+ Reply to Thread
Page 2 of 3 First 12 3 Last
Results 26 to 50 of 69
  1. Member
    Join Date
    Feb 2017
    Posts
    87
    #26
    WEEK 5 - Summary

    My week off from work has pretty much ended. It's Saturday and I'm out today and recovering tomorrow

    The week has been tiring and frustrating. In truth I'm not sure if it was a good idea to dedicate an entire week to the labs, maybe it was. I think I will have a better idea in a few weeks if and when I progress further.

    I think I'm just one or two steps away from making progress, e.g. I think I'm still missing something from all of this pentesting and hacking stuff, and once it fits in I will start downing machines quicker and better. I'm sure I'm over thinking everything and from some research people keep saying "the answer is always quite obvious and if you don't see it first time you'll kick yourself when you do eventually see it". So with that in mind I'm sticking mainly to the big ports, port 21/80 and then others after.

    Status so far:

    ALICE - fully hacked
    MIKE - full System Shell but no actual command line shell access yet

    BOB - Low privileged shell
    BOB2 - Low privileged shell
    BARRY - Low Privileged Shell

    ---

    That's it. So I'm not doing too badly, I knew it would be slow and I've still got about 7 weeks left and that's without extending which I think I probably will end up doing.

    At some stage I'm going to take a step back from labs and re-read the entire PDF once more as I think I need to.

    Thanks for reading
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Feb 2017
    Posts
    87
    #27
    WEEK 6

    Managed to fully hack MIKE and BARRY now, so that's 3 fully rooted. It's very strange as I spend hours trying different things and going round in circles, then maybe 1-2 days later I eventually find something that works and it's VERY simple and easy. None of the exploits so far have been complicated in anyway, it's just identifying the right exploit. As an example, you may search for an exploit and find numerous which may be the wrong ones.


    I'm working all week but hoping to do 2-3 hours per evening. BOB and BOB2 still are low privileged shells and I would really like to get them out of the way by the end of this week. So I will have a proper go at that in the next few days.


    Will update later this week


    Rooted (3): Alice, Barry, Mike
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  4. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    52

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #28
    Keep at it! Sometimes if I'm stuck for hours I check the offsec forums for hints. They keep it pretty cryptic but I might recognize enough steps to identify if I'm on the wrong path or not. I get the approach of trying harder until you get it, but also the clock is ticking, we're here to learn, and need to get a few targets under our belt. After about my first ~7 I picked up momentum via common themes and methods.
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

  5. Member
    Join Date
    Feb 2017
    Location
    Washington
    Posts
    56

    Certifications
    CEHv9, OSWP, eJPT, A+, Security+, Linux+, LPIC-1, CCENT, Linux Essentials
    #29
    Hey CyberCop123, here is a great guide on windows privilege escalation: FuzzySecurity | Windows Privilege Escalation Fundamentals

    It's a great start for any windows box, but will definitely help with bob if you are patient. I would suggest working on bob and then Pheonix as a into for windows and linux priv escalation techniques. Both are great boxes that you can learn a lot from.
    Reply With Quote Quote  

  6. Member
    Join Date
    Feb 2017
    Posts
    87
    #30
    Quote Originally Posted by Hornswoggler View Post
    Keep at it! Sometimes if I'm stuck for hours I check the offsec forums for hints. They keep it pretty cryptic but I might recognize enough steps to identify if I'm on the wrong path or not. I get the approach of trying harder until you get it, but also the clock is ticking, we're here to learn, and need to get a few targets under our belt. After about my first ~7 I picked up momentum via common themes and methods.

    Thank you! Yea I've been there a few times. Trying to do as much as I can by myself first.

    Quote Originally Posted by airzero View Post
    Hey CyberCop123, here is a great guide on windows privilege escalation: FuzzySecurity | Windows Privilege Escalation Fundamentals

    It's a great start for any windows box, but will definitely help with bob if you are patient. I would suggest working on bob and then Pheonix as a into for windows and linux priv escalation techniques. Both are great boxes that you can learn a lot from.
    Thanks, I have this bookmarked and have used it a few times. Will have another crack at Bob/Bob2 this weekend
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  7. Member
    Join Date
    Feb 2017
    Posts
    87
    #31
    I have no plans for the entire weekend, so both Saturday and Sunday I should be able to get some decent work done, hopefully about 8+ hours both days.

    Next week I'm away with work on a course. I have a Laptop and Kali but honestly it's very difficult to use properly so I will probably just watch the whole of Georgia Weidman's course on Cybrary as I've been meaning to watch it properly for ages now.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  8. Member
    Join Date
    Feb 2017
    Posts
    87
    #32
    WEEK 6 - UPDATE

    It's Saturday and I'm off all day today and tomorrow. Apart from going to the gym and a few breaks to watch TV I am working solidly all day. Particularly as from Tuesday-Friday next week I'm on a course, so will be pretty much impossible to make any progress in the labs. So will do more reading and video watching during that period.

    I've been up since about 6am as I naturally woke up early this morning.

    It's been a great day as I finally hacked Bob. This took me the hours and hours and hours to achieve. I started it about 10 days ago and looked at other boxes as I continually hit brick walls. Getting a low privileged shell is easy, but escalating isn't so easy. In fact, the theory isn't too bad, but it's more complicated than that. Anyway, after days of time spent, and about 4-5 hours today, I finally have System access.

    Additionally I rooted ALPHA too. That was very satisfying as it took me about 20 minutes to do, maybe even less.

    It's true what people say - very few of the lab machines are easy. The thing about them is, that there's a lot that can go wrong. Eg, you may be doing the right thing, but something is disrupting the execution of it, or there's a related issue, or an issue with your kali box, etc.... it just goes on and on. So it really does sometimes come down to sheer determination, almost just non stop persistence.

    Will continue today for another 5-6 hours and see how I get on.

    Rooted (5): Alice, Alpha, Barry, Bob, Mike
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  9. Member
    Join Date
    Feb 2017
    Posts
    87
    #33
    What a frustrating day

    For the past 6+ hours I have been trying endlessly to break into PAIN.

    Within about 20 minutes of looking at the machine I identified a vulnerability and I'm sure I'm on the right path. I just can not for the life of me get ANY reverse shell. This appears to be a common issue.

    I think I'm missing something obvious.

    Need to stop now, think I need a result. Will try again tomorrow.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  10. Member
    Join Date
    Feb 2017
    Location
    Washington
    Posts
    56

    Certifications
    CEHv9, OSWP, eJPT, A+, Security+, Linux+, LPIC-1, CCENT, Linux Essentials
    #34
    As a hint, the pain initial shell is waaay simpler then you think. Just enumerate and don't over think it.
    Reply With Quote Quote  

  11. Member
    Join Date
    Feb 2017
    Posts
    87
    #35
    Quote Originally Posted by airzero View Post
    As a hint, the pain initial shell is waaay simpler then you think. Just enumerate and don't over think it.
    Thanks for that

    Well the vulnerability I found was a way of getting my own php pages to execute on PAIN. The issue being is that no shell is ever thrown back to my machine.

    I've decided to move on for now, but I will return. I just want to start on another machine today and go back when I'm feeling fresher.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  12. Junior Member dr_fsmo's Avatar
    Join Date
    Oct 2017
    Location
    Michigan
    Posts
    13

    Certifications
    A+, Security +, MCSA/MCSE, MCTS, CNA
    #36
    Thanks for the tip on the Weidman book. I am planning on doing the OSCP course, but I am trying to do some precursor work. I have been going through some of the vulnhub labs as well before taking the plunge.
    Reply With Quote Quote  

  13. Member
    Join Date
    Feb 2017
    Posts
    87
    #37
    END OF WEEK 6

    I managed two solid days on the lab this weekend. Saturday as stated I was doing PAIN all day long. I found the initial vulnerability within about 20 minutes. This is supposed to lead to a shell. I know how to do it, I know I'm doing the right thing but no matter what I've tried it wasn't returning a shell! Annoying but I will try again another time

    Sunday - All day Sunday I worked on SHERLOCK. This was a really good lab machine and it took me about 8 hours in total to completely root it. I learned so so much from it.

    During the exploitation and research, I downloaded a Windows XP VM, downloaded vulnerable software relating to the machine and managed to script a buffer overflow. I used a guide to help but still had to find the offset myself, and do the shellcode, etc...

    I eventually go this exploit working onSHERLOCK and feel I benefited loads from it.

    This Week

    The plan for this week is that I'm away from today until Friday on a work course (Malware Investigation). I'm hoping to try to watch the whole of Georgia Weidman's video series on Cybrary as I've been meaning to do that for a while. I may also have another flick through her book and try to pick up extra information.

    I may also re-write my OSCP Notes as they are a complete and total mess - I mean just generally the layout, things like syntax, tools, commands, etc... is all just on one Keepnote page and just unorganised.

    Rooted (6): Alice, Alpha, Barry, Bob, Mike, Sherlock
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  14. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #38
    Awesome thread! Keep with it. I'm looking at doing OSCP next year and I already feel your pain! Subbed!
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  15. Junior Member dr_fsmo's Avatar
    Join Date
    Oct 2017
    Location
    Michigan
    Posts
    13

    Certifications
    A+, Security +, MCSA/MCSE, MCTS, CNA
    #39
    Are you doing the OSCP from a virtual machine or a dedicated machine to VPN into their network?
    Reply With Quote Quote  

  16. Member
    Join Date
    Feb 2017
    Posts
    87
    #40
    Quote Originally Posted by clarkincnet View Post
    Awesome thread! Keep with it. I'm looking at doing OSCP next year and I already feel your pain! Subbed!
    Thanks! Good luck for when you do it... If I had to start over I would just do more VulnHub machines and play around with DVWA


    Quote Originally Posted by dr_fsmo View Post
    Are you doing the OSCP from a virtual machine or a dedicated machine to VPN into their network?
    I'm running Windows 10 at home which has Virtual Box installed. Within that I run the Kali Linux VM which is used for OSCP.

    I have some other VM's too like Windows XP, Ubuntu, CentOS, Windows 7 that sometimes are helpful if I'm trying to hack a lab machine and want to check something out.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  17. Member
    Join Date
    Feb 2017
    Posts
    87
    #41
    End of Week 7 Update

    The week just gone was a bit of a weird one. I was away on a course for 4 nights and basically did nothing as working on a small laptop was pretty impossible and Kali was really slow. I didn't achieve much.

    I got back Friday and worked all evening, and all day Saturday too. Sunday I just couldn't summon the energy or will to do anything. I was just a bit fed up and tired, very tired actually and the thought of trying to enumerate and hack was just too much at the time.

    I made a break through on Saturday with Phoenix by getting a reverse shell and also gaining root privileges. It took me about 6+ hours to realise a stupid mistake I had been making. Lesson learned though.

    I also managed to get a limited shell with Pain. I spent about 12 hours total on this machine making the same stupid mistake that I made with Phoenix. It wasn't so much a mistake, just an oversight and something I should have thought more about. I am clueless now about how to get root with pain and have left it for now to move on.

    The little work I did on Sunday I focussed on two new machines which so far have gained me nothing. I was just going round in circles half heartedly looking for holes. After about 3 hours I gave up and realised I just wasn't in the mood.

    The OSCP is stressful and mentally tiring. I think about pretty much nothing else and constantly questioning whether I'm capable of hacking 30 machines (the recommended number before exam), and whether I'm capable of passing the exam. I'm also a bit frustrated that I've only hacked 7 machines so far, it's easy to start comparing yourself to others who say "I'm 4 weeks in and have hacked 15" or something like that.

    This week is going to be tough as I'm away for 3 nights for a funeral and so won't be able to do any work. Next weekend my partner's parents are visiting.

    Rooted (7): Alice, Alpha, Barry, Bob, Mike, Pheonix, Sherlock
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  18. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    52

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #42
    I realize not everyone can pull this off but I've been a social ******* (recluse) for the past 80 days. Crossing fingers I don't fail and have to renew. It's tough and needs to be a priority if you want to knock it out without extensions.
    Reply With Quote Quote  

  19. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #43
    Good progress so far! Hang in there.

    "Perseverance is the hard work you do after you get tired of doing the hard work you already did" - Newt Gingrich
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  20. Junior Member dr_fsmo's Avatar
    Join Date
    Oct 2017
    Location
    Michigan
    Posts
    13

    Certifications
    A+, Security +, MCSA/MCSE, MCTS, CNA
    #44

    Default Doubt

    Quote Originally Posted by CyberCop123 View Post
    End of Week 7 Update

    I think about pretty much nothing else and constantly questioning whether I'm capable of hacking 30 machines (the recommended number before exam), and whether I'm capable of passing the exam. I'm also a bit frustrated that I've only hacked 7 machines so far, it's easy to start comparing yourself to others who say "I'm 4 weeks in and have hacked 15" or something like that.
    I face the same questions and I still in the pre-OSCP phase with many years of experience.
    Reply With Quote Quote  

  21. Member
    Join Date
    Feb 2017
    Posts
    87
    #45
    Thanks everyone for your support, it's much appreciated.

    I'm putting in about 3-4 hours per night and about 15-20 over the weekend, so I'm definitely putting the hours in. I'm covering as much as I can I think.

    One area I am finding tiring is researching vulnerabilities and exploits, however I am quickly getting used to seeing things which aren't relevant. For example Nikto often throws up similar issues for numerous machines which aren't relevant, so I am getting used to seeing the signs.


    Quote Originally Posted by Hornswoggler View Post
    I realize not everyone can pull this off but I've been a social ******* (recluse) for the past 80 days. Crossing fingers I don't fail and have to renew. It's tough and needs to be a priority if you want to knock it out without extensions.
    Yea i know what you mean about being a social recluse.

    I'm not too concerned about the extensions. In fact, I'm kind of planning on doing an extension just so I can take the pressure off a bit. My 90 days runs out around mid December, and I may do another 90 day extension.

    My reasoning is I can possibly schedule an exam attempt in the first half of that time. And if I am not successful I can use more lab time and try again towards the end.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  22. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #46
    Quote Originally Posted by CyberCop123 View Post
    Thanks everyone for your support, it's much appreciated.

    I'm putting in about 3-4 hours per night and about 15-20 over the weekend, so I'm definitely putting the hours in. I'm covering as much as I can I think.

    One area I am finding tiring is researching vulnerabilities and exploits, however I am quickly getting used to seeing things which aren't relevant. For example Nikto often throws up similar issues for numerous machines which aren't relevant, so I am getting used to seeing the signs.




    Yea i know what you mean about being a social recluse.

    I'm not too concerned about the extensions. In fact, I'm kind of planning on doing an extension just so I can take the pressure off a bit. My 90 days runs out around mid December, and I may do another 90 day extension.

    My reasoning is I can possibly schedule an exam attempt in the first half of that time. And if I am not successful I can use more lab time and try again towards the end.

    You and I are in the same boat! Renewing to me is going to be no big deal if it comes to that. I'd rather take my time and truly absorb everything.

    FWIW: I'm in week 3 and still going through materials. Mostly because my first week was shot to hell with travel. So, really I'm entering into my second real week.... but still
    Reply With Quote Quote  

  23. Member
    Join Date
    Feb 2017
    Posts
    87
    #47
    Quote Originally Posted by BuzzSaw View Post
    You and I are in the same boat! Renewing to me is going to be no big deal if it comes to that. I'd rather take my time and truly absorb everything.

    FWIW: I'm in week 3 and still going through materials. Mostly because my first week was shot to hell with travel. So, really I'm entering into my second real week.... but still
    Great! Yea I'm trying to just not rush but work hard and learn over time. For me 6 months to OSCP is a decent amount of time.

    Id rather do that than rush and fail..... or pass but not try out all the tools, techniques etc

    i spent 4 weeks on videos and PDF.

    So ive now had 3 weeks of labs and it's hard but good!
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  24. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    52

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #48
    I also took a month on the pdf and exercises... felt like others were blowing me by but glad I spent the time on it. I would rather fully understand something than rush it. The first few boxes in the lab also took a while but once you get in the routine and have seen more things, you have a better idea of what to look for and when to avoid a dead end. Keep up the good work!!
    Reply With Quote Quote  

  25. Junior Member dr_fsmo's Avatar
    Join Date
    Oct 2017
    Location
    Michigan
    Posts
    13

    Certifications
    A+, Security +, MCSA/MCSE, MCTS, CNA
    #49
    Quote Originally Posted by Hornswoggler View Post
    I also took a month on the pdf and exercises... felt like others were blowing me by but glad I spent the time on it. I would rather fully understand something than rush it. The first few boxes in the lab also took a while but once you get in the routine and have seen more things, you have a better idea of what to look for and when to avoid a dead end. Keep up the good work!!
    When do you plan to take the test?
    Reply With Quote Quote  

  26. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    52

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #50
    Quote Originally Posted by dr_fsmo View Post
    When do you plan to take the test?
    Less than two weeks away! Crossing my fingers, lol.
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 3 First 12 3 Last

Social Networking & Bookmarks