Starting OSCP on 3/26

partyboiipartyboii Member Posts: 8 ■□□□□□□□□□
Hi guys,

Just passed my CISA and decided that OSCP is my next challenge.

I graduated nearly 2.5 years ago and got a job in IT auditing right out of school. Fortunately, I've learned a lot and have had the opportunity to try my hand at pen testing on a few audits, which is where I want to eventually end up. I figure the OSCP is a good way to take the skills to the next level while opening up my opportunities for the future.

I've read various reviews of the course on this site and others and intend to draw upon the experience of others to help me through the content and the certification. I purchased 60 days of lab access, with the intention to extend my lab time if needed.

As far as my current knowledge goes, I've been into IT and computers for years, have a degree in CIS, and have been in IT audit for 2.5 years. I have moderate knowledge/experience with Kali and many of its tools, and as I said above I have utilized it on a few pen testing engagements. I'd say my knowledge of Windows is advanced. My weak points are going to be scripting (bash/python/ruby/etc.) and exploit development. I plan to take the next month to work through the course syllabus and hone my skills in these areas as from what I've read, they are essential for the course/cert.

I will keep you guys updated on developments.

Comments

  • SlythSlyth Member Posts: 58 ■■■□□□□□□□
    Glad to hear your starting soon! I start on 3/12!
  • core22core22 Member Posts: 27 ■□□□□□□□□□
    Nice! I start mine this weekend on March 5th.
    CISSP | GPEN | GWAPT | GCIH | CEH | CHFI | Security+
    BS - InfoSec, Drexel University - Summa Cum Laude
  • jmfdjmfd Member Posts: 30 ■□□□□□□□□□
    I also start on March 5th. I am super pumped!
    WGU B.S.I.T. - Information Security | Completed January 2016
  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    Whaddup boii...are you still tackling the cert?
  • partyboiipartyboii Member Posts: 8 ■□□□□□□□□□
    Yes sir, been working through the syllabus educating myself on the content to get a head start before I get all the materials and lab access. March 26th can't come fast enough!
  • partyboiipartyboii Member Posts: 8 ■□□□□□□□□□
    Hey there, so got my lab materials last night (7pm) and wanted to provide an update. Read through some of the high level introductory documentation and downloaded/set up my Kali Vmware image.

    I connected to the labs, ran a host discovery / detailed scan with Nmap while I watched a few of the videos and read through the course materials.

    I reviewed my results to find machines running specific Operating System(s) that were vulnerable to some exploits that I'm already familiar with (not sure how much detail I should go into here). Note: As others on the forum have pointed out, it's important to revert each machine before attempting to exploit it, as I wasn't able to successfully exploit a couple of boxes until I reverted the machines. My assumption is the exploit is only good for one shell and it can't be shelled again until a revert. So I was able to pop 2 boxes with Metasploit, **** hashes, create admin accounts, grab the proof.txt files and browse through the machine with Remote Desktop for a bit to look for interesting files.

    Side note: I can already see where there are multiple ways into servers, and plan to attempt to break in using more than one method if I can, in an effort to hone my skills.

    When I woke up it occurred to me (from reading the exam requirements) that use of Metasploit is limited, so I decided I wanted to take down those same hosts from last night without using metasploit. I hopped on over to exploit-db, found a python exploit that someone had written for the same vulnerability, and was able to pop one of the boxes using it. The other might need to be reverted as I can't get it to work, but I only have one revert left so I'm gonna wait on using it.

    So far I'm having a blast in the labs and I haven't even had access for 24 hours. I'm going to have to be diligent about working through the materials/videos as I tend to enjoy messing around with the lab machines quite a bit.

    Number of hosts rooted so far: 2.
  • RichAsskikrRichAsskikr Member Posts: 51 ■■■□□□□□□□
    Hi there. Planning on booking my OSCP this week. I've been reading up for months and absolutely cannot wait to get started!! icon_biggrin.gif

    Anyways, the main reason I'm posting...I think you have put alittle too much info on there, buddy.

    I have now deduced from your post (although I may be wrong), that the two boxes (that you name at the bottom) are running XP/2000.
    Both (named!) boxes are vulnerable to a common exploit found in Metasploit, with at least one vulnerable to a python exploit, found on exploit-db.

    Just my advice... but I would either remove some detail, or the names of the boxes.
  • partyboiipartyboii Member Posts: 8 ■□□□□□□□□□
    Hi Rich,

    Good call, I removed some of the detail.

    Cheers.
  • partyboiipartyboii Member Posts: 8 ■□□□□□□□□□
    Hey guys, thought I'd post another update.

    So initially I got a little carried away with the labs before going through the material (cause its a blast). As I started hitting brick walls in my progress with exploiting machines, it became apparent I should probably go through the material/videos. There are a couple of machines I've encountered that require privilege escalation and as I haven't gotten that far in the material yet, I've found myself flailing and doing internet research to escalate privs (thanks fuzzysecurity). So I've tried to be a little more diligent in working through the materials while documenting the exercises and watching videos. If some glaring vulnerability shows up, I'll to get lost for a couple hours attacking a machine, then get back to working through the materials.

    The material is really great and quite helpful. The enumeration sections have been super helpful in mapping out the network and documenting different systems, and I've also been getting a lot more out of nmap functionality that I have never previously used. I've done my fair share of vulnerability scans and its super interesting to look at how much data is being transmitted based on the different types of scans. This idea of being accountable for your traffic and knowing the intricacies of what each tool is doing, is really helpful and puts me at ease knowing I'm not blindly firing different tools at the network.

    I'm just now getting to buffer overflows in the material so I expect quite a few machines to fall as I learn more about modifying exploits to suit my needs.

    Number of hosts compromised: 4+2 limited shells
Sign In or Register to comment.