Another OSCP nugget

Hi gang

Its been a while

Hope all of you are well, I have been reading the forum, but its been a long time since I posted. I have just registered for my OSCP and will start 09/04 , having passed eCPPT and CISSP relatively recently I expect one heck of a challenge

I have spent the last days reading up on my eCPPT notes, Python book (Black Hat Python) and generally sharpening the old toolbox (setting up a pair of Kali machines (32&64) bit, updating them etc.).

I am really excited for the course and expect to have lots of fun (after the tears dry

).

Black Hat Python:

https://www.amazon.co.uk/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_1?ie=UTF8&qid=1472140621&sr=8-1&keywords=black+hat+python

Find more posts tagged with

Comments

the_Grinch

Good luck! Based on your post I suspect you will do well. But as a heads up they'll provide you with a copy of Kali they prefer your use as the course was designed around it. Might save you some issues if something isn't working on your setup.

BuzzSaw

papaw0lf wrote: »

Hi gang

Its been a while Hope all of you are well, I have been reading the forum, but its been a long time since I posted. I have just registered for my OSCP and will start 09/04 , having passed eCPPT and CISSP relatively recently I expect one heck of a challenge

I have spent the last days reading up on my eCPPT notes, Python book (Black Hat Python) and generally sharpening the old toolbox (setting up a pair of Kali machines (32&64) bit, updating them etc.).

I am really excited for the course and expect to have lots of fun (after the tears dry ).

Black Hat Python:

https://www.amazon.co.uk/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_1?ie=UTF8&qid=1472140621&sr=8-1&keywords=black+hat+python

Thats a pretty good book. I've worked my way through it before, and its a fun read.

Good luck on your adventure. I will be watching this thread

KEE_ACE

I'm new here and currently going through the eJPT course. I plan on taking eCPPT next then heading off for OSCP. Good luck, I'll be rooting for you!

Kalabaster

I'm extremely interesting in hearing about how the eCPPT does or does not help you on the OSCP. I'm finishing the eWPT currently, heading into a GWAPT next week, and all throughout looking at the eCPPT hoping for a crack at the OSCP soon so I would really love to hear how eLearn's stuff carries into Offensive Security's stuff as I'm walking a very similar path! Please let us know how things go as you're plugging away.

22306

i bought this book couple days a go (thanks to this thread) hopefully i will go through it this long weekend!

BlackBeret

The image they provide is located at http://downloads.kali.org/pwk-kali-vm.7z

The real difference you'll notice is that it's 32bit, non-PAE. In short it removes some of the protections and makes it easier for exploits to run against. You'll need this when doing the buffer overflow module as you install and exploit a program running on your own system. If you already have a Kali VM that you've set up and are comfortable with I don't see any reason not to use it for everything else in the lab. Just remember when you get to the BO module on Linux and your exploit wont fire to switch to this VM.

Savyk

greetings papawolf

how are things going?

Savyk

'rooting for you!'

+1

papaw0lf

Hi everybody!

Thanks for all the positive energy

It has been a busy week at work but I still managed to go through all of the training videos and about 1/3 of the lab guide. About 5 machines have been PWNed in the lab so far but I'm not really proud as they were low hanging fruits.

My focus this week is recon, enumeration and streamlining the documentation evidence collection process, which will save super valuable time in the exam, having eCPPT behind me I know too well that its the simple things that will scr3w you during the exam when time flies. I expect to have a fully documented lab report before thinking of booking the exam.

Word to the wise python went crazy on me and I had to revert the snapshot to get the Kali box working again, glad I take frequent snapshots and a daily backup of data !!!!

On the topic of eCPPT (v2 for me) I have to say a lot of the stuff is similar, having the luxury of access to both course materials I can compare them and I have to say that both complement the same knowledge from different angle, eCPPT is more hand-holding in general but takes some short cuts which PWK does not

I dont regret taking it as a prep course.

Thanks again for the support and I will keep you guys posted.

Cheers!

nopx90

Currently going at the Lab myself, good luck!

papaw0lf

Thanks all, I have concluded the lab material and videos and now I am hunting in the wild for all the machines I can exploit, as Sherlock would say "The game is afoot!"

papaw0lf

Hi All

I hope you have had a great weekend, shame on me for not writing this up sooner but I really have been spending every waking minute off the clock on this course (as well as sometimes while sleepwalking).

My initial lab time of 60 days expired and I extended it for another 30 days ending 3/12/2016. My goal is to manage to take the exam mid Dec (dates TBD), however having 19 days of lab it I plan to take full advantage of the time and wrap up as many machines as I can, the current r00ted machines count is in the low 50s (of an approximate total of 60 -65???) among which 2/3 of the tough ones (Pain & Sufferrance).

Following the forums and conversing with other students, it is clear that the whole experience varies per student.

There are students who r00ted all lab machines and failed their first attempt and others who didn’t get the entire lab but passed the exam on the first go.

To summarize:
My plan is to lab the hell out this course and if I feel that I am close in the next 10 days, give it a go mid-Dec and if I don’t pass retake mid Jan after crying in my corner all XMAS
Otherwise I will extend the labs another 15 days and then go for early/mid Jan.

SaSkiller

Kalabaster wrote: »

I'm extremely interesting in hearing about how the eCPPT does or does not help you on the OSCP. I'm finishing the eWPT currently, heading into a GWAPT next week, and all throughout looking at the eCPPT hoping for a crack at the OSCP soon so I would really love to hear how eLearn's stuff carries into Offensive Security's stuff as I'm walking a very similar path! Please let us know how things go as you're plugging away.

A lot of people here have used the method to go through it and it has worked out.

papaw0lf

Well is game time

Tomorrow is the big day!! My exam starts at 09:00, planning to get a good night's sleep and have a pack of Red Bull within arms reach

JoJoCal19

Good luck papaw0lf!!!

bluesquirrel

Lots of luck papaw0lf!!!

MrAgent

How'd you fare in the exam?

papaw0lf

Hi folks

The exam is over and I believe it will be a good result, I got most of my targets save one which I only managed a low priv shell.
The exam email with the connectivity package arrived at 09:00 on 12/12 (on time) and I concluded my lab activities 03:50 13/12. After 3 hrs of sleep I started on my 65 page report which I have just submitted.

All in all a very worthwhile and challenging experience. Fingers crossed !!!

Thanks everybody for all the support.

Cheers!

bluesquirrel

well done papaw0lf!

SaSkiller

65 Pages?!

MrAgent

Holy cow, 65 pages! Mine was only 24 pages, but I did not submit the lab report with my exam report.

papaw0lf

I put it in a step-by-step explanation with accompanying screens, wrote some basic text of the steps, but only what was relevant to the exploitation, the explanation on the development of a certain exploit took most of the pages, my lab report was 220 pages but had all the exercises required and more machines than the minimum, I managed to r00t the entire lab so I kinda felt sorry to report on the minimum.

Anyways, hope they like it.

papaw0lf

Got the confirmation email an hour ago, just graduated from Ninja School

Thanks everybody for all the support. All the best!!!

MrAgent

Congrats!

JoJoCal19

Congrats on the pass! That's a great achievement!

ahmedshetta

my friend, i need your consultancy in one thing, i enrolled in OSCP course, now what, should i discover the network and hack the nodes in it ?, or is there some nodes i should start with it first and then continue to others?
Regards,

papaw0lf

ahmedshetta wrote: »

my friend, i need your consultancy in one thing, i enrolled in OSCP course, now what, should i discover the network and hack the nodes in it ?, or is there some nodes i should start with it first and then continue to others?
Regards,

First of all good luck!! You have embarked on a great adventure.

The official line is that its up to you to understand what you need to do. Since I understand the early frustration, I will advise you to devote 2 hrs enumerating a host (but do it diligently) and if nothing flags up move on, the lab has multiple networks the first one you encounter has quite a few that have dependencies on other machines so although it maybe an old OS or common service open you need something from somewhere else to get it as it will be hardened to the bone

So think outside the box and as you start getting the low hanging fruits you will get the experience to move on, the forum and admins will provide quite a few hints on how to move on, but its generally all about enumeration and attention to detail.

Have fun!

ZzBloopzZ

Congrats on the super achievement! Could you kindly talk about if you think it was worth doing the eCPPT first before the OSCP? Or do you think you should have gone straight for the OSCP?

Also, do you do penn testing in your day to day?

Thanks!

papaw0lf

Hi mate

Short answer yes, having the benefit of both courses I can honestly say if you have the time and $ go for it, each course has something more to give you and eLearn have decent labs but not as sophisticated (at least back in 2014 when I did eCPPT) as OffSec they do a bit more handholding which is good if you are just starting out.

OSCPs laabs are much more demanding and varied so I do not regret taking eCPPT as a prep course, although not mandatory, it depends you your experience and exposure to pentesting.

Good luck!

leboratorical

Belated congratulations from me too! I'm a long time lurker and just beginning to poke my head above the clouds. The OSCP is something I really want to attempt this year, but I don't have any actual pen testing experience. I figure on doing a lot of CTFs this year to get experience, but am now having to seriously consider doing an eCPPT course. I've been in two minds on whether I need to do C|EH as from everything I read, it won't give me a lot over the Security+ course. Then you mentioned eCPPT, and I'm even more confused

Decisions, decisions!