YOLOing OSCP
Comments
-
BlackBeret Member Posts: 683 ■■■■■□□□□□I don't know which exercises you skipped, but do NOT skip the buffer overflow and exploit sections. Pay particular attention to finding bad characters.
-
9emin1 Member Posts: 46 ■■■□□□□□□□BlackBeret wrote: »I don't know which exercises you skipped, but do NOT skip the buffer overflow and exploit sections. Pay particular attention to finding bad characters.
I did complete the buffer overflow sections, but not the fixing exploits part.
I figured it'll most likely come up in the exams uh, haha.
I'll revisit and redo on them when nearing the date for my exams
Thanks for the heads up! -
9emin1 Member Posts: 46 ■■■□□□□□□□week 6
scheduled my first exam attempt.
managed to complete my lab report write-up of 10 machines.
at this point, pretty much no point to count the hosts progress. -
9emin1 Member Posts: 46 ■■■□□□□□□□week 7
Formatted nicely my lab report, ready to export it out to PDF format
managed to compromise my first client-side target! Yay?
Next few days will be trying to re-exploit hosts that I used metasploit on, and revisiting the buffer overflow exercises. -
9emin1 Member Posts: 46 ■■■□□□□□□□week The End!
I'm not entirely sure if anybody is following my progress thread. This will probably be my last update on this thread!
So, I've failed my first OSCP Exam attempt on 07/06. I'll be rescheduling it in first/second week of July.
I was really close though, way ahead of time. All I needed was privilege escalation, and I have around 15 hours to do that
I'm doing Vulnhub for practices now, as I feel that my left over machines in the Lab environment will not really help anymore.
I'll be doing a detailed write-up of my OSCP 3 months journey after my second exam attempt.
I'll probably get Humble and Sufferance before my lab ends. If not I'll be extending my lab time, regardless of passing or failing my next exam.
For those who are interested or curious to know, you can have a read on my WordPress
https://9emin1.github.io/progress/work/2016/04/08/oscp-journey.html -
JoJoCal19 Mod Posts: 2,835 ModHey 9emin1, I've been following your progress thread. Sorry to hear the exam didn't work out. Can you do a short write up of how the exam attempt went?Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
9emin1 Member Posts: 46 ■■■□□□□□□□Hey 9emin1, I've been following your progress thread. Sorry to hear the exam didn't work out. Can you do a short write up of how the exam attempt went?
Sure!
So I started off my exam on 07/06, at exactly 1.a.m. (Yeah I'm nocturnal lol)
I tackled the machine with a specific objective first. I managed to get the exploit code working in about 1 hour 30 minutes. And I bagged myself a nice 25 points. While developing my exploit code, I ran various enumeration scans on the other 4 targets.
After that, I went through the results of my scans and played around with all the 4 machines for awhile, trying to spot out some straight-forward vulnerabilities. Around 3 hours++ later, I got myself a low privilege shell on a 20 points target!
I spent the next few hours trying to get a local privilege exploitation to work, and at about 5:30am (4hours++ in so far) I root'ed it.
45 points so far.
I then continued to re-visit my enumeration notes, and tried various ways to get more information out of my targets. I made sure that if I was to re-enumerate my targets, I would revert them first.
I took a few 10 - 15 minutes break in between as well.
At around 8am I managed to get a low-privilege shell with Metasploit on a 25 points target. I was extremely satisfied with my progress, since all I had to do was to escalate myself to root, and I'll be at 70 points.
I then spent the next 12 - 15 hours, trying all possible local privilege exploitation, going through the results of my linuxprivchecker.py, line by line, sentence by sentence. I guess I'm still not good enough to spot the flaw in the system. I started to do the "trial and error" style, Googling every single service that was ran by root, since I was way ahead of time. (Had like 15 hours to for privilege escalation)
This is the moment when I realized that the only way to improve myself is to understand all Linux distros, what are their default settings like? What are their default services? I believe this is the way that you can effectively spot out "unusual" settings, or services that are on your target.
I spent my remaining hours getting out as much information as I possibly could.
1. To try and find the missing piece.
2. To reflect on them after the exams.
I did find a vulnerability service on the 10 point target, but could not get the exploit working.
As for the other 20 point target, I did not manage to even locate the possible attack vector.
I ended my exams with 2 system fully root'ed, and 1 system with low privileged access.
I did my report as well, even knowing that I'm gonna fail. I feel that it is a great way to reflect on my methodology and process. -
JoJoCal19 Mod Posts: 2,835 ModSeems like you were so close to passing. What's your game plan for prep for attacking it again?Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
9emin1 Member Posts: 46 ■■■□□□□□□□Seems like you were so close to passing. What's your game plan for prep for attacking it again?
I'm tackling most of the latest Vulnhub's VM., and reading up on privilege escalation stuff.
I'm also researching up on ways to improve my enumeration game.
Taking a week break off work/OSCP stuff as well. -
NotHackingYou Member Posts: 1,460 ■■■■■■■■□□Thanks for sharing your experience, keep up the good work!When you go the extra mile, there's no traffic.
-
9emin1 Member Posts: 46 ■■■□□□□□□□Hi guys!
I took my second attempt on 30th June and its official now, I am a OSCP!
Will be updating everything on my wordpress posted above!
Cheers!
[edit] I also managed to get Pain, Sufferance and Humble so I guess I wont be extending my lab time.
/thread -
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass!!!! I'll check out your blog. I'd love to know what you felt made the difference and allowed you to cover the gap and pass. I'm looking at this for January.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
9emin1 Member Posts: 46 ■■■□□□□□□□Congrats on the pass!!!! I'll check out your blog. I'd love to know what you felt made the difference and allowed you to cover the gap and pass. I'm looking at this for January.
To be honest there wasn't any gap. All I needed was to open my eyes and see... I pretty much had the answer on my first attempt as well, just didn't really understand how the exploit worked. And another one, I had it as well on my first attempt... just didn't open my eyes big enough to see it.
My apologies if it was too brief. It was really the simple stuff that I've missed out...
(I only had 1 repeated machine which I did not manage to even locate the attack vector on my first attempt) -
bluesquirrel Member Posts: 43 ■■□□□□□□□□Hi 9emin1,
I have signed up & paid for the PWK course and am planning to start it in October, because for the next 4-5 weeks I should be busy with a volunteer project in an area with no internet connection. Would you be so kind to share with me the PWK PDF material? I would use the PWK PFD guide to prepare myself for the course during the volunteer project.
Many thanks in advance for your help!
Cheers,
Bluesquirrel -
bluesquirrel Member Posts: 43 ■■□□□□□□□□and of course ... a lot of congratulations for becoming OSCP certified! I am reviewing all the links and information in your posts ... so many things to study ... I am sure the hard work will be worth though! Looking forward to start the course!
-
deyavi Member Posts: 23 ■□□□□□□□□□You will receive the material once your course starts. Don't expect anyone to send you the PWK pdf...
-
bluesquirrel Member Posts: 43 ■■□□□□□□□□Hi deyavi,
I would just following up on what 9emin1 said (please check post #11).
Thanks. -
deyavi Member Posts: 23 ■□□□□□□□□□The pdf and videos have a watermark with the student details. Just for that reason I doubt anyone would share them.
It is not allowed to share/distribute the PWK course materials. -
jjones2016 Member Posts: 33 ■■■□□□□□□□To be honest there wasn't any gap. All I needed was to open my eyes and see... I pretty much had the answer on my first attempt as well, just didn't really understand how the exploit worked. And another one, I had it as well on my first attempt... just didn't open my eyes big enough to see it.
My apologies if it was too brief. It was really the simple stuff that I've missed out...
(I only had 1 repeated machine which I did not manage to even locate the attack vector on my first attempt)
Congratulations! your grind was AMAZING!