+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 27
  1. Member
    Join Date
    Feb 2017
    Posts
    51
    #1

    Default CyberCop's OSCP blog

    Thought I'd join the party and do my own blog, particularly as I feel there may be a long road ahead

    About Me
    • I'm 33 and work full time for the Police, mainly in digital forensics
    • From 16-20 I studied IT in both college and University getting a HND
    • I then did 3 years as a PHP web developer
    • I then took a break of about 7 years in IT and now back in there with a renewed passion for it.
    • I'm very strong with Linux, having used it as a desktop OS for years and also done quite a lot of basic administration of web servers, etc... I am most comfortable on the command line.
    • My knowledge of Windows is basic, I can use it, I can use cmd to some extent but don't know much about administrating it. I have plans to do the MCSA at some stage to try to brush up on this area.
    • I'm quite comfortable with Python Scripting and Bash too. I've not done any C really.
    Why OSCP

    My current career path has basically no development, particularly as I'm not an expert in digital forensics and don't really want to be. It's not my bag really.
    I'm keen to get into Cyber Security. Pen testing is one avenue but I'm not dead set on it, but I enjoy the hacking side and have done about 2-3 Vulnhub VM's. I nearly signed up for the CEH but resented the fact that it was such a lot of money for not a lot of proof or knowledge, i.e. I know some who have this and they know very little about IT, networks, security, etc... They can tell you that "nmap is used for scanning" and that's about it.

    The OSCP I hope would provide some hands on, useful, technical knowledge and experience and some fun too. It's the first stage in my plan and maybe in the future will do the CISSP as I see it is often requested by employers.


    My OSCP Plan

    I signed up for 90 days worth of labs as many had recommended this.

    Plan was:

    Weeks 1-3 read the PDF and watch videos
    Week 4: take the week off work and start the labs and continue until the exam date

    However, I'm behind schedule and realised it was too much to do the PDF in 3 weeks.

    I am on my 4th week of the OSCP so will post about that in next post...
    Last edited by CyberCop123; 10-04-2017 at 08:59 AM.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Feb 2017
    Posts
    51
    #2
    Week One

    Sunday 10th September I got all the materials and videos through. I was busy with work and life in general so couldn't start properly until Tuesday.

    I printed out pages 1-100 in work and set about reading. The first 40 pages are all introductions, setting up things and I skipped almost all of this as I had virtual box installed, I had Kali (which they provided) set up and running, etc.... The PDF by the way is 375 pages and there are around 160 videos.

    The first 100 pages was very comfortable as I'd covered that myself by vulnhub hacking, but I still formalised a lot of my knowledge and started to better understand things and get a stronger overview of things rather than just me just typing commands and then randomly picking what else to try next.

    The videos I found really nice, to give my brain a rest and although it covered almost entirely what the PDF was telling me, it was nice to have it presented rather than staring at a piece of paper for hours. The best thing about the videos is the length of them, many are around 1-3 minutes long, with only a few a little longer. They get to the point and don't waffle unlike other technical videos or YouTube videos which are about an hour long with 5 minutes worth of useful content. The guy who speaks and is on the video is incredibly clear too and easy to listen to.

    I learned about ncat which I didn't know of before, I knew of nc but not ncat. So that was an eye opener. It was good to create connections between the Windows 7 machine (which you get access to) and Kali. Although I'd done it, I didn't understand what else it could do.

    In work I also managed to read when I had some downtime. I had read some of Georgia Weidman's pentesting book before the course and I realised that it is very very similar to the PDF. So I read up on things which the OSCP was covering just for another angle. Anyone thinking of doing the OSCP, I insist you buy this book (she didn't pay me to say this: )

    Week one was really good.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  4. Member
    Join Date
    Feb 2017
    Posts
    51
    #3
    Week Two

    Another good week covering port scanning with nmap. I'd used this a fair bit before the course but learned a lot from this section. How to use the scripts and run one script across multiple targets. Also covered SNMP which is a protocol I had no real knowledge about but wow, it's very very useful and potentially vulnerable in many instances.

    SMB and SMTP were covered too as well as DNS and I also learned a fair bit about this.

    One thing that is clear is that the PDF builds up your knowledge and connects the dots together. For example, you learn about bash scripting, automation of things, then that leads on to automating DNS queries, and then writing a script to do that for you.

    There are exercises at the end of each chapter and I found that I was naturally doing them without even realising as I was reading and then trying it out on Kali as I went along.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  5. Member
    Join Date
    Feb 2017
    Posts
    51
    #4
    Week 3

    Well, this week really killed me. I got onto Buffer Overflows, a term I've heard so much about for years, probably since I first got interested in computers about 20 years ago. I knew that it was something to do with overflowing memory so the program did something it shouldn't. That was it. I also knew that assembly language was virtually machine code, very low level and quite complex.

    Buffer Overflows start with a Windows Overflow example and then it moves onto a Linux example. I think I spent too long on these trying to replicate it and having issues. I spent about 4 hours on each which took me a couple of days in the evenings.

    I did them both and achieved the result but still I'm unsure about the process. There's parts I don't get really, and I made a conscious decision that after about 3-4 days of reading up and trying them again that I would move on and try to return later as I didn't want to get stuck and obsessed with one area.

    So yea, this week was tough and it really drained me a bit. It was the first time on the course that I hit a wall where I couldn't simply read up on something, try it and be satisfied that I understood.

    Buffer Overflows I think are just complicated as there's about 10 stages involved, and I think it may be best to think about it stage-by-stage, rather than overwhelm (or overflow) yourself with all that detail at once. I will come back to it another time.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  6. Member
    Join Date
    Feb 2017
    Posts
    51
    #5
    Week 4 (this week)

    I'm up to page 280 in the PDF and finding it quite hard to continue reading and learning as my brain sort of feels overwhelmed with things at the minute. It's almost like you've learned so much but not used it, so it's all just sat there without any context or usage.

    This was proven last night when I felt drained and couldn't face reading so thought I'd try some stuff on the labs. I came across a Windows XP machine and an FTP server that allowed anonymous login. I thought it would be easy, but after about an hour I was just stumped and felt fed up.

    I wasn't in the best of moods and was quite tired so it probably was poor timing. I also felt lost in terms of, I'd learned so much but still haven't got any strategy, methodology or plan. I thought I'd start to have a structure. But all I have currently is a list of things to consider and do.

    I'm being overly hard on myself I think as it's week 3 of 12. I'm still starting out, and it was my first Windows based machine I've tried hacking. My plan is to possibly read a walkthrough for one of the lab machines which I've heard is a good idea to give some hints on the methodology to use.

    Either way, I have the whole weekend to try and I'm also off THE WHOLE of next week so I have another 7 days there to make some progress, and try to finish the PDF material.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  7. Member
    Join Date
    Aug 2016
    Location
    nullsec
    Posts
    62

    Certifications
    Linux+ Prince2 Fundation Security+ eJPT
    #6
    Subbed your thread
    Reply With Quote Quote  

  8. Member
    Join Date
    Feb 2017
    Posts
    51
    #7
    Quote Originally Posted by hal9k2 View Post
    Subbed your thread
    Welcome! Be prepared for updates including lots of moaning and threats to give up!
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Oct 2016
    Location
    North Carolina
    Posts
    17

    Certifications
    CISSP, GPEN, CEHv7, Sec+, ITILv3
    #8
    Way to go CyberCop!!! Keep hashing it out. I'm rooting for you.
    Reply With Quote Quote  

  10. Member
    Join Date
    Feb 2017
    Posts
    51
    #9
    Quote Originally Posted by jjones2016 View Post
    Way to go CyberCop!!! Keep hashing it out. I'm rooting for you.

    Thank You!

    Going to continue tonight with the reading and make progress, will properly start the labs on Saturday. I'm going to start with 10.11.1.5 which I believe is Alice and a good one to start with. After that I will move on to others.


    I'm going to take others advice and not get stuck on a machine for too long. E.g. maybe after 1-2 hours of going nowhere, I will move on.


    I've just read up on tunelling, port redirection and proxychains. I think I understand it, and think it may be quite a simple concept. It's just hard to truely know if I understand it without actually doing it.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Jun 2013
    Location
    Iowa
    Posts
    173

    Certifications
    CISSP, GCIH, GSEC
    #10
    I'll be following, good luck. I think OSCP is up next for me.
    Reply With Quote Quote  

  12. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,322

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #11
    Good luck CyberCop. Will be following this thread!
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  13. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    36

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #12
    Good luck!!
    Reply With Quote Quote  

  14. Member
    Join Date
    Feb 2017
    Posts
    51
    #13
    Week 4 Update

    Thanks for the good luck messages and follows


    Had a good night last night as my Girlfriend was working which meant I could work without any disturbance and without feeling guilty for being on the computer all night. I did around 4 solid hours after work.


    I read from page 288 to 326, which covers all of tunnelling, port redirection, encapsulation, proxychains and Metasploit ... all the way up to the chapter titled "Building your own MSF Module".


    Ideally I'd like to finish the PDF by the end of Sunday, meaning that next week I can start the labs.


    As previously stated, I know I've learned a lot (although feel like I can't remember much), but the main thing I'm desperate to do is to start the labs and start to come up with some sort of plan. I still feel like I did before a bit, like "oh, lets start with nmap... hmmmm, ok, now what about Nikto.... ohhhhh let's try this tool". I know this is just because I'm going from hacking into actual pen testing so I have to develop a strategy.

    I'll do some more tonight but not sure I'll be as productive as I barely slept last night and feel very tired at the moment.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  15. Senior Member Moldygr33nb3an's Avatar
    Join Date
    Jul 2016
    Posts
    191

    Certifications
    A+, Network+, Security+, Project+, CSA+, CASP, CEHv9, CCNET, CCNA R&S
    #14
    SUBBED! Looking forward to updates! Thanks
    Working on: CCNA - Security

    All your certifications are belong to us.
    Reply With Quote Quote  

  16. Member
    Join Date
    Feb 2017
    Posts
    51
    #15
    End of Week 4

    Well this weekend has been a bit of a waste. I deliberately avoided any computer work on Friday as I was tired and just not in the mood. I'm also off the entire week from work so I knew I would have tons of time to do stuff. Saturday I didn't do anything either was I was out.

    Today I've done a bit. I hacked my first box - ALICE - I feel happy in that I've at least started, but not excited as it was a really simple one and I don't even feel like I was tested. However, one thing I did find was I spent about an hour looking in completely the wrong area.

    Also I used metasploit, then I looked up the manual exploit code and hacked it with this too. I'm going to try this for everybox, use Metasploit and also do it manually.

    I'm trying now to start scans for other boxes and output the results in to files. This is so I don't have to wait for every nmap -p- scan to finish which can take ages.

    I'm now starting on the next host (not sure if it's host name).

    As stated, I'm off the whole week so I'm hoping to really do a lot of hours per day and make a good impact on the labs.

    Hosts Hacked: 1​ (Alice)
    Last edited by CyberCop123; 10-08-2017 at 03:16 PM.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  17. Member
    Join Date
    Feb 2017
    Posts
    51
    #16
    Week 5 - Day 1

    I will update everyday probably as I'm off the entire week from work. This was deliberately timed to take place after 4 weeks and when I had finished the PDF entirely.

    I've managed 5 hours so far today. It's my first second proper day in the labs and it's tough as I'm quickly finding that my working style isn't that good. E.g. I seem to illogically just run from port to port trying different things. After an hour I realise go back to some of the other ports and try different things.

    I think I will have to improve my note taking as that is partially to blame I think. E.g. If I had a proper checklist and just SLOWED myself down, then it would be for the best. Similarly when researching online I again flick through tons of tabs and probably miss key things or potential exploits.

    Yesterday I managed to hack Alice

    Today I attempted a Linux machine (name unknown)... move don to PHOENIX and MIKE with limited success.

    I did get a low privileged shell for BOB ... just struggling now to escalate privileges.

    I know others say not to spend too long on one machine and to move on if stuck, but I don't want to start 20 machines and not finish any of them. I'm attempting one final machine for the day and that is TOP HAT

    One other thing I've found is that I get pretty lost when there's lots of ports open. For example, if there was just port 21 and port 80 I can really concontrate on those services and just focus. However when there is 21, 22, 25, 80, 111, 135, 139, 445, etc.... I'm just like ... Where the hell do I start?!!!!
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  18. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    36

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #17
    There should be a research phase between enumeration and trying exploits. Get as much info on the services and versions as possible, then research those products for known vulnerability and exploits. Nmap version scans, login banners, nikto scans, finding sub directories via dirb, exploring pages for clues, etc all help figure out the right paths to follow.
    Reply With Quote Quote  

  19. Member
    Join Date
    Feb 2017
    Posts
    51
    #18
    Quote Originally Posted by Hornswoggler View Post
    There should be a research phase between enumeration and trying exploits. Get as much info on the services and versions as possible, then research those products for known vulnerability and exploits. Nmap version scans, login banners, nikto scans, finding sub directories via dirb, exploring pages for clues, etc all help figure out the right paths to follow.
    Thanks for the advice - much appreciated
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  20. Member
    Join Date
    Feb 2017
    Posts
    51
    #19
    Week 5 - Day 2

    it's been a long and very frustrating day. I managed to get a limited shell on Bob2 so now I have that and one on Bob! haven't increased privileges yet though.

    i basically went round in circles for the whole day with 3 machines. So frustrating and I didn't want to move on as how many times can I move on before I just lose track and end up half starting them all!

    I feel like I'm growing in confidence - even though I'm not making actual progress. Eg, certain processes I'm recognising now which I guess is good.

    Annoying it seems that every time I search for exploits it just leads nowhere. Like some vague article on a random DLL that makes no sense and doesn't have any explanation.

    To summarise; it's not been the best day. I keep telling myself this is only day 3 of my lab time so still really early on. I've got the rest of the week pretty much to continue.
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  21. Member
    Join Date
    Feb 2017
    Posts
    51
    #20
    Oh and I'm pretty sure I hate Keepnote. I'm actually a bit mystified why so many use and recommend it.

    Final thought - more to myself - is I think I'm over thinking things so much. Eg I've Read so many times people saying not to overthink and when you do crack a box you laugh and think "arghhh why didn't I think of that".
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Aug 2015
    Location
    Miami, FL
    Posts
    10

    Certifications
    CISSP, CEH, CCSM, CCNA (R&S), i-Net+, A+, Network+, Security+
    #21
    Thanks for the great into. I wanted to get your opinion if I should take the time to learn metasploit even though you can only use it on one machine on the exam.
    Reply With Quote Quote  

  23. Member
    Join Date
    Feb 2017
    Posts
    51
    #22
    Quote Originally Posted by lsimon305 View Post
    Thanks for the great into. I wanted to get your opinion if I should take the time to learn metasploit even though you can only use it on one machine on the exam.
    Hi,

    Well I am still learning a lot myself.

    But I would say definitely. A few times I've attempted Metasploit exploits - at times just in desperation and because I'm really struggling - I got one to work on one machine.

    I then did the same hack but manually using other methods.

    I would say it would be foolish NOT to learn Metasploit
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  24. Member
    Join Date
    Feb 2017
    Posts
    51
    #23
    Week 5 - Day 3

    What a day!

    Been up since 6am and done around 6 hours work all one one machine - MIKE. I've managed to get SYSTEM web shell but can't get any sort of reverse tcp shell. I've been trying for hours and I'm too stubborn to look at spoilers.

    Think I need a break as I'm a bit exhausted now!
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  25. Senior Member Moldygr33nb3an's Avatar
    Join Date
    Jul 2016
    Posts
    191

    Certifications
    A+, Network+, Security+, Project+, CSA+, CASP, CEHv9, CCNET, CCNA R&S
    #24
    Reading your blog, i'm getting frustrated. So if it makes you feel any better, youre sharing the frustrations. Keep at it!
    Working on: CCNA - Security

    All your certifications are belong to us.
    Reply With Quote Quote  

  26. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    36

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #25
    Quote Originally Posted by CyberCop123 View Post
    ...MIKE. I've managed to get SYSTEM web shell but can't get any sort of reverse tcp shell. I've been trying for hours and I'm too stubborn to look at spoilers.
    I'm stuck at the same place. File transfers into this box is a bit of a challenge... I have a few ideas to try today and hopefully get it to work.
    Current course: Started PWK on 8/12/2017
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks