YOLOing OSCP

hi all!
starting my 90 days journey in a few days time...

about me:
less than a year experience in infosec industry.
passionate and enthusiastic.

although it seems way out of my league, I figured I'll be able to learn a lot even if I failed.
I've been reading and learning a lot from here so now, its my turn to give back

I'll be updating my progress, thoughts, opinion as I progress through, as often as I possibly can, and hopefully it'll be helpful.

Cheers!

week 4
one month flew by so quickly! I'm quite delighted to be able to meet my own expectations. -> 15 host first month.
however, things seems to be getting harder and slower. no more easy priv esc exploit that works out of the box.
its tough not knowing what you are suppose to do.., even if the answer is right in-front of you.
sure there are many examples and references that helps,
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
But if no point if you have no idea how to carry on from all the outputs.. how to make use of it.., etc.
I'll continue to try harder and hopefully will be able to hit 30 host by the end of second month!
current progress: 17 system/root access, 3 low privilege.

the most useful prep work I've done so far before taking this up was to read through all the vulnhub's vm walkthrough.
if you have the time to actually do the vm it will be much beneficial.
https://www.vulnhub.com/series/kioptrix,8/

week 3
kinda busy with some personal stuff this week.. hmm.
-> done with 5 machines documentation
-> 2 system/root, 1 low-privilege shell.
currently melting my brain to escalate.
current progress: 12 system/root access, 1 low privilege.

week 2
trying to read up on everything that I don't understand (Which is a lot!). I am really glad that I took this path because I've learned so much in this 2 weeks! Being able to apply immediately on the lab machines helps so much as well..The "low-hanging" machines are almost clearing. Need to start on my documentation soon.
current progress: 10 system/root access. (9 if you don't count duplicates)

week 1
Managed to get through the videos till the buffer overflow topic. looking good and fun
I realized that it's possible my previously owned boxes might not be fully exploited by me, as I did not revert it prior attacking it. I will have to re-do them to ensure that it is my work.
it has been 1 week and I'm officially struggling my ass. REALLY REALLY huge knowledge gaps. need to read up on a wide range of topics.. looking bad.
current progress, 4 with metasploit, 1 manual.

Find more posts tagged with

Comments

NetworkNewb

Best of luck! I'm thinking of attempting this later in the year. I don't really have any pentesting experience and was planning on reading:

http://www.amazon.com/gp/aw/d/1593275641/ref=mp_s_a_1_sc_1?qid=1459985767&sr=8-1-spell&pi=AC_SX236_SY340_QL65&keywords=pentestimg

and maybe the metasploit book from the same company before dropping like a grand on that lab time.

McNinja

If you haven't already, read through the entirety of JollyFrog's thread. That is about the amount of work you'll need to put into it in order to pass with a high score on the exam.

http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html

Good luck!

9emin1

I don't have any pentesting experience as well but this will be a great learning journey I guess! I did read up a lot the past few months though. We all have to start somewhere I guess!

UnixGuy

LOL @ YOLOing..I'll steal that

Good atittude you have! YOLO-it, and go ALL IN. Noting to lose, it's all winning

JoJoCal19

Good luck on your endeavor. I'll be following your progress here.

MrAgent

Good luck to you! Be sure to update often.

9emin1

Thanks for all the well wishes! Trying to organize all the useful resources/commands into individual categories now.(Recon, Scanning, Exploit, Enumeration, Maintaining Access)

Robicus

I love the attitude! That's awesome. It's definitely a fun course.

P.S. -- I can only imagine that the people who would be asking for the PWK PDF would be those who haven't signed up for the course. I don't think I'd advise giving the paid course material to just anyone.

JasminLandry

Good luck to you 9emin1 on this journey! I'm also starting my 90 days this weekend. I can't wait to start

9emin1

Robicus wrote: »

I love the attitude! That's awesome. It's definitely a fun course.

P.S. -- I can only imagine that the people who would be asking for the PWK PDF would be those who haven't signed up for the course. I don't think I'd advise giving the paid course material to just anyone.

Yeah I thought about it as well. I think I'll share it with anyone who actually paid and registered for the course, but awaiting for the actual commencement date.

9emin1

JasminLandry wrote: »

Good luck to you 9emin1 on this journey! I'm also starting my 90 days this weekend. I can't wait to start

Good luck to you too! 2 more days

Surrealalucard

I'm also starting my 90days tomorrow, and also yoloing it. Only experience I have is passing elearns EJpt course. Best of luck to all starting their journey!

9emin1

small update for day 1 edited on my opening post

anyone on the irc channel? I'm OS-21071 there:)

NotHackingYou

@nothackingyou is irc handle

RichAsskikr

I start the course in 2 wks (*sigh*). Cant wait to get stuck in!!

I'm also in IRC, as OS-21436

9emin1

RichAsskikr wrote: »

I start the course in 2 wks (*sigh*). Cant wait to get stuck in!!

I'm also in IRC, as OS-21436

looking at ur certs im sure this would be a breeze...

JasminLandry

@9emin1, did you hit the labs or not yet?

RichAsskikr

9emin1 wrote: »

looking at ur certs im sure this would be a breeze...

Well, ignoring the "ahem" CEHv8, I'm hoping my past experience will stand me in good stead! Lol.

But yeah, cant wait!

9emin1

JasminLandry wrote: »

@9emin1, did you hit the labs or not yet?

yeah I jumped into the labs on my first day and got stuck. So now I'm going through the videos and doing the exercises.
How are you doing?

JasminLandry

9emin1 wrote: »

yeah I jumped into the labs on my first day and got stuck. So now I'm going through the videos and doing the exercises.
How are you doing?

I spent like 6-7 hours yesterday enumerating.. and I'm not even done. I decided to take a shot at Alice while I still had scans running and it was a pretty easy one. I'll try to get another one tonight.

Surrealalucard

IRC handle is Surrealalucard. Haven't started the labs yet as I want to do the workbook first then go through labs.

Matx91

good luck ^_^ ,, can you help me here http://www.techexams.net/forums/security-certifications/118876-registration-oscp.html ?

9emin1

updated on week 2 progress in the main opening post!

9emin1

update on week 3 progress! apparently my goal of 15 machines in the first month is looking bad.

JasminLandry

9emin1 wrote: »

update on week 3 progress! apparently my goal of 15 machines in the first month is looking bad.

You're only 3 hosts away from your goal and you still have 7 days, keep going at it and you'll achieve your goal!

Surrealalucard

Glad to see you're doing so good. I started the same time as you and only have 2 rooted and 1 low priv shell. Only having 2-4 hours when I get to work on them doesn't help much. Keep up the awesome work!

9emin1

JasminLandry wrote: »

You're only 3 hosts away from your goal and you still have 7 days, keep going at it and you'll achieve your goal!

let's hope for a smooth trip for May.

9emin1

Surrealalucard wrote: »

Glad to see you're doing so good. I started the same time as you and only have 2 rooted and 1 low priv shell. Only having 2-4 hours when I get to work on them doesn't help much. Keep up the awesome work!

things will pick up dude keep it going. having the luxury of time to commit is very important tho.
we can help out each other on IRC

9emin1

first month gone!

9emin1

week 5

52 days of lab access left...
Finally able to came up with a nice format for my lab machines report..! By doing documentation for 10 machines I will most likely secure 5 points for the exam. (Impossible to get 0/100 now

)
I will probably finish up all 10 machines documentation by this weekend.

I wanted to complete all the PDF lab exercises as well (Another additional 5 points!), but there are a few exercises which I got seriously stuck and didn't want to waste any more time. Gonna pass on this.

Things are getting awfully slow. Bursting my brain trying to grasp the concept of ssh local/remote/dynamic port-forwarding/tunneling.
Have yet to compromise any client-side based targets

current progress: 24 system/root access, 2 low privilege.

Something useful to keep in mind! -> Whenever you compromise a machine, create a text file and copy paste output from netstat and arp. When you need to exploit targets that have dependencies, you can easily grep "<IP_ADDRESS>" * in your main folder which you keep all your findings, to see which machines are taking to which ones

For example, your main folder is /Lab and it has information for machines a,b,c, and d. (/Lab/a, /Lab/b, /Lab,c)
Now you want to target machine e, which has a dependency on the previously exploited machines a,b,c or d.
By issuing: grep "10.1.1.e" * in /Lab, it will show you which machine, /a, /b, /c, or /d has a connection(netstat/arp) with e.