Anyone on the OSCP journey soon?

melvinfz

What information are you looking for ? make sure you know your linux commands well .

da_vato

@mokaz: thanks for that list, I have read a few of those and never heard of others. I will definitely look into the titles I have not read. I am using your same approach in regards to metasploit, I have not used it once. I don’t see the point if we can’t use it for the exam and I always train as I fight (it’s a soldier thing).

@melvinfz: I was curious if anyone had found sources that help them when they get stuck on an issue. I don’t have a group of local colleagues (in this specific field, my colleagues are all R&D and general IT types) that I can converse with when I have a problem that I can’t get past.

The sources that I had found were heavily geared towards metasploit like “The hackers playbook” for instance. If I am staying away from metasploit, I need to think of another way to accomplish the same task manually and the answer is rarely, if ever, obvious. The forum and IRC channel help from time to time but I am often met with “try harder…” which I am not asking for the specific exploit but rather an inkling or a topic that I can go research.

mokaz

da_vato wrote: »

@mokaz: thanks for that list, I have read a few of those and never heard of others. I will definitely look into the titles I have not read. I am using your same approach in regards to metasploit, I have not used it once. I don’t see the point if we can’t use it for the exam and I always train as I fight (it’s a soldier thing).

Easy bro -- shoot me a PM and we'll get in touch via good'ol smtp.. Also, this is what i've read at offsec about labs metasploit and the exam:

Metasploit usage is encouraged in the labs. Metasploit is a great tool and you should learn all of the features it has to offer. While Metasploit usage is limited in the OSCP certification exam, you don't want to place arbitrary restrictions on yourself during the learning process.

So im using msfcli msfvenom and try metasploit here and there although i force myself in systems manually...

BlackBeret

Keep in mind that msfencode, msfpayload, and other things are allowed during the exam. I agree with the statement that you should use the heck out of it in the lab and see how it all works. One thing I did in the labs was to use msf for an exploit, then rework the exploit manually myself. I learned a ton doing that.

impelse

I just got to my 5 machine, two of them I got access using web application misconfig, I prefer that way that modifying the exploit, LOL.

Now keep trying harder.

ramrunner800

BlackBeret wrote: »

Keep in mind that msfencode, msfpayload, and other things are allowed during the exam. I agree with the statement that you should use the heck out of it in the lab and see how it all works. One thing I did in the labs was to use msf for an exploit, then rework the exploit manually myself. I learned a ton doing that.

I've been using this method as well, and it is paying dividends for me. It kind of provides a demo of how things should work before going back to learn how to do it for real. Also, given how standard Metasploit is, I think knowing how to use it is very important.

mokaz

impelse wrote: »

I just got to my 5 machine

Great, nice to see you moving on !!!!

I've just seen my 8th system falling today.. not the one I've been after the whole night, but one I've had a low priv shell on from before and manged to see how to priv escalate...

So it's not very much pwnage since April 12th although i'm learning everyday pile of things..

impelse

In my case I was moving slowly because I concentrated not to move to the next machine until I hack the one I was working, I lost a lot of time, now I can comeback with more confident that I will able to own them, take me the average 6 to 7 hours per machine )if I take the average with the ones I was not able to hack).

mokaz

impelse wrote: »

In my case I was moving slowly because I concentrated not to move to the next machine until I hack the one I was working

I sure know what you mean; i've had a hard time movin' on to the next host although i really really think it's a good approach, you see things differently once you're back on something you've spend hours...

da_vato

Glad to hear you guys have been making great progress. Unfortunately life has been getting in the way and I have not had any time to mess around in the labs.

I am going to take BlackBeret's advice of using metasploit then manually rework... I think that is some of the best advice I have heard in regards to OSCP.

impelse

da_vato wrote: »

I am going to take BlackBeret's advice of using metasploit then manually rework... I think that is some of the best advice I have heard in regards to OSCP.

I tried to do that two years ago and never worked, you become to used to metasploit that you never go to manually, in this occasion not metasploit only for payloads and I've getting better result, sure in the real life you use all of them

ohm

One additional resource that might be helpful is OWASP Testing Guide https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents

impelse

it is amazing how the web attack vector make it more easier to hack the server, I am attacking my third machine using web attack, I almost got root in this one.

justjen

mokaz wrote: »

These are my array of resources i'm currently using (in bold are my favorites):
Black Hat Python
Conquering The Command Line
Coding for Penetration Testers
Command Line Kung Fu
Counter Hack Reloaded, Second Edition
Ethical Hacking and Penetration Testing Guide
Google Hacking for Penetration Testers
Kali Linux Network Scanning Cookbook
Linux Pocket Guide, 2nd Edition
Mastering Kali Linux for Advanced Penetration Testing
Metasploit Penetration Testers Guide
Netcat Starter
Ninja Hacking - Unconventional Penetration Testing
Python Penetration Testing Essentials
Python for Secret Agents
Python Programming for Hackers and Pentesters
Penetration Testing with the Bash shell
Penetration Testing - A Hands-On Introduction to Hacking
Professional Penetration Testing - Creating and Learning in a Hacking Lab
The Linux Command line - A Complete Introduction

Although after reading a lot, i understood that hacking is not really something a book can/will teach you, i mean for me the enumeration is not a problem but i tend to have issues at seeing clearly and rapidly enough "how" will I break in this system or "how" will I escalate privileges correctly and efficiently.

I think I've understood that books will give me a quick answer to this or that but the attack angle should be my own jiu jitsu, which can only come after failing for the 100 times hence the Try Harder i guess..

RTFM is really good as well and super handy to have on your desk everyday really...

On your last question, I've read somewhere that PWK/OSCP rely uniquely on exploit-db exploits. Which i think makes sense. So i guess that a correctly targeted searchsploit on your updated db should bring the goods to surface i'd say.

Last, i've made a statement not to touch metasploit (i mean as an automated point and shoot weapon) in the labs so i might move slowly but i'm moving manually hehe..

Cheers,
m.

Some of these are already in my personal library; others on the list I will looking for, based on your recommendations. Books are no substitute for hands-on, but they definitely are useful as a reference and to broaden the horizon and one's view of what's already known to be possible.

Thanks much!
~justjen

mokaz

So after a bit more then a month in the labs here are my numbers:

10 systems pwned
2 limited shells
1 secret network accessible

Some times its really frustrating i've got to say.. and i'm having a lot of pain of letting things go; i mean movin' on and coming back at one system later -- but every time i do so the next system falls within minutes..

Another thing i'm lacking a bit is a close (physically) friend doing the same path / PWK-OSCP / if you can do so i think it's far more interactive and you'll find yourself less in dead ends so to say..

I'll keep you posted.. all in all i really enjoy this journey very mucho !!

cheers,
m.

impelse

My case is:

7 Systems pwned.
No secret network yet.

griffondg

I am just over 2 weeks in and am about 75% through the videos, guide and exercises. Have learned tons so far and hope to start cracking lab machines this weekend.

robantonucci

Anyone taking the live class (PWK) at BlackHat in August?

griffondg

robantonucci wrote: »

Anyone taking the live class (PWK) at BlackHat in August?

I wish. My goal is to get the OSCP on my own this year and then put in for training for one of the advanced classes at Blackhat next year.

Eric

wd40

mokaz wrote: »

These are my array of resources i'm currently using (in bold are my favorites):

Black Hat Python
Conquering The Command Line
Coding for Penetration Testers
Command Line Kung Fu
Counter Hack Reloaded, Second Edition
Ethical Hacking and Penetration Testing Guide
Google Hacking for Penetration Testers
Kali Linux Network Scanning Cookbook
Linux Pocket Guide, 2nd Edition
Mastering Kali Linux for Advanced Penetration Testing
Metasploit Penetration Testers Guide
Netcat Starter
Ninja Hacking - Unconventional Penetration Testing
Python Penetration Testing Essentials
Python for Secret Agents
Python Programming for Hackers and Pentesters
Penetration Testing with the Bash shell
Penetration Testing - A Hands-On Introduction to Hacking
Professional Penetration Testing - Creating and Learning in a Hacking Lab
The Linux Command line - A Complete Introduction

Many Books form the list are from PACKT publishing, any one have a subscription with them? I think 12.99$ per month is a good value ..

https://www.packtpub.com/books/subscription/packtlib

mokaz

wd40 wrote: »

Many Books form the list are from PACKT publishing, any one have a subscription with them? I think 12.99$ per month is a good value ..

https://www.packtpub.com/books/subscription/packtlib

Yes i've thought about doing this although where i live the prices double from the advertised price so i felt a bit awkward about it.. Although for the advertised price and if this is really your end billed price it has a decent value plus there's 1 free book download a month... For the advertised price i'd do it.

robantonucci

Does anyone know how deep we need to go with the buffer overflow/reverse engineering portion of the training? I have limited python experience and I'm currently reading "Assembly Language Step by Step Programming with Linux". Should I have IA-32 down pretty good before starting the class?

MrAgent

If you can do the activities in listed in the training guide, you will be fine. I paid a lot of attention to that section to make sure I could do it should I encounter it in the lab or exam. I practiced it for a couple of weeks until I was able to understand everything that was being done and why. It proved to be a good move on my part.

mokaz

Hi all,

Just an update, I've been on vacations for 3 weeks and I've got back on track and got 2 more systems.
So I've got 12 systems owned now.

While on vacation i've crawled the videos in whole.

I'd love to move faster but hey well, there is no race at this / indeed id just really want to clear OSCP before autumn this year if possible...

cheers,
m.

MrAgent

Some progress is better than no progress. Keep it up!

Blade3D

Finally after completing OSWP over 2 months ago I am starting my journey July 4th. This is great as I'll have a couple of days off before and after the 4th. I can relax and then dive straight into it. Anyone else starting on this date?

cjbischoff

I just started last week Saturday 06/21 - just started on the lab - unfortunately I started to with Bob.

griffondg

I am about 2 months in and not as far along as I'd hoped due to work/vacation/family but I'm still plugging away and should be able to dedicate a lot of time over the next month. I'm prepared to extend if I have to but would love to give the exam a shot at the beginning of August. Frustrating but totally worth it!
Eric

cjbischoff

I anyone wants to partner-up and share some notes/direction - Im game.? Not looking to give or be given the answers, but the overly vague points or try harder isn't really working for from a learning experience. I generally learn from "tearing apart" the end result - most days just "banging my keyboard"

Blade3D

Got my packet with everything yesterday and started reading the PDF. Ready to start hitting this hard.