My OSCP Voyage

Surrealalucard

Hey guys and gals, thought I would post my oscp journey as well as keep it updated.
Some background. I started about 3 months ago, but due to life, only got about 1 month of work in. Iextended my time another month and I have 10 machines rooted so far. I will update with a list of completed so far.
I started this with no IT work experience so I am probably doing it a little backwards, and passed the eJPT just before starting this.
My goal is getting into a pen test job, at first I was hoping doing the oscp would help me attain it, but I have come to realize that I will probably have to go in at the low level first (support desk) and work my way up from there. I am also starting this a little late in life ( I am 27 ) and I already have a career, that I don't enjoy, so I am swapping careers as well.
So yea that's it so far, i will update hopefully daily with my progress, and any critique is more than welcome.

wayne_wonder

So you have no experience apart from the eJPT? And you've rooted 10 machines thats pretty impressive my friend to be fair i applaud you!!

Surrealalucard

wayne_wonder wrote: »

So you have no experience apart from the eJPT? And you've rooted 10 machines thats pretty impressive my friend to be fair i applaud you!!

Thank you. At first it was real slow and I felt like I was wasting a lot of time. Lately though it seems to have picked up pace, although I have just gotten back to where I have time to do it. During the week I will only have 2-3 hours at most to do anything, but my weekends will probably be 8-10 hour days in the labs.
I also found the eJPT pretty easy, even though it took 7 hours to complete. I am very glad at how difficult the OSCP has been so far, and have learned so much from it in the short amount of time I have had with it.

gespenstern

So what career are you trying to switch from?

jamesleecoleman

Does it feel like a big step going from eJPT to OSCP? I was thinking about doing that but I'm a slow learner.

Surrealalucard

gespenstern wrote: »

So what career are you trying to switch from?

I am a electrician.

jamesleecoleman wrote: »

Does it feel like a big step going from eJPT to OSCP? I was thinking about doing that but I'm a slow learner.

Yes, eJPT seemed like a intro to tools and the mindset. OSCP is pretty much a real pen test.

Surrealalucard

First Real update woo! First a list of machines I have previously Owned:
1. Alice
2. Phoenix
3. Mike
4. Bob
5. Payday
6. JD
7. MAIL
8. Kevin
9. Sean
10. Barry

Currently working on: DJ. this one is interesting, thought I had a working exploit but nothing happened, and not really seeing a way in otherwise. Only had about 1.5 hours to work on him today. Will see If I can enumerate more.

So far my work methodology has been enumerate everything I think I can, smb, ftp, run nmap script scans, http if available. etc.While I am running these scans, I will usually set up a brute forcer just to see if I get a easy target. After I look through my nmap service scan to see what software and protocols are running on the machine.
From there it just branches to looking for exploits/vulnerability for either the software running on the machine or the protocol. I usually have a look at the forums as well, kind of feels like cheating though.

cavijayan

Searching forums / google is going to be like what it is in real world. So, it is ok.

Good progress. Keep it up.

chazb0t

I'm in a similar boat, 31 and trying to change careers. No formal IT education or experience but I've been tinkering with computers since I was a kid. I'm doing eJPT -> eCPPT -> OSCP.

eJPT took me 2 weeks, eCPPT I failed the exam on my first attempt because I was underprepared for the buffer overflow/shellcoding. Getting ready to take it a second time.

Look forward to following your progress.

jamesleecoleman

Kinda went over the buffer overflow/shellcoding for the eCPPT part. Didn't think that it was super important so I thought I would go back over it after the exam. I guess that I gotta know everything for the exam.

I was thinking about going from eJPT to the OSCP but a lot of people say its difficult, which to me means that it'll take a lot of time to learn. I can't wait to get the eCPPT, OSCP and OSWP.

Surrealalucard

Alright I'm back! The past few days have been crazy busy, and I had spent a while in the labs as well. Got 3 more machines sense my last post.
DJ downed.
Bethany downed. Had another person team up with me on those one. We danced around the whole thing all night and then he finally got it. Sometimes you just need some rest haha.
And pain down. This one contrary to its name wasn't terrible. Had to take a break Sunday and gets some stuff done. I'll be back to it Monday and hopefully update stuff a little more frequently.
Total machines rooted: 13

Update 8-16-15:
Not much work on a machine done, but worked on some of my custom scanning scripts (need to add some cool text art). I will be targeting Alpha next, and work on the trio. Will update next time I have any progress.

BuzzSaw

I totally applaud you guys for just jumping right in even with little experience. You likely will have a better head on your shoulders than a lot of people in the field that I know . . .

As for the progress - Good luck and keep up the hard work!