Another OSCP Journey

MrAgent

So I started the process today and signed up for the PTWK class. Looks like I will be starting on Sept 14.
I'll start updating this thread as I go through the motions.

ramrunner800

Good luck! I'm in the course right now too. I find that my pace is a bit stop and start with it. To get through some of the material you have to go really hard at it, and I find myself needing a day or two's break. Make sure you keep going back, ask for help when you need it(it took me awhile to get the guts to do this), and Try Harder! Feel free to PM if you have any issues.

MSP-IT

ramrunner800 wrote: »

Good luck! I'm in the course right now too. I find that my pace is a bit stop and start with it. To get through some of the material you have to go really hard at it, and I find myself needing a day or two's break. Make sure you keep going back, ask for help when you need it(it took me awhile to get the guts to do this), and Try Harder! Feel free to PM if you have any issues.

Yeah, I've definitely found this to be true. This is really the first self-training courses that I've never really been able to pick up on a daily basis and do. Going through the assembly/exploit section of it now for a second time. I feel like I need a few hours just to digest a few videos.

MrAgent

So I received the welcome email as well as how to connect to the lab etc.

Am I supposed to install the lab connection tools onto my own local instance of Kali?

NovaHax

MrAgent wrote: »

So I received the welcome email as well as how to connect to the lab etc.

Am I supposed to install the lab connection tools onto my own local instance of Kali?

Correct. You will use the VPN client from your Kali box. I know when I took it, there was no installation required. It was just a linux binary executable that we used as a VPN client. But that was back in the PWB days and things may have changed. But regardless, you will connect to the VPN from your Kali box (whether that be a VM or full install).

NovaHax

Good luck btw...and don't forget to have fun

MrAgent

NovaHax wrote: »

Correct. You will use the VPN client from your Kali box. I know when I took it, there was no installation required. It was just a linux binary executable that we used as a VPN client. But that was back in the PWB days and things may have changed. But regardless, you will connect to the VPN from your Kali box (whether that be a VM or full install).

Thanks for the info.
So I fired up my local Kali installation, and went to update it since it had been a while, and it completely crashed after upgrading. Looks like I need to download a new .iso and reinstall. Joy.

NovaHax

MrAgent wrote: »

Thanks for the info.
So I fired up my local Kali installation, and went to update it since it had been a while, and it completely crashed after upgrading. Looks like I need to download a new .iso and reinstall. Joy.

Could be worse. I had to build a new VM during the first hour of my exam. I took the course back when it was still PWB but Kali Linux had already been released. Since we were already using Kali at my work, I decided to use it for the course and had planned on using it for the test. As soon as I received my exam guide, there were instructions that explicitly stated that "YOU MUST USE BACKTRACK" for the exam.

So I had to spend valuable testing time downloading the BTK .iso and imaging a new VM.

MrAgent

Oh man that sucks. Ive already created a copy of my finalized VM. I am actually going to download their suggested VM and see if it works with VMWare workstation 8. If not, I have mine.

I was able to get it connected to the VPN, though it doesnt have any instructions on getting openvpn loaded, and I am about to send my payment in today. For anyone in the future who gets to this step, youll more than likely need to load openvpn.

rawhide

Coming from 12 years of Network and Infra Security background I am planning to break into Offesnive sides of security and it seems OSCP is a good option. This is a very new arena for me and thats how I think my competence level stands on scale of 0-10

Scripting -0
Linux Admin- 2/3
Web Security OWASP -3/4 ( Theory)
Windows Admin-5/6
Network and Protocols- 8/9

You think I should directly step into OSCP or take some intermeidate steps for learning Linux and Scripting ?
Is there a book you recommend to read before starting PWB Lab ?

Thanks,

lsud00d

Stanley CC does not offer courses in MN

Get a PO box in another state?

MrAgent

rawhide wrote: »

Coming from 12 years of Network and Infra Security background I am planning to break into Offesnive sides of security and it seems OSCP is a good option. This is a very new arena for me and thats how I think my competence level stands on scale of 0-10

Scripting -0
Linux Admin- 2/3
Web Security OWASP -3/4 ( Theory)
Windows Admin-5/6
Network and Protocols- 8/9

You think I should directly step into OSCP or take some intermeidate steps for learning Linux and Scripting ?
Is there a book you recommend to read before starting PWB Lab ?

Thanks,

I haven't started the course yet, so I can't really comment at this time.

lsud00d wrote: »

Get a PO box in another state?

That was random.

MrAgent

I received my welcome email and other information exactly on the hour. I am starting to set everything up now and get started.
This should be a fun by challenging course.

AlexNguyen

rawhide wrote: »

You think I should directly step into OSCP or take some intermeidate steps for learning Linux and Scripting ?
Is there a book you recommend to read before starting PWB Lab ?

I suggest that you take some intermediate steps before trying OSCP.
Take a look at some "cheap" online trainings at SecurityTube, StrategicSec, eLearnSecurity, etc.

I'm reading the book "Advanced Penetration Testing for Highly-Secured Environments" and found it interesting. I'm trying to do all the lab exercises in the book. You need to try to map the BackTrack references in the book with Kali.

rawhide

That makes alot of sense Alex, Thank you

AlexNguyen wrote: »

I suggest that you take some intermediate steps before trying OSCP.
Take a look at some "cheap" online trainings at SecurityTube, StrategicSec, eLearnSecurity, etc.

I'm reading the book "Advanced Penetration Testing for Highly-Secured Environments" and found it interesting. I'm trying to do all the lab exercises in the book. You need to try to map the BackTrack references in the book with Kali.

MrAgent

Ive gone through about 25 of the videos so far. Most of it is stuff I felt that people taking this exam should already have a firm grasp on. I will be going through as many of the videos as I can today and tonight. I am hoping to start working in the labs this week.

Also for those that dont know, I have a private irc server setup.
irc.osswg.com:6667

ramrunner800

MrAgent wrote: »

Most of it is stuff I felt that people taking this exam should already have a firm grasp on.

When the OSCP course materials seem easy, remember:

MrAgent

Im busy at it right now... doing an nmap scan of all of the available hosts... taking . . . F O R E V E R ! ! ! ! !

jamesleecoleman

What scan speed did you use to scan the hosts? I'm just curious.

MrAgent

I just did the following
nmap -A -O -iL /root/results.txt

The results.txt file was from a ping sweep I did of all the responding hosts. I'm wondering if I should have added a -F

lsud00d

MrAgent wrote: »

That was random.

I just noticed this...somehow it cross-posted what I posted in another thread?! Crazy!

NovaHax

MrAgent wrote: »

I just did the following
nmap -A -O -iL /root/results.txt

The results.txt file was from a ping sweep I did of all the responding hosts. I'm wondering if I should have added a -F

If anything, I would go the exact opposite direction. Rather than doing a fast scan, I'd throw in '-p 0-65535'. You might want to run a quick scan on a few to get a few services to play with while you are waiting. But you need to be absolutely thorough in those labs.

ramrunner800

I found that best practice is to scan in blocks. I found different hosts had some interesting effects on scan times, and that when you try to scan large numbers of hosts the scan time will pretty much go to infinity.

MrAgent

I ended up doing the following
nmap -A -O -v -F -il /root/results.txt > nmap_results.txt
This completed in 463.74 seconds. Not too bad of a scan time for 30 hosts (1 reported down).

MSP-IT

You did this for the entire host range?

MrAgent

I did a ping sweep of my range and put the hosts that responded into a text file.
So I had 30 hosts total.

MrAgent

I was able to successfully compromise my first host in the lab. 1 down, 29 to go.

ramrunner800

It's a rush to get the first one! I was really surprised that the rush is the same for every one after that too

MrAgent

Gained access to three machines yesterday. I'd like to pop a couple of more today.
Currently hung up on Master. Says hes going to pay the price for firing his admins...
Ill have to figure this out.

wes allen

Master was the coolest one I have gotten so far, far and away!

MrAgent

Took a break from it due to work... Still not any closer.