Thursday and have another 3 day weekend before 2 weeks of straight travel. I'm hoping to have my coursework done by end of day Friday so I have the full weekend to attack the labs. I may or may not be able to work on the course some (I fully intend to) while I'm on this first travel session. We will see.

    Life rant aside, I made it through client side attacks, web app attacks, and password attacks today. As adrenaline19 mentioned, the LFI/RFI exercise is not fun. It took a long time to figure out and having a broken ftp server on my end didn't help. The benefit of the LFI/RFI exercise is that if you truly understand how to obtain a shell in the end, it'll help you immensely with the rest of the exercises in that section.

    The exercises are beginning to get a little absurd. For example, there are multiple exercises I have now encountered that ask you to completely root a box using the techniques provided. One exercised asked you to root a box with Metasploit and then root another using a pass the hash technique. Problem is, Metasploit hasn't even been covered in the course yet. A lot of these I will just come back to when I figure everything out and/or happen to pop a box using that exploit method. It's not worth wasting my time on at the moment.

    I did fully root my first machine, Alice. I grabbed the proof and hashes off of it. I'm working on cracking the hashes now. I haven't done any write-ups or looting as I still want to write a script for it. I really just popped the box so I can pull a hash for an exercise. I'll go back to the box when I'm through my course notes and fully exploit it. I've managed to pop it with Metasploit, but I want to craft my own exploits too.

    Tip of the day:

    Here are some pretty good links if you get stuck on LFI:

    https://www.exploit-db.com/docs/40992.pdf
    https://highon.coffee/blog/lfi-cheat-sheet/
    https://highon.coffee/blog/reverse-shell-cheat-sheet/
    Reply With Quote Quote  

  20. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    67

    Certifications
    OSCP, CISSP, Sec+
    #19
    Good luck! I like the rolling totals on time spent and progress and such. That sort of organization tickles my deeper happiness regions.
    Reply With Quote Quote  

  21. Junior Member Registered Member
    Join Date
    Sep 2014
    Posts
    4
    #20
    Interesting... i guess they expect you to already know msf pth . or they want you to learn on your one , or perhaps its just absurd and not in the right order.

    any idea why i cant send you pm . or even check my own

    technobro, you do not have permission to access this page. This could be due to one of several reasons:
    1. Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
    2. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Jul 2017
    Posts
    24
    #21
    Quote Originally Posted by technobro View Post
    Interesting... i guess they expect you to already know msf pth . or they want you to learn on your one , or perhaps its just absurd and not in the right order.

    any idea why i cant send you pm . or even check my own

    technobro, you do not have permission to access this page. This could be due to one of several reasons:
    1. Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
    2. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
    @technobro,
    You gotta do more posting and your request/requirements will auto-magically appear...in short just post and see around 8-10 or so
    Reply With Quote Quote  

  23. Junior Member Registered Member
    Join Date
    Sep 2014
    Posts
    4
    #22
    thx . sorry M4v for the hijack there
    Reply With Quote Quote  

  24. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #23
    DAY 7

    Study time: 14 hours, total: 44 hours
    Videos watched: 39, total: 148/148
    Pages read: 88, total: 375/375

    Summary:

    Today was my first day back from traveling and I wanted to make the most out of it. I did not get to do much besides work and sleep when I was on the road. I scanned a few boxes, but did not attempt to root anything or work on study materials. I spent the first 7 hours or so working on finishing up the course materials today. The tunneling section was a little confusing, but I understand the concepts. I haven't attempted any of the exercises yet. The Metasploit section was fun as it allowed me to learn some pretty cool tricks.

    The last 7 hours of my day were spent attacking the labs. I managed to root another box, JD, pretty quickly. I used Metasploit for this, however, and wanted to figure out how to do the exploit manually. I tried all different kinds of code that I found online and none were working. I was sure I was generating the shellcode correctly and that I was counting every byte just right. Then I read a recommendation of running the code through an IDE. The code had errors in it! Of course it did. Someone put spaces instead of tabs and I never would have known the difference.

    I spent the rest of my time working hard on Phoenix. I told myself I wouldn't stop until I got the box popped. I managed to do that just now. A lot of people say it's pretty easy, but I didn't think so. It did prove to me that you can look down rabbit holes easily when enumeration is staring you in the face. Once I figured out the vulnerability, I was able to hack away at it relatively quickly. I managed to do so without Metasploit as well, which is my goal for every box I pop.

    Tips of the day:

    -IDEs are your friend. Use them to edit your code. Especially if you have been trying it like a mad man for 2 hours to no avail.

    -You may run into an instance where you're getting a reverse shell back to your own machine. This is something weird I've encountered with Apache servers. I saw another user mention this and I'm going to second it: use python -m SimpleHTTPServer 80 to create a simple web server. It'll save you from much frustration over Apache in the long run.

    Rooted (3) : Alice, JD, Phoenix
    Reply With Quote Quote  

  25. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #24
    Quote Originally Posted by LonerVamp View Post
    Good luck! I like the rolling totals on time spent and progress and such. That sort of organization tickles my deeper happiness regions.

    Thank you, sir! I'm glad someone appreciates my OCD :P
    Reply With Quote Quote  

  26. Junior Member
    Join Date
    Sep 2017
    Posts
    9
    #25
    Best of luck to you. I start my course next week. I would like to have the same dedication you have to the course. If you wanted a study-buddy let me know.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 5 1 2345 Last

Social Networking & Bookmarks