OSCP - JollyFrogs' tale

JollyFrogs

Hi Kane,

didn't realize it had a password on it, I usually password protect my files to prevent AV from reading them and deleting them.

The password is "infected". (the file is not infected, it's just my standard password for anything OSCP related which could potentially be picked up (now or in future) as malware, so I don't accidentally copy or use it on production PCs).

kanecain

Thanks!

Muggie

Hi Jolly, congratulations on your pass. Would you happen to have an elegant SMTP VRFY python script that can run across an ip range that you can share?

JollyFrogs

Hi Muggie,

I wrote such a script but if you follow the course, you will be able to write one yourself. You will learn more if you write these scripts yourself and once you have written one, and understand how it works (start small, like this script) you can reuse code for other scripts. If you are totally lost on where to start, check out the patator python script as a start, it's a pretty large script but you can butcher it and tailor to your needs.

Muggie

Thanks for the response. I understand completely what you mean about being able to take more away from it by composing it yourself. I have a hacked together script right now that gets the job done, but unfortunately takes a while as well.

I'll take a look into the Patator script.

Thanks!

gui4life

JollyFrogs,

Great write up. You look to be a natural!

Question 1) Did you have any "root and loot" scripts for Linux? Your windows one looks pretty cool.

Question 2) Your JollyFrogs Mimikatz download isn't working anymore.

Question 3) Do you REALLY have to use the 32bit version of Kali and downgrade to non-pae for exploiting lab machines and OSCP test? What prevents me from using Kali 64?

JoJoCal19

gui4life wrote: »

Question 3) Do you REALLY have to use the 32bit version of Kali and downgrade to non-pae for exploiting lab machines and OSCP test? What prevents me from using Kali 64?

From what I remember from previous threads, there is an issue with buffer flow exploitation exercises in the 64-bit version.

gui4life

If i'm done with that module exercise - I should be okay to use 64bit Kali 2.0?

mokaz

gui4life wrote: »

If i'm done with that module exercise - I should be okay to use 64bit Kali 2.0?

well the thing is that you should expect Buffer Overflow in your exam, that is clearly why Offsec is providing a PWK dedicated Kali VM.. I'd say if you're using an hypervisor just install both so you're safe.. Though i'd follow the OffSec rules..

SweetBabyMosez

Gracias for the thread, JF. Excellent read.

OpenFerret

Really great thread Jolly!

Did you do full UDP scans (ports 0-65535) on every box you could in the lab environment with nmap, and what sort of speeds to you get over the VPN connection?

detroitwillfall

Pm'd you Jollyfrogs! Great thread!

mabraFoo

I don't think there is any need to do anything more than nmap --top-ports for UDP. As a test, try installing nmap on your windows vm so that you can run nmap locally, inside the lab. Some of the linux boxes in the lab already have nmap. As far as I know doing a UDP scan of all ports is always going to take FOREVER.

DavidEthington

Congrats!!

mongrel

Hi Jollyfrogs,

Would you mind if I request for the Jollykatz? Seems like the link to it is not working.

Cheers!

mongrel

Like all of you guys, I finally saved for the OSCP course and I really want to pass it.

ITSpectre

CONGRATS JOLLY!!!! Im going to use this thread when im ready for the OSCP!

Mooseboost

You know, I have not seen Jolly around in some time. I wonder what they moved on to after owning the OSCP?

JollyFrogs

Mooseboost wrote: »

You know, I have not seen Jolly around in some time. I wonder what they moved on to after owning the OSCP?

I'm still around but haven't had much time due to work commitments. I'm doing SLAE now, in preparation of OSCE. I posted a new post today on my progress with SLAE

aderon

This is such a great thread. I'm in the pre-lab prep stage at the moment and have been using this to guide my studies. Thanks for all the useful info!

JoJoCal19

Agreed. I think this thread should be individually sticky'd.

avalon111

This is a terrific thread. Fantastic contributions from Jolly and everyone!

I'm awaiting an exam result for an exam sat in early June and then, if I don't need to re-sit it, I'll be prepping for the OSCP with a view to having a first crack at the online exam next June. Work commitments this year mean I'm not getting any holiday time in 2016, but I'm likely to get some quieter time between Xmas/New Year, so I'll be able to ramp the learning up then.

I'll be seeking to set-up my lab following Jolly's instructions.

I'm pretty confident with the Linux side. I still have my Perl exploit scripts from pen-testing work performed in the past, but I'll likely convert them to Python. Where I know I am weak is on the Windows stuff, so I'm reading-up on that subject right now.

fabiothebest

Great job JollyFrogs. You are truly amazing. I studied a lot too and I hope I'll become OSCP certified as well. I'm currently preparing for ecppt and then after some time I'll try OSCP. Apart from your knowledge and intelligence, what I really liked is your methodology. I can study a lot in short time and I'm very multitasking although I may lose focus quickly, be less organised and more lazy than you. They are some areas I should work on. Indeed sharpening the axe before signing up for the course is a great move. ecppt will give me a good foundation, it's also highly practical and reporting is taken in great consideration as well. After that I plan to do a number of VulnHub machines, especially some of them were recommended because a bit similar to OSCP labs. I read about this in this website I think. I'll also try to make some scripts. ( I already have a couple of them I made in the past). I have a general understanding of networking, but I'm not an expert in this unlike you. I hope it will be enough, as I probably don't have a lot of time to dedicate to this. I already know the theory behind exploit development although I need more practical experience. Then finally I'll sign up for the course.

winona_ryder

This has been a very helpful thread

JollyFrogs

Every once in a while someone emails me, they typically ask if I'm still alive (I am!). After OSCP I've been busy with SLAE and OSCE, and I'm currently studying the SecurityTube Forensics course and the SANS course GXPN, as well as doing research on two (red team) topics.

I saw the jollykatz files timed out on the original upload location, and TE doesn't allow uploading the zip file (probably because it contains .exe files), so I've uploaded them to this permanent location. The jollykatz_xp is compiled slightly differently, so if the other version doesn't work, the XP version might (specifically on Windows XP service pack 0 machines. The zip file has no password, and I've just scanned all 4 files with Avast and all files are still FUD.

https://www.jollyfrogs.com/tools/jollykatz.zip

Please note: jollykatz is just a simple recompilation of the mimikatz tool with the aim to make it FUD. All credit goes to the creator of Mimikatz.

adrenaline19

Jolly, you are good people. Keep fighting the good fight.

Blucodex

Impressive to say the least Jolly.

Dr. Fluxx

Securitytube seems to be a foundation for success with regard to Offensive Security. Definitely will put it apart of my deep study in preparation.

liz4rd

Great thread. I started my 90 days last week. Currently working through the exercises first before attacking the lab.

khaledit2015

good luck did you passed