Started OSCP 4/9/2016

2

Comments

  • invictus_123invictus_123 Member Posts: 56 ■■□□□□□□□□
    Day 16 is done and I now have 16 rooted and 1 low privileged shell on Mail. Things are going well but I have a feeling that's not going to last too long as the hosts are probably going to get harder now.

    Things definitely pick up around the 20 host mark, but as long as you have good notes so that you can go back to previously exploited systems and look for connections to other hosts you should be fine. There was a particular web server when I did my OSCP that landed me like 5 or 6 other systems once I'd exploited it (the lab has changed since I did it)
  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    Things definitely pick up around the 20 host mark, but as long as you have good notes so that you can go back to previously exploited systems and look for connections to other hosts you should be fine. There was a particular web server when I did my OSCP that landed me like 5 or 6 other systems once I'd exploited it (the lab has changed since I did it)

    Invictus has a good point. Having good documentation will help identifying the connection. This blog post was probably the most helpful resource outside of the manual Offensive Security's PWB and OSCP - My Experience - Security SiftSecurity Sift He has some good ideas for organizing documentation, not to mention a great nifty tool.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    Thanks Kaizen_404, I'll definitely take a look at that blog post. In the mean time, I rooted Kevin earlier today and I currently have a low privileged shell on Pain.. Privilege escalation is starting to get PAINful!
  • towentumtowentum Member Posts: 41 ■■□□□□□□□□
    I haven't started my OSCP journey yet, but I have started practicing my documentation. I've started taking notes on every vulnerable VM I practice on. I find it helps with the learning process, and helping me re-exploit the box if I have to.

    What I do is after I've exploited the box, captured the flag, what have you, I'll go back through the process in a final report on a new page. I maintain my raw notes as well for reference. When I'm going back through the box I clean up my screenshots and copy/pates from terminal.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    3 weeks have gone by now. I'm currently at 18 hosts rooted with 2 low privilege shells on Pain and FC4. I haven't had much time over the weekend to work on this so hopefully the upcoming week will be better.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    So day 25 is complete. I'm currently sitting at 23 hosts rooted plus 1 low privileged shell on Pain which I'll go at later on. My goal for the end of the week is to have the rest of the directly exploitable hosts in the public network rooted.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    The first month is now over, so 2 more months to go. I'm currently sitting at 24 hosts rooted and 2 more low priv shells. I have identified my weaknesses so I'll be concentrating on those for the coming weeks so that I can be fully prepared for the exam. I started pivoting into the IT network this past weekend, my first time doing so. I found it a bit confusing but once you run the commands and practice, it makes more sense so I'd say I'm getting better at it. I'm planning or hoping to get 15-20 hosts in the next month so I can hit the 40 mark. Once I hit that mark, I'll start thinking at scheduling my exam so that if I fail I'll still have some lab time left to practice and then re-schedule it. But I really hope I won't need a second attempt :)
  • oscosc Member Posts: 5 ■□□□□□□□□□
    hi Jasmin, I'm at a similar stage to you except I attempted the exam after the first month. Message me if you'd like to be study buddies, we can motivate each other and save time.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    @osc I sent you a pm. It'll be better if we chat on IRC!

    I'm now at 27 hosts rooted and 1 low privilege shell on Bethany which I'm really close to getting root. I was able to root Pain today. I guess last time I tried I forgot one option while compiling the exploit so after re-compiling it today I got root on my first attempt. And in my opinion, this host doesn't belong in the "top 3". For me, it was easier than Gh0st and maybe even a few others as well. I'm starting to run low on targets in the public network so I'm slowly starting to get into the 2 Dev and IT networks. I have to work on client side exploits though as this is definitely one my weaknesses as I've never really done this before.
  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    @osc I sent you a pm. It'll be better if we chat on IRC!

    I'm now at 27 hosts rooted and 1 low privilege shell on Bethany which I'm really close to getting root. I was able to root Pain today. I guess last time I tried I forgot one option while compiling the exploit so after re-compiling it today I got root on my first attempt. And in my opinion, this host doesn't belong in the "top 3". For me, it was easier than Gh0st and maybe even a few others as well. I'm starting to run low on targets in the public network so I'm slowly starting to get into the 2 Dev and IT networks. I have to work on client side exploits though as this is definitely one my weaknesses as I've never really done this before.

    I agree with you on Pain. It was pretty straight forward. Did you root Bethany yet? Make sure you have good notes on this one.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    I agree with you on Pain. It was pretty straight forward. Did you root Bethany yet? Make sure you have good notes on this one.

    Yes I did root Bethany, over the weekend I believe. I'm now starting to work on client side exploits. I was able to root Pedro on Monday and currently working on an XSS exploit. I messed up my Beef config and it's not working so I'm trying to do things manually now. I'm seeing the client requesting the file from my server but that's about it for now. I haven't been able to get a shell yet. I am now at 30 rooted and 1 low privilege shell on Gamma.
  • invictus_123invictus_123 Member Posts: 56 ■■□□□□□□□□
    Yes I did root Bethany, over the weekend I believe. I'm now starting to work on client side exploits. I was able to root Pedro on Monday and currently working on an XSS exploit. I messed up my Beef config and it's not working so I'm trying to do things manually now. I'm seeing the client requesting the file from my server but that's about it for now. I haven't been able to get a shell yet. I am now at 30 rooted and 1 low privilege shell on Gamma.

    Im sure youre aware of this, but it is very important to know the browser version of the client for the client side exploits. So either figure out how beef gets this information and do it manually, or try and fix beef. good luck
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    Im sure youre aware of this, but it is very important to know the browser version of the client for the client side exploits. So either figure out how beef gets this information and do it manually, or try and fix beef. good luck

    Yes I did get the browser version. I think I'll just try to fix BeEF, it's a useful tool not just for the course and exam.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    So I was able to fix Beef, but I don't think I'll even need to use it, well at least for this one host I was working on.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    I've made some progress this past week. I'm now sitting at 37 hosts rooted including my first few in the IT network. I still don't have anything in the Dev network though and I haven't even found the key to the Admin network yet so hopefully I can get this soon. I have scheduled my first exam attempt (and hopefully my last) for June 9th. I still have to finish up the exercises and work on the lab report so I can relax a bit after that 24 hour rush.

    My goal was to root every single hosts and seeing that I still have 40 days left out of my 90 days, I do believe I still have some time to achieve it. And yes, even if I do pass the exam, I still want to root everything :)
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Great progress! I'm running much slower, only rooting a few hosts by now. Press on!
    When you go the extra mile, there's no traffic.
  • SlythSlyth Member Posts: 58 ■■■□□□□□□□
    I've made some progress this past week. I'm now sitting at 37 hosts rooted including my first few in the IT network. I still don't have anything in the Dev network though and I haven't even found the key to the Admin network yet so hopefully I can get this soon. I have scheduled my first exam attempt (and hopefully my last) for June 9th. I still have to finish up the exercises and work on the lab report so I can relax a bit after that 24 hour rush.

    My goal was to root every single hosts and seeing that I still have 40 days left out of my 90 days, I do believe I still have some time to achieve it. And yes, even if I do pass the exam, I still want to root everything :)


    Very nice progress man!!!!!!!!
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    CarlSaiyed wrote: »
    Great progress! I'm running much slower, only rooting a few hosts by now. Press on!

    Doesn't matter what how fast you go as long as you do things correctly. I have been spending an average of a good 4-5 hours per day minimum though, also trying not to stay up too late :)
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    Just rooted Master and Slave, which were pretty easy, no exploits needed. Just gathered information and hints throughout the network. Once I got in, I was able to get all user credentials from the domain, well just the few that were left that I didn't have! I'll now be trying to escalate my privileges on Nina tonight. If I do get her, I'll be at 40 fully rooted hosts... exactly 1 week away from my exam date.
  • mongrelmongrel Member Posts: 7 ■□□□□□□□□□
    Good Luck on the Exam dude!
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    Thanks mongrel! 3 hours left until exam starts. I'll update tomorrow once I'm done, hoping it'll be a positive post. So I'm attempting the exam with 43 machines rooted, hopefully I've seen and learned enough to pass the exam!
  • deyavideyavi Member Posts: 23 ■□□□□□□□□□
  • SlythSlyth Member Posts: 58 ■■■□□□□□□□
    Thanks mongrel! 3 hours left until exam starts. I'll update tomorrow once I'm done, hoping it'll be a positive post. So I'm attempting the exam with 43 machines rooted, hopefully I've seen and learned enough to pass the exam!


    Good luck man let me know how it goes! My lab time expires tomorrow. Im excited to see your results!
  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    Good luck! I've been following your progress and I'm eager to see how you did.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    I hope it went well!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    I currently have a total of 55 points (which is 3 machines rooted) and I have a low privilege shell on another so I'm hoping that would be an extra 10 points for a total of 65. I will submit my exam & lab/exercises reports so hopefully that'll add up another 10 points for a total of 75 points and a pass (fingers crossed).

    I still have 2 hours left, I'll try to go root the one I have a low shell on so that I can breathe a bit better over the weekend and not be too stressed about the result.

    Break over, back to business!

    Edit: I just rooted my fourth one, so that gives me a total of 75 points! I think I'll still send my lab report just in case :)
    I even learned a new privilege escalation technique on that last one, thank you Offsec for making me try harder until the very last second. Well still 40 minutes left but I think I'll just call it a day and start my exam report.
  • griffondggriffondg Member Posts: 39 ■■□□□□□□□□
  • SlythSlyth Member Posts: 58 ■■■□□□□□□□
    Congratz man! Hope i do as well as you on the 25th!
  • 9emin19emin1 Member Posts: 46 ■■■□□□□□□□
    Congrats man!
    CREST CCT APP, CRT, CPSA.
    Offensive Security OSCE, OSCP, OSWP
    SANS GCIH
    https://9emin1.github.io/
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    It's official, I got the email confirmation this morning. I can now say that I'm an OSCP icon_cheers.gif Too bad I'm at work, I can't do a celebration dance!

    Time to update my LinkedIn profile.
Sign In or Register to comment.