Started OSCP 4/9/2016

invictus_123

JasminLandry wrote: »

Day 16 is done and I now have 16 rooted and 1 low privileged shell on Mail. Things are going well but I have a feeling that's not going to last too long as the hosts are probably going to get harder now.

Things definitely pick up around the 20 host mark, but as long as you have good notes so that you can go back to previously exploited systems and look for connections to other hosts you should be fine. There was a particular web server when I did my OSCP that landed me like 5 or 6 other systems once I'd exploited it (the lab has changed since I did it)

kaizen_404

invictus_123 wrote: »

Things definitely pick up around the 20 host mark, but as long as you have good notes so that you can go back to previously exploited systems and look for connections to other hosts you should be fine. There was a particular web server when I did my OSCP that landed me like 5 or 6 other systems once I'd exploited it (the lab has changed since I did it)

Invictus has a good point. Having good documentation will help identifying the connection. This blog post was probably the most helpful resource outside of the manual Offensive Security's PWB and OSCP - My Experience - Security SiftSecurity Sift He has some good ideas for organizing documentation, not to mention a great nifty tool.

JasminLandry

Thanks Kaizen_404, I'll definitely take a look at that blog post. In the mean time, I rooted Kevin earlier today and I currently have a low privileged shell on Pain.. Privilege escalation is starting to get PAINful!

towentum

I haven't started my OSCP journey yet, but I have started practicing my documentation. I've started taking notes on every vulnerable VM I practice on. I find it helps with the learning process, and helping me re-exploit the box if I have to.

What I do is after I've exploited the box, captured the flag, what have you, I'll go back through the process in a final report on a new page. I maintain my raw notes as well for reference. When I'm going back through the box I clean up my screenshots and copy/pates from terminal.

JasminLandry

3 weeks have gone by now. I'm currently at 18 hosts rooted with 2 low privilege shells on Pain and FC4. I haven't had much time over the weekend to work on this so hopefully the upcoming week will be better.

JasminLandry

So day 25 is complete. I'm currently sitting at 23 hosts rooted plus 1 low privileged shell on Pain which I'll go at later on. My goal for the end of the week is to have the rest of the directly exploitable hosts in the public network rooted.

JasminLandry

The first month is now over, so 2 more months to go. I'm currently sitting at 24 hosts rooted and 2 more low priv shells. I have identified my weaknesses so I'll be concentrating on those for the coming weeks so that I can be fully prepared for the exam. I started pivoting into the IT network this past weekend, my first time doing so. I found it a bit confusing but once you run the commands and practice, it makes more sense so I'd say I'm getting better at it. I'm planning or hoping to get 15-20 hosts in the next month so I can hit the 40 mark. Once I hit that mark, I'll start thinking at scheduling my exam so that if I fail I'll still have some lab time left to practice and then re-schedule it. But I really hope I won't need a second attempt

osc

hi Jasmin, I'm at a similar stage to you except I attempted the exam after the first month. Message me if you'd like to be study buddies, we can motivate each other and save time.

JasminLandry

@osc I sent you a pm. It'll be better if we chat on IRC!

I'm now at 27 hosts rooted and 1 low privilege shell on Bethany which I'm really close to getting root. I was able to root Pain today. I guess last time I tried I forgot one option while compiling the exploit so after re-compiling it today I got root on my first attempt. And in my opinion, this host doesn't belong in the "top 3". For me, it was easier than Gh0st and maybe even a few others as well. I'm starting to run low on targets in the public network so I'm slowly starting to get into the 2 Dev and IT networks. I have to work on client side exploits though as this is definitely one my weaknesses as I've never really done this before.

kaizen_404

JasminLandry wrote: »

@osc I sent you a pm. It'll be better if we chat on IRC!

I'm now at 27 hosts rooted and 1 low privilege shell on Bethany which I'm really close to getting root. I was able to root Pain today. I guess last time I tried I forgot one option while compiling the exploit so after re-compiling it today I got root on my first attempt. And in my opinion, this host doesn't belong in the "top 3". For me, it was easier than Gh0st and maybe even a few others as well. I'm starting to run low on targets in the public network so I'm slowly starting to get into the 2 Dev and IT networks. I have to work on client side exploits though as this is definitely one my weaknesses as I've never really done this before.

I agree with you on Pain. It was pretty straight forward. Did you root Bethany yet? Make sure you have good notes on this one.

JasminLandry

I agree with you on Pain. It was pretty straight forward. Did you root Bethany yet? Make sure you have good notes on this one.

Yes I did root Bethany, over the weekend I believe. I'm now starting to work on client side exploits. I was able to root Pedro on Monday and currently working on an XSS exploit. I messed up my Beef config and it's not working so I'm trying to do things manually now. I'm seeing the client requesting the file from my server but that's about it for now. I haven't been able to get a shell yet. I am now at 30 rooted and 1 low privilege shell on Gamma.

invictus_123

JasminLandry wrote: »

Yes I did root Bethany, over the weekend I believe. I'm now starting to work on client side exploits. I was able to root Pedro on Monday and currently working on an XSS exploit. I messed up my Beef config and it's not working so I'm trying to do things manually now. I'm seeing the client requesting the file from my server but that's about it for now. I haven't been able to get a shell yet. I am now at 30 rooted and 1 low privilege shell on Gamma.

Im sure youre aware of this, but it is very important to know the browser version of the client for the client side exploits. So either figure out how beef gets this information and do it manually, or try and fix beef. good luck

JasminLandry

Im sure youre aware of this, but it is very important to know the browser version of the client for the client side exploits. So either figure out how beef gets this information and do it manually, or try and fix beef. good luck

Yes I did get the browser version. I think I'll just try to fix BeEF, it's a useful tool not just for the course and exam.

JasminLandry

So I was able to fix Beef, but I don't think I'll even need to use it, well at least for this one host I was working on.

JasminLandry

I've made some progress this past week. I'm now sitting at 37 hosts rooted including my first few in the IT network. I still don't have anything in the Dev network though and I haven't even found the key to the Admin network yet so hopefully I can get this soon. I have scheduled my first exam attempt (and hopefully my last) for June 9th. I still have to finish up the exercises and work on the lab report so I can relax a bit after that 24 hour rush.

My goal was to root every single hosts and seeing that I still have 40 days left out of my 90 days, I do believe I still have some time to achieve it. And yes, even if I do pass the exam, I still want to root everything

NotHackingYou

Great progress! I'm running much slower, only rooting a few hosts by now. Press on!

Slyth

JasminLandry wrote: »

I've made some progress this past week. I'm now sitting at 37 hosts rooted including my first few in the IT network. I still don't have anything in the Dev network though and I haven't even found the key to the Admin network yet so hopefully I can get this soon. I have scheduled my first exam attempt (and hopefully my last) for June 9th. I still have to finish up the exercises and work on the lab report so I can relax a bit after that 24 hour rush.

My goal was to root every single hosts and seeing that I still have 40 days left out of my 90 days, I do believe I still have some time to achieve it. And yes, even if I do pass the exam, I still want to root everything

Very nice progress man!!!!!!!!

JasminLandry

CarlSaiyed wrote: »

Great progress! I'm running much slower, only rooting a few hosts by now. Press on!

Doesn't matter what how fast you go as long as you do things correctly. I have been spending an average of a good 4-5 hours per day minimum though, also trying not to stay up too late

JasminLandry

Just rooted Master and Slave, which were pretty easy, no exploits needed. Just gathered information and hints throughout the network. Once I got in, I was able to get all user credentials from the domain, well just the few that were left that I didn't have! I'll now be trying to escalate my privileges on Nina tonight. If I do get her, I'll be at 40 fully rooted hosts... exactly 1 week away from my exam date.

mongrel

Good Luck on the Exam dude!

JasminLandry

Thanks mongrel! 3 hours left until exam starts. I'll update tomorrow once I'm done, hoping it'll be a positive post. So I'm attempting the exam with 43 machines rooted, hopefully I've seen and learned enough to pass the exam!

deyavi

Good luck!

Slyth

JasminLandry wrote: »

Thanks mongrel! 3 hours left until exam starts. I'll update tomorrow once I'm done, hoping it'll be a positive post. So I'm attempting the exam with 43 machines rooted, hopefully I've seen and learned enough to pass the exam!

Good luck man let me know how it goes! My lab time expires tomorrow. Im excited to see your results!

kaizen_404

Good luck! I've been following your progress and I'm eager to see how you did.

JoJoCal19

I hope it went well!

JasminLandry

I currently have a total of 55 points (which is 3 machines rooted) and I have a low privilege shell on another so I'm hoping that would be an extra 10 points for a total of 65. I will submit my exam & lab/exercises reports so hopefully that'll add up another 10 points for a total of 75 points and a pass (fingers crossed).

I still have 2 hours left, I'll try to go root the one I have a low shell on so that I can breathe a bit better over the weekend and not be too stressed about the result.

Break over, back to business!

Edit: I just rooted my fourth one, so that gives me a total of 75 points! I think I'll still send my lab report just in case
I even learned a new privilege escalation technique on that last one, thank you Offsec for making me try harder until the very last second. Well still 40 minutes left but I think I'll just call it a day and start my exam report.

griffondg

Congrats!

Slyth

Congratz man! Hope i do as well as you on the 25th!

9emin1

Congrats man!

JasminLandry

It's official, I got the email confirmation this morning. I can now say that I'm an OSCP Too bad I'm at work, I can't do a celebration dance!

Time to update my LinkedIn profile.