Started OSCP 4/9/2016

After reading a lot of OSCP threads these past few months, I've decided to start my own. These threads have really helped me a lot so I hope maybe one day this one will help others too. So I got my email on Saturday evening, downloaded everything I had to and went to bed to start fresh on Sunday morning. I spent most of the day just enumerating, and it was a bit long so I thought I'd give a shot at Alice. Turns out, it was really an easy one so it wasn't that a big challenge for me. That was it for me for the day, so day 1, 1 host down. I After work on Monday I decided to take a shot at Oracle since I was already a bit familiar with the services running on it. I got root on it after about half an hour. I then started enumerating Mike, and fortunately or unfortunately, I got admin credentials by just running a scan. I found another way to get in, but just can't seem to get it to work, even though I'm pretty sure the way I'm trying is the right way. So I guess we can say I got root access to it since I was able to get the proof.txt file but I'll go back at it a second time eventually to have a second way in. After this I decided to take on Bob. I was able to get a low privileged shell with Metasploit yesterday evening but I want to try to avoid using it. I can confirm that I just got a shell to it without Metasploit so it's pretty nice although it seems to be a bit clunky. Now, I'm trying to escalate privileges on it.

«13

Comments

  • SlythSlyth Member Posts: 58 ■■■□□□□□□□
    Welcome to the club man! Bob is a fun one! You will hear it a lot of you can never do enough enumeration if you get stuck. There will always be something missed. Looking forward to seeing this thread grow!
  • JasminLandryJasminLandry Member Posts: 601
    Slyth wrote: »
    Welcome to the club man! Bob is a fun one! You will hear it a lot of you can never do enough enumeration if you get stuck. There will always be something missed. Looking forward to seeing this thread grow!

    I finally got it tonight, I actually did do enough enumeration, it's the commands that I was running that weren't right. Feels awesome though to see NT AUTHORITY\SYSTEM icon_cheers.gif. So after 5 days, I've got Alice, Oracle, Mike, Bob, Bob2.

  • JasminLandryJasminLandry Member Posts: 601
    After having an unsuccessful long battle with Tophat, I decided to take a break with it and give a shot at Kraken. Turns out it was a good decision since I was able to root it in a short amount of time. That's all for tonight, hopefully I'll be able to get a couple over the weekend.

  • 9emin19emin1 Member https://9emin1.github.io/Member Posts: 46 ■■■□□□□□□□
    great progress!
    CREST CCT APP, CRT, CPSA.
    Offensive Security OSCE, OSCP, OSWP
    SANS GCIH
    https://9emin1.github.io/
  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    The PWK course was so much fun. The OSCP challenge, well... you'll see. In hind sight I would do it all over again. My advice though is to go through the course manual and the videos in order. Do video, then manual, video, manual, etc. Document everything to the point where it's repeatable. Document the course exercises and document every box you pop in the lab. Good luck!
  • JasminLandryJasminLandry Member Posts: 601
    9emin1 wrote: »
    great progress!

    My progress has slowed down over the weekend as I've been stuck on Gh0st for the past 2 days. I spoke to an admin and he told me I'm on the right track and close to the solution to get a shell, just need to keep poking around.

  • scottlinscottlin Banned Posts: 10 ■□□□□□□□□□
    Is there much call for this cert? I think its a good one because they make you actually do a pen test to get it.
  • 9emin19emin1 Member https://9emin1.github.io/Member Posts: 46 ■■■□□□□□□□
    My progress has slowed down over the weekend as I've been stuck on Gh0st for the past 2 days. I spoke to an admin and he told me I'm on the right track and close to the solution to get a shell, just need to keep poking around.

    It's good to know that you're on the right track at least. I'm struggling to understand how and why things work. Good luck! Keep updating on your progress!icon_thumright.gif
    CREST CCT APP, CRT, CPSA.
    Offensive Security OSCE, OSCP, OSWP
    SANS GCIH
    https://9emin1.github.io/
  • SlythSlyth Member Posts: 58 ■■■□□□□□□□
    Welcome to the club man! After each host you root you learn what to look at/new attack vectors/what not to skip and what not to do in the future. You will notice them start to drop quickly then back to slow again. OffSec really makes you work for root/SYSTEM tho. But its all in good fun. Good luck on the course!
  • JasminLandryJasminLandry Member Posts: 601
    I didn't have much time to continue on it today but I am so close to getting a shell on Gh0st. But for some reason, it's just not working, I'm expecting output but I receive absolutely nothing. I'm sure it's something simple and easy that I'm missing.

  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Did you skip over the training material or are you bouncing between the lab and the training material?
    When you go the extra mile, there's no traffic.
  • JasminLandryJasminLandry Member Posts: 601
    CarlSaiyed wrote: »
    Did you skip over the training material or are you bouncing between the lab and the training material?

    I read the PDF, watched a couple of videos, but I noticed it was as if he was reading the book so I stopped watching them. But I do go back to the book once in a while.

  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Thanks! I am reading the PDF and working through the exercises but haven't tried attacking anything yet. I'm making notes and scripts as I go through the PDF.
    When you go the extra mile, there's no traffic.
  • JasminLandryJasminLandry Member Posts: 601
    I've been doing that as well, it really helps. I am using OneNote for my notes so it saves automatically on OneDrive and it syncs on my phone so I can review them on my way to work. For me that was the best solution.

  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    This reminds me of a game, how many "bosses" are there? Sounds like fun, I will start this when I have the time and money.
    I am a Jack of all trades, Master of None
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    @Jasimin I use OneNote as well, love it. I intend to create a section called Lab Machines and create a page for each lab machine.
    When you go the extra mile, there's no traffic.
  • JasminLandryJasminLandry Member Posts: 601
    CarlSaiyed wrote: »
    @Jasimin I use OneNote as well, love it. I intend to create a section called Lab Machines and create a page for each lab machine.

    We really think alike, that's exactly what I did :) except mine is called Lab Servers! I have a section for lab details, with a subpage for links that I have found useful, another page for processes that I follow (ie start with this tool, then do this....). Then I have another section regarding the PDF and videos and exercices and then the last section for all machines. Each machine page also has subpages for info I found. One for Enumeration, Post Exploitation, Exploits, proof.txt & network-secret.txt, etc. I find it really easier to manage it this way.

  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Love the idea of sub pages for each machine on enumeration, exploit, post-exploit, proof / network-secret! This seems to be an organizational test in addition to a technical test!
    When you go the extra mile, there's no traffic.
  • JasminLandryJasminLandry Member Posts: 601
    So for the past few days I've been able to root 2 more and I've been able to get a shell on Gh0st. I also did find the correct exploit for it but just can't seem to get it working. After about 12 hours of total work on it, I decided to move on to other servers for now and get back to it later.

  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    CarlSaiyed wrote: »
    Love the idea of sub pages for each machine on enumeration, exploit, post-exploit, proof / network-secret! This seems to be an organizational test in addition to a technical test!

    Carl, yes it very much is. If you keep good notes and records during the lab, you will find it is much easier come time to write the report.
  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    So for the past few days I've been able to root 2 more and I've been able to get a shell on Gh0st. I also did find the correct exploit for it but just can't seem to get it working. After about 12 hours of total work on it, I decided to move on to other servers for now and get back to it later.

    Gh0st was a fun one. Congrats on getting a shell.
  • JasminLandryJasminLandry Member Posts: 601
    Gh0st was a fun one. Congrats on getting a shell.

    Thanks, still haven't been able to escalate my privileges though. I tried again over the weekend but no success. So after 2 weeks, I'm at 10 hosts rooted, 1 low priv shell and I also have the IT network unlocked. I'm also really close at getting 2 more. Hopefully I'll be able to get them tonight.

  • JasminLandryJasminLandry Member Posts: 601
    I was able to root 2 more hosts tonight. So here are the ones I have until now after 15 days:

    Alice, Oracle, Bob, Bob2, Mike, Kraken, Phoenix, Tophat, Barry, Payday, Ralph, Dotty and a shell on Gh0st.

    Of all these 13 hosts, I've only used Metasploit twice so it's pretty nice to see that I don't necessarily need to rely on it.

  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    Is metasploit not allowed in the final exam?
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,820 Mod
    joneno wrote: »
    Is metasploit not allowed in the final exam?
    Not really. It's only allowed in a very limited manner.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    Thanks Jojo. I was actually learning some msfuuing using the security tube videos - I have to change plans now.
  • JasminLandryJasminLandry Member Posts: 601
    I've been on a roll these past 2 days. During the last 6.5 hours I've been on this (including yesterday evening), I rooted 5 hosts and finally escalated my privileges on Gh0st. I'm mad at myself at this one though, the answer to my problem was right in front of me all long... in the exploit comments. I didn't bother reading everything. Oh well, lesson learned.

  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    joneno wrote: »
    Is metasploit not allowed in the final exam?

    You can use Metasploit on one host, like a Metasploit lifeline. It's generally a good idea to be able to root all the boxes manually. Learning Metasploit is also valuable but not in the context of the exam.
  • JasminLandryJasminLandry Member Posts: 601
    Day 16 is done and I now have 16 rooted and 1 low privileged shell on Mail. Things are going well but I have a feeling that's not going to last too long as the hosts are probably going to get harder now.

  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    I've been on a roll these past 2 days. During the last 6.5 hours I've been on this (including yesterday evening), I rooted 5 hosts and finally escalated my privileges on Gh0st. I'm mad at myself at this one though, the answer to my problem was right in front of me all long... in the exploit comments. I didn't bother reading everything. Oh well, lesson learned.

    Congrats on rooting Gh0st!
Sign In or Register to comment.