Another OSCP Tale

I first saw OSCP certification on Techexams about a year ago, it seemed a very interesting journey, a very difficult one indeed. I have read many threads since, and techexams had the best ones especially threads from JollyFrogs and MrAgent. I have never created a thread on progress with certification, but let this be the first one.
My background is just Network Engineering. I have done some windows and linux administration, but not for very long. I have no scripting or any extensive security knowledge. The main reason this certification is interesting is "try harder" keyword. It would be better if there were more courses similar to this one outside of security field. Anyway if I am able to pass this certification I believe that anyone can do it too. I do not expect it to be easy or even possible, but I would like to try it out. I will devote about 2-3 hours a day after work and 12-15 hours on weekends.
I have started it yesterday. I had a very hard time with I guess two of the easiest boxes. I skimmed through the course materials, but wanted to at least tackle one or two hosts as many people said were "super easy". Spent nearly entire day trying to exploit one very common vulnerability with no success. I then tried to use Metasploit, even though I did not want to. Replicated the same vulnerability locally, did it hundred times, but no luck on the Lab box. After some prolonged period of time I figured it out, it was a very clever twist by offsec. I was both mad and delighted that I was able to figure it out. In meanwhile I also struggled with another "easy" box. I thought there was no way to figure it out. I had no luck escalating for hours, nothing that I could find worked, but then one of executables that I found randomly gave me output that pointed me in the right direction. Within couple minutes I got the shell. Best feeling ever. Those two easy boxes were honestly super hard.
I would really recommend reading the course materials as they do have some hints that you could use to find things within the lab. I found another host while reading the pdf and got the shell within 5 minutes. That is an easy host not ones that nearly everyone says it is easy. Overall the lesson learned is: Nothing is easy, everything is relative. What may be extremely hard to someone else may be very easy to me and vice versa.
I will keep updating this thread if people seem interested in the progress, it is mainly my way to reflect on what I have done and that I am still trying harder. I do not want to provide any specific hints as the sole purpose of this course is to do it yourself, not as every other certification where most things are handed to you. I also want to prove that if I am able to pass it then everyone is, especially that I struggled immediately with the course makes it even more realistic.
I hope this has been informative for you, and I would like to thank you for reading.
Total hosts down: 4
My background is just Network Engineering. I have done some windows and linux administration, but not for very long. I have no scripting or any extensive security knowledge. The main reason this certification is interesting is "try harder" keyword. It would be better if there were more courses similar to this one outside of security field. Anyway if I am able to pass this certification I believe that anyone can do it too. I do not expect it to be easy or even possible, but I would like to try it out. I will devote about 2-3 hours a day after work and 12-15 hours on weekends.
I have started it yesterday. I had a very hard time with I guess two of the easiest boxes. I skimmed through the course materials, but wanted to at least tackle one or two hosts as many people said were "super easy". Spent nearly entire day trying to exploit one very common vulnerability with no success. I then tried to use Metasploit, even though I did not want to. Replicated the same vulnerability locally, did it hundred times, but no luck on the Lab box. After some prolonged period of time I figured it out, it was a very clever twist by offsec. I was both mad and delighted that I was able to figure it out. In meanwhile I also struggled with another "easy" box. I thought there was no way to figure it out. I had no luck escalating for hours, nothing that I could find worked, but then one of executables that I found randomly gave me output that pointed me in the right direction. Within couple minutes I got the shell. Best feeling ever. Those two easy boxes were honestly super hard.
I would really recommend reading the course materials as they do have some hints that you could use to find things within the lab. I found another host while reading the pdf and got the shell within 5 minutes. That is an easy host not ones that nearly everyone says it is easy. Overall the lesson learned is: Nothing is easy, everything is relative. What may be extremely hard to someone else may be very easy to me and vice versa.
I will keep updating this thread if people seem interested in the progress, it is mainly my way to reflect on what I have done and that I am still trying harder. I do not want to provide any specific hints as the sole purpose of this course is to do it yourself, not as every other certification where most things are handed to you. I also want to prove that if I am able to pass it then everyone is, especially that I struggled immediately with the course makes it even more realistic.
I hope this has been informative for you, and I would like to thank you for reading.
Total hosts down: 4
___________________________________________________________________________________________________________
Comments
Good luck with your progress and keep it up including your posts and updates!
All the best dude! It will be worth it in the end.
Offensive Security OSCE, OSCP, OSWP
SANS GCIH
https://9emin1.github.io/
Current goal: Dunno
Next up: renew CCNA, AZ-900, AZ-500
Next up: renew CCNA, AZ-900, AZ-500
I have not spent much time over the last couple days just because I have a lot to do at work even after work. However weekends are my best way to get most things done. I found that enumeration is the key to find this. If you know enough about your target you can find a way in, however do not fire off random exploits. I found to be very selective when I try something. I would test it multiple times locally, if the similar application is replicable. I was not able to make a successful script that I was working on the day I wrote first post, however metasploit works every time, and I found multiple targets vulnerable to the same thing. I found that after I find a vulnerability I would scan all of the other hosts to check if the same one is applicable somewhere else.
As I did not do much this week I did not make too much progress. I have 6 hosts with full shell and 1 with low priv which I plan to escalate tonight.
It has been a difficult week. I did not put as much time as I expected, but I think that I did not do too bad. I found a way into 8 hosts within the first week and had a clue for 2 more boxes on which I just got full shell. There is no better feeling when you see "whoami nt authority\system".
I think one of the problems I have is when I pick a host I just keep trying that same box even though there are easier boxes out there. I think that I wasted a lot of time on some boxes, some of them I worked on for about 8 hours and then for 10 min I find another way in, which kind of makes me sad of wasting that much time. When I try to go back to get that longer exploit working I think that I am wasting my lab time as I already got a way in.
I have been reading over Carnal0wnage presentations. One of them helped me get full shell on one of the boxes, good stuff.
I'm planning to attempting this sometime next year. There are 49 host in total correct?
Do they break up the cost of the course and the exam attempt? My employer will pay for the exam attempt, but not the course. I'm thinking of paying for that out of my pocket.
The exam fee is included in the course, and exam retake is $60. You can't do the exam without the course, so there is no break up of the cost as such.
could you please share the links for the Carnal0wnage presentations you have reviewed ? Google returns many results (including YouTube videos).
Many thanks in advance!
Carnal0wnage has some cool stuff, I visit his site often when working on some of the problems. Here are couple links that I used and reviewed:
http://www.carnal0wnage.com/papers/Derbycon2011_The_Dirty_Little_Secrets_Gates_Fuller.pdf
http://www.carnal0wnage.com/papers/LARES-ColdFusion.pdf
http://www.carnal0wnage.com/papers/client-side-pentest.pdf
Still 10 hosts down, did not get any more, but I plan to try one or two tonight...
many thanks for the carnal0wnage links! Really appreciated!
Good luck with your OSCP adventure!
I also rooted one more box yesterday. Total of 16 so far.
Ha, nice!
Good progress so far. I'd like to start this next year and it sounds like I'll be starting out the same as you. Appreciate the updates and will be following this thread closely!
That is great initiative to start OSCP, it is really phenomenal course. What I really liked about it is their "try harder" mentality. I did not do any vulnhub machines or tried any other courses that relate to this topic. I have done couple ctfs every and then with friends for fun, but that is about it. I am sort of stubborn and will not stop until I get something, so I knew that I would not be able to do the exam if I did not do 100% and root every single machine in the labs. This can be a challenge as sometimes I hit a very hard roadblock, and I would not move on to next machine until I get it. There was one specific machine, which you may encounter, that required sort of scripting to achieve the end goal. It took me 8 days to figure it out, and it was probably something super simple for someone with scripting experience. On the other hand, hosts such as Pain/Sufferance/Humble did not pose any problems to me as I had experience with them and was able to get them with "relative" ease towards the end of my 100% goal. Therefore, it is all sort of relative what is easy for me may be hard for you, and what is hard for me may be easy for you. I work a lot and there were days when I could not spend any time to work on the course and sometimes that would even be on a weekend. However, if everything is sort of going well I would spend time from either 8PM-12AM or 10PM-12AM on weekdays and spend nearly entire day on Saturday/Sunday.