DiegoYM OSCP journey

Hi all!! Yet another OSCP journey here. I really enjoyed reading all the other ones (most specially JollyFrog's, thank you!!!) so I decided to write mine.

Well, after many years (since it first came out) reading about this course, I've finally joined OSCP. My lab time will be starting on Saturday 14.
I've already downloaded the Kali image (the one created for the OSCP, which is 32 bit), installed it on Virtualbox instead of Vmware (I hope that will not cause unexpected problems), then tested the vpn following the instructions from Offsec, and everything seems to be working as it should.

I decided to try OSCP about three or four months ago, when my life plan suddenly had a little Kaylee (my soon-to-be daughter's name) on the picture. I then downloaded the syllabus and I've been studying like crazy since then, trying to cover as much of the contents as possible. Our baby girl is coming on August, so I kinda have a deadline... I will most probably need to extend my lab after that, but I'm guessing it will be a little harder to find the much needed free time.

I have a bachelor degree in computer engineering, lots of experience with Linux, bash scripting, python, networking, and web programming and simple web attacks (sql injection and xss), but I think I'm seriously lacking in many areas. Even on linux command line, these months I've found out there's a lot (I mean, like, A LOT) of really useful commands I never used before.

Also never used anything about privilege escalation or buffer overflow exploitation, but I've been learning a lot last months.

For note taking I'll be using Cherrynote, because i've found it's much faster than keepnote, I like that it's fully saved in a single file, and also the only noticeable Keepnote's advantage seem to be the ability to take screenshots, which I will just take myself and keep organized in folders.

I downloaded all remotedly OSCP-related stuff from github I could find, and I've been analyzing many scripts and tools which I hope will be useful. I'm also trying to write my own scripts, because even if there are better ones, I can learn a lot on the process of creating them myself.

I got a few machines from Vulnhub, I tried attacking many of them, and have been soundly unsuccesful at it. Oh, well... I learnt a lot from some walkthrougs, but breaking into at least a single machine would have given me some confidence.

Lastly, I'm starting to sketch a simple methodology. It seems good organizational skills are a very important point for successfully passing the OSCP. I don't plan on attacking any server until I completed all the modules, videos and exercises. And when I start attacking, I will stick to the methodology, while changing (hopefully improving) it as needed.

The basic plan is: (feel free to comment)

- Simple network scan for host discovery
- OS fingerprinting
- Choosing a target
- Full scan all ports, TCP and UDP
- Find open ports version, What's behind each of them?
- Check known vulnerabilities for those
- If port 80 is open: Check in browser
- Get traffic with wireshark, Who is this machine talking to? What's it saying?
- Search for usable exploits
- Use such exploits to get a basic shell
- Privilege escalation
- Loot like crazy

This is just the basics, as every step will need to be detailed with a list of sub-steps. I'm working on it now.

In between each steps, of course, I will sometimes stand up from my computer and run around the house screaming in desperation / panic as needed.

Find more posts tagged with

Comments

deyavi

Just add to your methodology "Try harder"

Good luck.

Sheiko37

DiegoYM wrote: »

I've already downloaded the Kali image (the one created for the OSCP, which is 32 bit), installed it on Virtualbox instead of Vmware (I hope that will not cause unexpected problems)

It did for me. I suggest using one of the VM programs they recommend.

towentum

Congrats. I also start on the 14th. I've done a lot of same as you only in a shorter time frame. I only just found out about the OSCP about a month ago and talked my employer into paying for it.

I've set up Kali, I also got my dropbox connected and that is where I'll be saving all my documentation because I know the limitations of my laptop and I'm afraid it won't last the entire lab time. Luckily I have a backup from work I can use if I have to. It seems your education and background is far above and beyond mine. I've been in IT for 10 years, but I have always worked in Networking, although I have done programming tasks on the side.

We'll hammer this out together!

DiegoYM

Deyavi: Trying harder is the final part of the "run around screaming" step. Thanks for your help yesterday on IRC!!! Me aclaraste muchas cosas

Sheiko37: I followed your thread, and focused more on vulnhub thanks to your recommendations. Did you pass your last exam? The thread ends without saying so. I hope you did.

Towentum: Yay!!! Let's go for it!!!

I will spend the first week, at least, going through the exercises and completing the extra miles. At the moment I'm focused on vulnhub walkthroughs, and taking tons of notes. Did some tutorials on buffer exploitation, too. Somebody knows if buffer exploitation vulnerabilities are common in the lab machines? very common? not too common? It feels like arcane magic, but somehow I am really liking it (buffer expl. I mean).

towentum

I've heard mixed reviews on buffer exploits. I believe the labs have common exploits already so you won't have to write your own, but you may have to modify some code.

I agree though, buffer exploits are fun to do but it has proven hard to wrap my head around. Overthewire.org has a lot of exercises you can work with, most you can find walkthroughs for.

DiegoYM

Well, I spent about a week and a half (lots of hours every day, 2 whole weekends) reading the pdf, watching videos, and doing exercises, while improving my methodology.
Last friday (the day before yesterday) I finished studying port redirection and tunneling, and began doing the exercises, then I decided to spend the weekend playing in the lab and trying my luck at some machines. I won't be needing tunneling until I get to open more networks, and I plan to spend at least two or three weeks not using metasploit, so I just jumped into "assembling the pieces", read the module and watched the videos (whoa, that seems hard) and jumped into the labs.

About 5 hours in, I had a general idea of the labs, which hosts are running which services, which have port 80 open, or port 21, or.... just a general idea. I then start trying my luck, and in about 3 more hours (it was really late at night already) I'm root in Timeclock. Yay!!! I rock!!!! Me be 1337 h4x0r!!!

That was Friday (late) night. I've now spent 15 more hours and got no other shell. Found some interesting vectors, tried lots of things in lots of hosts, but nothing worked.

Well, I learned a lot, got a lot of info, wrote down everything for later use, and realized this is not going to be as easy as it seemed on that perfect moment when I rooted my first machine. Man, what a high that was.

Improved a lot my methodology, then went through all the exercised I've done, and tried doing them on the network. Got lots of info for later, but nothing that gave me a shell, although I tried many things that *should* have worked.

I'm now pretty exhausted. I think I need to watch a movie or something. will keep trying tomorrow. Maybe I will launch a full network scan and let it running the whole night.

I know, I know, I should be using Metasploit. I agree, it would make things easier at first, help me learn on how to exploit vulnerabilities, and let me try by hand later. I just enjoy doing it the hard way at first.

Tiiiiiredddd.....

invictus_123

DiegoYM wrote: »

Well, I spent about a week and a half (lots of hours every day, 2 whole weekends) reading the pdf, watching videos, and doing exercises, while improving my methodology.
Last friday (the day before yesterday) I finished studying port redirection and tunneling, and began doing the exercises, then I decided to spend the weekend playing in the lab and trying my luck at some machines. I won't be needing tunneling until I get to open more networks, and I plan to spend at least two or three weeks not using metasploit, so I just jumped into "assembling the pieces", read the module and watched the videos (whoa, that seems hard) and jumped into the labs.

About 5 hours in, I had a general idea of the labs, which hosts are running which services, which have port 80 open, or port 21, or.... just a general idea. I then start trying my luck, and in about 3 more hours (it was really late at night already) I'm root in Timeclock. Yay!!! I rock!!!! Me be 1337 h4x0r!!!

That was Friday (late) night. I've now spent 15 more hours and got no other shell. Found some interesting vectors, tried lots of things in lots of hosts, but nothing worked.

Well, I learned a lot, got a lot of info, wrote down everything for later use, and realized this is not going to be as easy as it seemed on that perfect moment when I rooted my first machine. Man, what a high that was.

Improved a lot my methodology, then went through all the exercised I've done, and tried doing them on the network. Got lots of info for later, but nothing that gave me a shell, although I tried many things that *should* have worked.

I'm now pretty exhausted. I think I need to watch a movie or something. will keep trying tomorrow. Maybe I will launch a full network scan and let it running the whole night.

I know, I know, I should be using Metasploit. I agree, it would make things easier at first, help me learn on how to exploit vulnerabilities, and let me try by hand later. I just enjoy doing it the hard way at first.

Tiiiiiredddd.....

Hey man just thought I'd impart some of my experience which may help at the start of this course.

The number of hosts can seem quite overwhelming and knowing which ones to go for can be difficult. A tactic I used early on was to head over to the forums, and look for hosts which didnt have many threads about them. My logic being less threads means easier system as less people get stuck on them. This is a good way to pick up the low hanging fruit and gain some confidence.

Good job on timeclock, that one is a slightly harder box (I think, cant really remember)

mongrel

I just started my journey too... and needs study buddies.