+ Reply to Thread
Page 3 of 7 First 123 4567 Last
Results 51 to 75 of 156
  1. Junior Member dr_fsmo's Avatar
    Join Date
    Oct 2017
    Location
    Michigan
    Posts
    13

    Certifications
    A+, Security +, MCSA/MCSE, MCTS, CNA
    #51
    Good Luck.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #52
    Quote Originally Posted by dr_fsmo View Post
    Good Luck.
    Thank you!

    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #53
    END OF WEEK 8 - UPDATE


    Well this week was a bit of a write off initially as I was away for 4 nights for a family funeral and got back Friday.


    Saturday + Sunday I really really struggled to concentrate and was distracted by a personal project of mine involving building a server. Stupid really, and I knew I was wasting time and not doing what I should but I was struggling for motivation.


    I think I need to take a day off work with the mindset that it's a day of OSCP work rather than ANOTHER one of my weekends spend in front of the computer. Part of the reason it's exhausting is, that 40 hours a week I work staring at 3 computer screens and then on a weekend I spend about 8 hours each day staring at more computer screens and sat in my spare room. It's starting to take its toll to be honest.


    Saturday I did get a partial shell on Bethany which was quite simple and didn't take too long. I've not managed to escalate this. It's a Windows computer and I'm really struggling to identify privilege escalation with these - I'm using the fuzzy security guide to help but honestly, I'm just going through the motions without really any direction with it.


    I got a full root of Tophat which wasn't too difficult.


    Still way off the pace and I've only really got a month left of this 90 day period. As I said previously, I will extend my time by another 3 months. I definitely do want to get around 30 machines rooted before considering the exam.


    Rooted (: Alice, Alpha, Barry, Bob, Mike, Pheonix, Sherlock, Tophat + (Low priv Shell on Bethany and Pain)
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  5. Junior Member dr_fsmo's Avatar
    Join Date
    Oct 2017
    Location
    Michigan
    Posts
    13

    Certifications
    A+, Security +, MCSA/MCSE, MCTS, CNA
    #54

    Default Fuzzing

    Quote Originally Posted by CyberCop123 View Post
    END OF WEEK 8 - UPDATE

    I'm using the fuzzy security guide to help but honestly, I'm just going through the motions without really any direction with it.
    Is the fuzzy guide from the OSCP material or another resource?
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #55
    Nope, it's just an online resource:

    FuzzySecurity | Windows Privilege Escalation Fundamentals

    That's a well known site and also the common guide people use for Windows Privilege Escalation
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  7. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    246

    Certifications
    OSCP | CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #56
    I know first hand how exhausting it can be!

    I have a full time job, family, etc ... and OSCP is really sucking up a lot of my spare time. I think the trick is to be efficient with your time so that you don't feel like your WASTING your time if that makes sense. Just set goals, and work towards them. It's a lot easier this way.

    I take heart in the fact that it's temporary, and one day will end.

    You are making pretty good progress. I'm on my second week of the labs over here and have 7. Our lists are pretty similar:

    BOB (1 and 2)
    ALICE
    JD
    MASTER
    KRAKEN
    BARRY
    Last edited by BuzzSaw; 11-06-2017 at 02:19 PM.
    Reply With Quote Quote  

  8. Senior Member yoba222's Avatar
    Join Date
    Jun 2013
    Posts
    551

    Certifications
    LFCS, GCIH, eJPT, CCNA, CAPM, Trifecta
    #57
    Quote Originally Posted by CyberCop123 View Post
    Oh and I'm pretty sure I hate Keepnote. I'm actually a bit mystified why so many use and recommend it.
    I don't understand this either. Development of KeepNote has basically been abandoned since 2012. I prefer Zim Desktop Wiki. Same basic functionality.
    Zim - a desktop wiki or simply
    # apt install zim
    Reply With Quote Quote  

  9. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    246

    Certifications
    OSCP | CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #58
    Lotus notes is where its at! come on!
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #59
    WEEK 9 - UPDATE

    After a terrible few weeks - some of which was out of my control, but also partly because I was just really struggling for energy and motivation I made a massive effort yesterday and today.

    Got home from work yesterday about 4pm and worked through till around 2am. Today I have worked from 9am to 3pm and I will carry on until this evening.

    I managed to root RALPH, MAIL and ORACLE

    I used Metasploit for the first time as an exploitation tool and got root with Oracle. Apparently there is a Python Script, I have this but so far it's not worked. I think it's just because the machine needs reverted. I will re-visit this but I don't want to waste reverts at this time as I only have 4 left for the day and I plan on working for a few hours more.

    Machines in progress

    Bethany - still only limited shell - not tried anything new on this
    Pain - same as above
    Joe
    JD
    Payday
    Gamma

    I'm finding myself avoiding the harder machines like Pain, Gamma, Sufference, Humble but I know at some point I will have to properly try to break them. On that basis I'm going to go and have another go at PAIN for a few hours and see if I can escalate my privileges.


    Rooted (11): Alice, Alpha, Barry, Bob, Mail, Mike, Oracle, Pheonix, Ralph, Sherlock, Tophat + (Low priv Shell on Bethany and Pain)
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #60
    Manged to get root earlier on PAIN

    I saw a hint on the forum which assisted in confirming I was on the right lines so I feel a bit less happy but still pleased it's done.

    It really really was not difficult and I learned a massive lesson - read the code.... I've been told it loads and ignored it. But I saw tonight why that is important.

    Plan for tomorrow is to look at pivoting and I may try playing about with trying to access other internal networks.

    Im also 12 hosts down and haven't written any into a report or taken screenshots. I have notes though. I don't mind re doing them - I feel that will just be more learning and will tidy up my personal notes that I keep on GitHub.

    Ive been hacking away at JOE all night and still no closer. May try again tomorrow or move on.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #61
    WEEK 9 - END OF WEEK UPDATE

    Managed to root two more machines today JD and PAYDAY. Payday was quite simple. I stupidly wasted about 2 hours on this despite finding the vulnerability within about 5 minutes.

    Also started my lab report today. I think it's a great idea to start this early - the reason being, is that it makes you realise why notes are important. I knew my notes were poor, but honestly, I spent about 40 minutes trying to re-hack RALPH (which I'd done yesterday).

    Lesson learned, make sure that the moment you make some breakthrough, write down a bullet point list of the commands you did and how you did it.

    I've so far written up two machines. I will try to write up PAYDAY now so I've got 3 machines done. Once you start the report it's quite easy. My thoughts are:

    1) Include one page showing IP, hostname, vulnerability you found, what that means, and how bad it is
    2) Show one screenshot (unless you REALLY need more) showing a port scan
    3) Show how this led to you finding vulnerability
    4) Screenshot of you uploading something (as an example)
    etc...

    I've hit a brick wall with GAMMA and with JOE. But will possibly try again tonight if I feel up to it. I think I may stop for this evening. In the last 48 hours I think I've rooted 7 machines so I need a break

    Low Privileged Shells (1): Bethany

    Rooted (14): Alice, Alpha, Barry, Bob, JD, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sherlock, Tophat
    Last edited by CyberCop123; 11-13-2017 at 07:47 AM.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  13. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    60

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #62
    Great progress!! Keep up the good work!
    Reply With Quote Quote  

  14. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    1,001

    Certifications
    Sec+, MTA, MCP
    #63
    Quote Originally Posted by BuzzSaw View Post
    Lotus notes is where its at! come on!
    I use "OneNote"

    works good for me
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #64
    Oh and on the subject of note taking, I've recently started using GitHub for writing up guides on certain areas and I've found it to be absolutely perfect for my needs.

    Formatting is so quick, easy and clean.

    I've organised things into certain areas:

    smb.md
    payloads.md
    file_transfers.md

    All nicely typed up and ready for copying/pasting

    So I'm kind of re-writing all my notes into this format so they're remotely accessibly anywhere, in a nice easy format, and will be there for years to come to refer to.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  16. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    246

    Certifications
    OSCP | CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #65
    Nice work man. Looks like you've jumped a head of a bit on the hit list

    I think you and I are learning very similar lessons. Ralph in particular was a turd to me. Also, DJ as well .. So let me know what you find when you get to that point - PM me! I wont give it away obviously, but I can help in the typical OSCP fashion hah

    Oh and for what it's worth, my thought process on the report and note taking:

    1. I have note taking in one note that is more around the actual learning process
    - This include useful tools, syntax, etc ..
    2. I have note taking on the Kali box that I use strictly for lab reporting

    I am trying to write each machine in a way that someone with lesser knowledge could replicate my take down of the box by (mostly) following my screen shots. This is probably overkill, but if I were actually being paid to do this, I would think a customer would like that level of detail and may help them in understand mitigation steps. And honestly, it only takes a couple more minutes as screenshots pretty much tell the story

    I also have the screenshot utility in kali auto save all of my screenshots which then get backed up to my local host (And then into the cloud) I'm super paranoid about losing work hah

    BTW: good job on pain man ... I haven't event started on the big tough monsters .... yet .... but I guess that's ok. I'm only 3 weeks in now

    On a side note: Are you starting to feel like a badass? It's a catch 22 ... in some ways you're like "DANG, I can actually do this! Like for real?!" ... then in someways you're like "I feel like a 2nd grader learning what a keyboard is ..."
    Last edited by BuzzSaw; 11-13-2017 at 06:13 PM.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #66
    Quote Originally Posted by BuzzSaw View Post
    Nice work man. Looks like you've jumped a head of a bit on the hit list

    I think you and I are learning very similar lessons. Ralph in particular was a turd to me. Also, DJ as well .. So let me know what you find when you get to that point - PM me! I wont give it away obviously, but I can help in the typical OSCP fashion hah

    Oh and for what it's worth, my thought process on the report and note taking:

    1. I have note taking in one note that is more around the actual learning process
    - This include useful tools, syntax, etc ..
    2. I have note taking on the Kali box that I use strictly for lab reporting

    I am trying to write each machine in a way that someone with lesser knowledge could replicate my take down of the box by (mostly) following my screen shots. This is probably overkill, but if I were actually being paid to do this, I would think a customer would like that level of detail and may help them in understand mitigation steps. And honestly, it only takes a couple more minutes as screenshots pretty much tell the story

    I also have the screenshot utility in kali auto save all of my screenshots which then get backed up to my local host (And then into the cloud) I'm super paranoid about losing work hah

    BTW: good job on pain man ... I haven't event started on the big tough monsters .... yet .... but I guess that's ok. I'm only 3 weeks in now

    On a side note: Are you starting to feel like a badass? It's a catch 22 ... in some ways you're like "DANG, I can actually do this! Like for real?!" ... then in someways you're like "I feel like a 2nd grader learning what a keyboard is ..."
    Thanks dude, yea this weekend was nuts, a bit too much actually as I barely slept and just felt so tired today at work. I've tried to do some more tonight.

    I managed to get one more box down which was HELPDESK which was very easy.

    I'm also using a screenshot program in Kali called Shutter - you can tell it where to save screenshots, so I've picked the shared folder so I can access it from Windows, it's worked well so far.

    I think you're approach to notetaking is good, absolutely nothing wrong with being ultra clear in the notes, and treating it like you would in the real world.

    On Saturday and Sunday I felt like the worlds most elite hacker... and then I got stuck again on one of the lab machines and realised I'm still pretty clueless hahahaa.

    This evening I've had a very half hearted attempt at BETHANY again. I then read (on this forum) that it's actually one of the most difficult boxes to escalate, so I think I will leave it for a weekend when I'm off and not tired. I also tried hacking OBSERVER but a bit confused by that one. I'm really tired so I'm going to stop now as I just have no energy at the minute!




    Rooted (15): Alice, Alpha, Barry, Bob, Helpdesk, JD, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sherlock, Tophat
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  18. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    246

    Certifications
    OSCP | CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #67
    You and me both!

    I was beat and wiped out over the weekend. On Sunday night I went to log into the lab, and I just felt lost and dazed. Mental fatigue and OSCP don't mix well at all!

    I briefly looked at helpdesk. You must have found a vector easier than I did because nothing jumped off the page at me.

    Also, I don't want to give anything away ... but .... I think CORE may be of interest to you ......
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #68
    WEEK 10 - UPDATE

    Managed to root DOTTY tonight which was a bit of a ballache. Quite a long time spent trying to get in but got there in the end after about 3 hours.

    I'm really tired tonight and made some hearted attempts at two other boxes which went nowhere.

    Im working from home tomorrow and may be able to squeeze in some more hacking toward the afternoon. I'm hoping to get 3 more boxes rooted by Monday.

    BETHANY is killing me! Privilege escalation is a major major weak point of mine. I'm going to return (for the 3rd time) to this machine on Sunday when I have lots of time and hopefully energy too

    Rooted (16): Alice, Alpha, Barry, Bob, Dotty, Helpdesk, JD, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sherlock, Tophat
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #69
    WEEK 10 - Update

    Well, it's fair to say this entire weekend has been a bit of a nightmare. I had wanted to crack 3 more machines but flopped majorly and just went round in circles for hours.

    The biggest issue has been tiredness and mental fatigue. I've not been sleeping well and have just felt dazed for several days now meaning I've found it hard to think and concentrate.

    My attempts have been half hearted as a result.

    Honestly the OSCP has taken over my life and I think about nothing else. It's nearly 4pm and I've stopped for the rest of the day. Just need a break I think.

    Anyway, I've rooted 16 and ideally wanted to get to 20 by the end of the day which is not going to happen.

    I have around 3 weeks lab time left.

    My plan is to extend for 3 months and book an exam attempt half way through that time. So probably around end of January time.

    Arrghhhhh very frustrating! Anyway ... time to chill out
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #70
    WEEK 11 - UPDATE

    It's been a bad 1-2 weeks in respect of OSCP. I've had the same 4-5 Targets which I haven't cracked and I've just been going around in circles. Thankfully in the last day or two I've had a bit of success with one of them, and also rooted a new one too.

    Managed to root SEAN which took me ages to get the initial shell

    Also rooted BETA which was a really fun one as it was a vulnerability I haven't seen in any other shells before and I learned some really good stuff with it

    I've also managed to gain access to The IT Network a different subnet to the main one. I also set up some SSH pivotting to access some of the internal intranet web pages. Not done anything else apart from some internal nmap scans, but will come back to this later, and try to root some of the IT machines too.

    I've now written up 6 of my hacks into a lab report which is currently 60 pages long - not much text, just Heading -> screenshot and repeat just showing the steps taken to get to root.

    I've still got 7 other hosts which are in progress, again going around in circles with them a bit. I want to try to root some of them and start on some new ones.

    My lab access runs out in 14 days time. I plan to extend this for another 2-3 months until I'm super confident about the exam.

    Rooted (19): Alice, Alpha, Barry, Beta, Bob, Dotty, Helpdesk, Kevin, JD, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Tophat
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  22. Senior Member NEODREAM's Avatar
    Join Date
    Apr 2016
    Posts
    106

    Certifications
    BS:CSIA, A+/N+/S+, ECIH, ECES, ITIL:F v3, CCNA:R&S, SSCP, CCSP
    #71
    A little bit late to this thread, but wanted to wish you good luck on your studies! I'll be following this thread as I am looking to attempt this monster sometime towards the end of next year possibly.

    Wishing you the best and thanks for sharing your journey!
    2018 Goals: ​ CISSP [] | CCNA: CyberOps [] | eJPT [] | GCIH []
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #72
    Quote Originally Posted by NEODREAM View Post
    A little bit late to this thread, but wanted to wish you good luck on your studies! I'll be following this thread as I am looking to attempt this monster sometime towards the end of next year possibly.

    Wishing you the best and thanks for sharing your journey!
    Thanks for reading!

    Good luck for when you go for it. It's not too bad, just keep plucking away and you learn as you go.

    My main mindset is that there is no rush. I see so many (probably more experienced) post things saying they signed up for 30 days. That's a really really short amount of time even for the experienced person.

    Anyway, will look forward to a blog from you when you start the journey!
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #73
    WEEK 11 - FINAL UPDATE

    it's 2am so technically I guess it's week 12 ...

    Managed to full root Leftturn- really fun machine despite getting stuck at the very first hurdle! I read someone mention it was their favourite machine. I'd say it's definitely in my top 3. A satisfying one to get.

    Ive now rooted 20 so a bit of a landmark figure. I'm really looking forward to getting to 30 which many say is the minimum needed before trying the exam. I will do the exam when I feel ready. Most likely towards the end of January.

    Ive yet to attempt Sufference, Humble or Gh0st. I will try them when I have 1-2 free days and feeling really up for it.

    ROOTED: 20
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Feb 2017
    Posts
    174
    #74
    Managed to finally hack Bethany- well I got an Admin shell after escalation but can't get System. I'm moving on anyway as I got proof.txt from it and have already spent about 4 days on it. I needed some hints from the forum. But got there eventually and it was really challenging.

    Ive run my enumeration script against Humble - ​and will start to look at this properly at the weekend when I have some proper time. I've had a quick glance at the results and some of the services but will dedicate some time this weekend to the machine. I have two days spare and hope to make some progress with it


    Rooted (21): Alice, Alpha, Barry, Beta, Bethany, Bob, Dotty, Helpdesk, Kevin, JD, Lefturn, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Tophat
    Last edited by CyberCop123; 11-28-2017 at 07:01 AM.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  26. Senior Member Mooseboost's Avatar
    Join Date
    Jan 2015
    Location
    North Carolina
    Posts
    656

    Certifications
    CEH, CCNA: R&S, eJPT, JNCIS-SEC, Dell Sonicwall CSSA, Dell Sonicwall Email Security,CompTIA CSA+, CompTIA Security+, CompTia Network+
    #75
    Not rushing it is definitely the way to go. You are making good progress and being realistic about it.

    Looking forward to seeing your "I passed" post.
    2018 Certification Goals: OSCP []

    Blog: www.hackfox.net
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 7 First 123 4567 Last

Social Networking & Bookmarks