OSCP (starting 13/12/2015)
Comments
-
GOGONUT2K Member Posts: 12 ■□□□□□□□□□Hi Sheiko,
Congrats on the pass.
How many hours did you dedicated for OSCP ? -
Ritual Member Posts: 66 ■■□□□□□□□□Congratulations Sheiko.
My OSCP journey is still a couple of years away. Im starting the eJPT and eCPPT within the next few months. OSCP being my long term goal.
Much respect, wish I was in your shoes.2016 goals - eJPT, MCSA Windows 10, something Linux -
n0cturn Member Posts: 5 ■□□□□□□□□□Hi @Sheiko37, your story is doubtless inspiring. Could you have a look at my background as I have mentioned in this post ->
http://www.techexams.net/forums/security-certifications/121407-ios-dev-want-do-oscp-tried-kioptrix-shock-please-guide-thanks.html
and advise me in this regard? Thanks. -
RIP_Leroi Member Posts: 16 ■□□□□□□□□□Congrats on your pass! This was a good read. @adrenaline19 How did you do on your exam?
-
unkn0wnsh3ll Member Posts: 68 ■■□□□□□□□□Hi Sheiko37,
Well useful information, I did felt some parts of course material are exhaustive where it is not required to focus too much. It was like with hints and rest we need to research and find out. I believe that's how they have designed for interested people to take the challenge. I did had the same on going thru the material and over a period kept it aside and started to focus research and understand a lot. I have taken two attempts and failed in both. I have taken a break and starting to work again on it. I'm not going to rush, but with steady pace. One good thing is you spent 6 months, I started this course Last july and ON & Off trying my best . Lets see, eventuall I will WIN
Cheers -
tuxster Registered Users Posts: 4 ■□□□□□□□□□Hello all,
I hope I'm reviving too old a thread? I've lurked on these forums for some time now, during the course of my earning certifications this past year.
Sheiko37, congrats and thank you for your posts! I feel like your first post after your first exam attempt. For a lack of better terms, I got my butt handed to me in my first attempt with the OSCP exam yesterday. I only got the dev exploit done, and stumbled and failed to make ANY inroads into any of the boxes - including going ape crap with MSF on one box - which I thought would be "easy" - in hindsight I'm fairly certain I went down one of offsec's infamous rabbit holes of - look here I'm an easy win - when it was really was not....
Do not get me wrong, I had no intention, or dreamed of getting it done the first try - I aimed for two rooted boxes and couldn't even achieve that. I followed much of this threads', as well as many reviews about exam prep - scheduling, distraction free, breaks, pre-compiled exploits, scripts for scanning, file transfers etc all done. My problem is enumeration and knowledge. I also have my lab report done and all the course exercises. And prepped as much as possible my exam report - based off the template offsec provides.
Today I licked my wounds for the most part. Hoping to pick myself up again and get back into the labs tomorrow. I'm very concerned whether I can complete the exam successfully.
Are there any good resources anyone can recommend on SMB and UDP (SNMP, specifically) knowledge, and SQLi? I've googled and then some. Trust me, if anyone that has done or doing the OSCP knows google is your best friend. I've also used the oscp forums a lot to get my the machines down. My count is awfully low for five months, currently at 22 rooted machines, and the IT network unlocked.. (full-time job, part-time job, and young family kind of gets in the way of solid time dedication at times)
The one resource I've avoided like the plague is the offsec IRC. (rude responses right off the bat, not even the classic typical "try harder"). I've kept my posts on the oscp forums to a minimum as well as contacting the offsec staff to a minimum. I understand this is a learning experience and challenge. I'm having trouble "what" to google for as well the "right" material to google for.
Any advice/thoughts/tips is super appreciated. Thank you. In the mean time, vulnhub and more lab time is my immediate solution. -
BlackBeret Member Posts: 683 ■■■■■□□□□□For SMB I found the Mad Irish site to be useful (Mad Irish :: Hacking Windows shares from Linux with Samba). For the SNMP and SQLi portions of the exam I found the course material to be the best resource. If you haven't already done so, go through EVERY exercise in material. There's a lot for SQLi in the lab against your Windows machine. As for going down the rabbit hole, I noticed on a lot of the reviews people finished with 90 points. That might tell you something. The best advice I was given was to set a timer on my phone for 3 hours and to not work on a single task (local access and priv escalation are separate tasks) for more then that before rotating to a new machine/task. This keeps you from getting tunnel vision or following a rabbit hole. As an example, I had 3 boxes in the first 3.5 hours. Within another two hours I had a verified list of accounts on another box along with which services they could access. I spent another 15 hours rotating between that box and the one that I had made no progress on. I finally figured out what I needed to do to get access to the other box, got my local and priv escalation in 10 minutes of each other. I was never able to get the box that I had a list of accounts for. I used the timer to keep from getting tunnel vision and it paid off.
-
tuxster Registered Users Posts: 4 ■□□□□□□□□□Awesome. Thanks for the advice.
I actually finished all the exercises in the first month. It took me a solid 2-3 weeks to take my time through it. Unfortunately I did forget some of it since it has been some time since I completed it. I will definitely review the course material - of which I reviewed the SQL material many times to try and get a better grasp on it..
I'm still a little wary of me being able to finish it, but for now I will continue on and see how it goes.
Thanks again! -
Rapt0r Member Posts: 11 ■□□□□□□□□□A suggestion to those who are yet to appear for the exams or are going to start soon. Please make the lab and exercise report in the first month itself. Don't keep it for last. I got my pass email today and was on 65 points so definitely these reports helped. By the time my exam finished I was badly exhausted and barely had any energy to make the exam report, I just couldn't sleep thinking am on 65 points and hanging by the thread.
Also another tip would be to try and root as many machines as possible, I managed to root all the lab machines so had several different scenarios which helped me in the exam.
I rooted 3 machines and 1 low priv in the first 12 hours and made no progress in the remaining 12. The low priv machine -priv enumeration was so exhausting that I had nightmares where I was still checking that machine for any weakness. I switched off after the 12 hour mark so ensure you sleep for at least 3-4 hours post that. -
Rapt0r Member Posts: 11 ■□□□□□□□□□Hey tuxster, we have been at this stage too. I guess you are stressing way too much. Considering the certs displaying against your name you shouldn't be stressing out this much. The exam is definitely tough if you go with fear in your mind. I'd suggest you to try and do as many machines as possible. Take help of forums, anyone or anything who could give a proper nudge. Always try simpler stuff first then increment your attack vector and the payload. Also for SQL why not just take help of fuzzers, use burpsuite and fuzz the vulnerable part. From my experience the attacks are not that difficult or complex. You just need to add several bits together, you'll understand as you progress through the labs. Exam/Labs are easy if you give them time and especially if you don't fear it.
Also sorry to hear that you had a bad experience on IRC, I used to be frequent over there and helped out few people with nudges who helped me out too and that way made some great friends. -
tuxster Registered Users Posts: 4 ■□□□□□□□□□Thanks for the advice! I've been reading a few things lately. I just seem so "stuck" with my current 22 machines. I went back to re-root several, and will re-root all of them. I have number files from previous boxes, but the information does not "click" to me what I should do with it.
I will hop back in the IRC channel very soon. Will post here in a bit, when I make some actual progress.
I've also downloaded the vulnhub VM's that Sheiko found/recommends for the OSCP. -
VoyagerOne Registered Users Posts: 3 ■□□□□□□□□□This is actually one of best treads so far which i found very useful to tackle OSCP. I just started my journey towards OSCP and my lab starts on April 1st. Finally, thanks for all the people who share their valuable thoughts on their towards OSCP, and i hope i will share my experiences in near future.
-
Mefistogr Member Posts: 18 ■■■□□□□□□□I very usefull thread, indeed. I begin my OSCP journey at the 23rd of April so every info on it is more than welcomed!!!!! Thanks
-
TreySong Member Posts: 65 ■■■□□□□□□□VoyagerOne wrote: »This is actually one of best treads so far which i found very useful to tackle OSCP. I just started my journey towards OSCP and my lab starts on April 1st. Finally, thanks for all the people who share their valuable thoughts on their towards OSCP, and i hope i will share my experiences in near future.
-
Deadlykeyboards Registered Users Posts: 1 ■□□□□□□□□□Well sh!+, I wasn't nervous until this thread. Now I haz the fear.
I start on the 28th. -
Dr. Fluxx Member Posts: 98 ■■□□□□□□□□Deadlykeyboards wrote: »Well sh!+, I wasn't nervous until this thread. Now I haz the fear.
I start on the 28th.
By all means, keep us posted! -
Hornswoggler Member Posts: 63 ■■□□□□□□□□Congrats Sheiko37! Well deserved!!!nf0s3cure wrote: »Well, good post. I think with your experience I will try to get a SANS 560 or similar and then try. Not sure if anyone can make a recommendation if 560 will help at all?
I took 560 earlier this year and I started PWK about two months ago. 560/GPEN helped a TON!! It explained things a whole lot better so I was ready to pick up the more practical tips in the PWK course material. I'm still green for web app hacking and coding, but gaining more experience in the PWK lab.
560 - great for methodology, history, the business side (scope docs, reports), went deeper into powershell, wmic, command line scripting. Excellent course, I recommend taking one where Ed is teaching.
PWK - excellent lab for practicing those skills. The course material has some great practical examples but is in no way deep enough to properly grasp the subject. I have yet to take the OSCP exam so take all this with a grain of salt.2018: Linux+, eWPT/GWAPT -
lsimon305 Member Posts: 8 ■□□□□□□□□□It is worth using and practicing with Metasploit for the labs and VulnHub? I ask because the rules for the OSCP exam state that you can only use Metasploit for one machine so I’m thinking it’s not worth it, unless I’m wrong?
-
ddoc99 Registered Users Posts: 1 ■□□□□□□□□□I'm really glad I stumbled across this forum. I sat the OSCP for the first time last weekend and got my ego and my *ss handed back to me on a silver plate. I was over-confident and under prepared. It seems a lot of people here have the same experience. Still, if it were easy everyone would be certified OSCP - that's why I value this certification (or will, when I actually get it), you have to sweat for it.
I have read everyone's advice here and will make good use of it when I eventually pull myself together and man up enough to rearrange a resit date. Possibly over the Christmas holiday. I hope then to be able to come back here and say I passed. In the meantime it's back to the VMs in Kali and lots of practice.
Thanks for the advice guys and well done to everyone who has passed. Hats off too you all. For everyone else, good luck. -
dominic511 Registered Users Posts: 1 ■□□□□□□□□□Many people on this forum who took the OSCP said that out of the 5 questions on this exam there is one question which BO (25 points) and to tackle this question first when sitting for the exam.
My question is for Buffer Overflows are we expected to write new code or modify existing code and how many lines of code (in general) are we talking about here in the exam ?
My biggest weakness is writing code or having the creativity to write code hence I am a windows sysadmin for 15 years not a programmer and I am **** scared that after spending couple of months preparing for this cert I cannot get this cert because I don't know to write code or modify code.....and get this 25 points.
Can someone please clarify this for me who have already passed the exam what am I getting myself into ?
Waiting for your replies to PLEASE guide me..... -
RavenHawk Registered Users Posts: 1 ■□□□□□□□□□dominic511 wrote: »Many people on this forum who took the OSCP said that out of the 5 questions on this exam there is one question which BO (25 points) and to tackle this question first when sitting for the exam.
My question is for Buffer Overflows are we expected to write new code or modify existing code and how many lines of code (in general) are we talking about here in the exam ?
My biggest weakness is writing code or having the creativity to write code hence I am a windows sysadmin for 15 years not a programmer and I am **** scared that after spending couple of months preparing for this cert I cannot get this cert because I don't know to write code or modify code.....and get this 25 points.
Can someone please clarify this for me who have already passed the exam what am I getting myself into ?
Waiting for your replies to PLEASE guide me.....
So I know this is a super old thread, but after reading several of the posts it seems a lot of the posters are in my boat as well when it comes to the OSCP.
Anyhow to answer your questions in regards to the buffer overflow on the OSCP
1) You modify the code they give you (they do the fuzzing portion of a buffer overflow and have you go from there)
2) Lines of code in any program is irrelevant to the complexity of that code. I cant tell you without giving away what to do for the buffer overflow. But I can tell you you don't need to know programming to do the work, you need to understand memory and how programs are called within memory.
Without understand what a buffer overflow is, why they occur, how can they leverage gaining you access, and finally how to fuzz a buffer overflow (yes I know I said you don't need to do any fuzzing, but if you don't understand how they arrived at the code they give you, you'll be lost).
I've taken the OSCP 3 times and came within 25 points of passing on my 2nd attempt, frustration got to me on my last 2 boxes for priv escalation and I cracked.
For my 1st attempt I got 0 points, I couldn't even get the buffer overflow to work. I took all the issues I had and studied, I spent hours watching buffer overflow videos, reading websites on them, among other areas I needed help with. So on my 2nd attempt I was WAY more prepared and confident and managed to get that box rooted within 5 hours (would have been less if I wasn't stubborn). On my 3rd attempt I got that box in roughly 2 or 3 hours (I took my time to get all the screenshots I needed).
None of the boxes require you to be great or even good at coding, you do need to understand what the code is doing and why it's doing it. If you can do this then you're good.
Anyway I have my 4th attempt set for Sept 23rd, I've been brushing up on web apps and enumeration (these 2 are my weakest areas). Hopefully I can add OSCP to my certs.