OSCP - Starting 15/01/17

luger

Finally took the plunge and last week signed up for the course, scheduled to start next Sunday 15th Jan.

I started my pen testing adventure last March with the eJPT course and passed the exam the following month. Plan was to go straight on to the eCPPT course but due to work commitments that was impossible so signed up for the course but had to wait till end of July to actually start it. I went through the material and videos twice and started the labs but half way through them I felt my motivation and enthusiasm had dwindled during the labs. Not that its a bad course. Far from it the material and videos are great and learnt a ton but the labs have too much hand holding and knowing that you have the answers under your nose did not push me hard enough to give my all to solve the labs. I also felt the time is ripe to change jobs and seeing that the eCPPT holds very little weight with HR and interviewers compared to OSCP, I decided to go for the OSCP and come back to tackle the eCPPT exam after the OSCP.

Having read all the OSCP threads on here, their labs will surely keep me on my toes and push my sanity (whats left of it ) to the limit. This is what I want and that is how I learn. Of course this is just me as others find the elearning security way of teaching as best for them but I'm different. In fact coming back to the eCCPT, I will not hit the labs but will jump straight to the exam.

Some might say that I should have just jumped straight to the OSCP but I disagree. As already pointed out, their material and videos are very good and learnt a lot. I'm pretty sure they will come to very good use during my OSCP adventure.

I will try to update this thread as often as possible after the commencement of the course.

Maximlocke

I'am very interested how you get on mate. I just completed the eJPT last week and i'm thinking about diving into the OSCP once i complete CEH next week.

JoJoCal19

Good luck on your journey! I really want to pursue the OSCP but from a career standpoint it doesn't make sense. I'll probably pursue it for fun down the road. Definitely update this thread regularly with your progress.

luger

Cheers guys, will definitely try to update this as often as possible

luger

Ok so my path to OSCP starts this morning. Received 2 emails from Offensive Security with all the material and instructions for the lab.

Phase 1
Go through all the material/videos and do as many of the exercises as I can. Will try not to spend more than 1 week so that I can hit the labs ASAP. In the meantime will do a full discovery scan of the network to identify all the boxes in the network and document all my findings as detailed as possible. Plan is to spend approx 4-5hrs during the week and try 12hrs during the weekend.

Lets do this.....

luger

Ok time to update this.

Day 11 since the beginning of the lab time. Spent the first 10 days clearing the pdf and videos. The pdf is quite dry compared to the elearnsecurity PTP course material which immediately indicates that lots of self study will have to be done.....but i already knew that. The videos complement the pdf but extra explanations are given so it is very important that these are done in parallel. I would also recommend going through the video of the module first followed by the pdf. You will understand the module much better this way. One example is the BoF module where i got lost a little when going through the pdf but everything fell to place after watching the video.

Yesterday was my first day actually in the labs trying to root some boxes and i managed to root a grand total of 1 box.....Alice. Yes I know Alice is one of the easiest and simplest boxes to pop.....using msf of course but i wanted to make it a point to root this box manually no matter how long it took me and I managed. I have to thank a study buddy for this as he nudged me in the right direction and it is ok to get a little help when stuck on a machine. Inevitably everyone will need a nudge at some point so never be afraid to ask as long as no spoilers are involved. Alice might be an easy box but popping it manually has taught me some nifty tricks which im sure to use on other boxes.

I have a couple of boxes in mind i will be attacking this evening but even if i only get 1 box im happy. I bought 90 days so if i manage to average 1 box a day i would be elated as that would mean clearing all the lab machines in approx 60 days and leaving me with 30 days to seriously prepare for the exam. I know this will be a very difficult task to accomplish seeing that for now its just the low hanging fruits and boxes will be getting significantly harder to pop but i will take this as part of the challenge.

One final tip for anyone about to start the labs.....RDP is your friend.....use it!


Boxes rooted - 1
Alice

mechgt

Nice. I just signed up and the first available start date was in mid-Feb, so that's when I'll get in. I'm signing up for the 90 as well. This will be quite an adventure. I've decided to brush up on python in the meantime as I hear it'll be useful and I don't typically use python in my daily life. Good luck, and keep updating

22306

mechgt wrote: »

Nice. I just signed up and the first available start date was in mid-Feb, so that's when I'll get in. I'm signing up for the 90 as well. This will be quite an adventure. I've decided to brush up on python in the meantime as I hear it'll be useful and I don't typically use python in my daily life. Good luck, and keep updating

hey join the discord server we have for this forum.. trust me itll be very beneficial for you.

MrAgent

What's discord?

22306

MrAgent wrote: »

What's discord?

its basically a way to host a group chat. we have one now and its very active. go to the site and make an account and maybe one of us can send you the server info. google the website and join

luger

22306 wrote: »

its basically a way to host a group chat. we have one now and its very active. go to the site and make an account and maybe one of us can send you the server info. google the website and join

This is the link for the channel https://discord.gg/AQwaeGf

Dr. Fluxx

Is the server just for currently enrolled students?

Im doing my pre prep for the oscp currently.

22306

Dr. Fluxx wrote: »

Is the server just for currently enrolled students?

Im doing my pre prep for the oscp currently.

NOPE, JOIN m

luger

Day 19 since the start of lab time and boxes get more interesting as i go along. Had some easy boxes and some tricky ones but not really difficult. The essence is enumeration. You have to skin the box from head to toe to identify all your attacking vectors before starting to attack. Had some serious issues with msf as it would just not work on most of the boxes i tried using it on but that was a blessing in disguise as it forced me to try other alternatives the manual way and it paid off.

I have also managed to keep my box a day average sine I started hitting the machines in the lab 9 days ago so I have 9 boxes to my name. Some where easy kills and some had me scratch my head for some time that got me on the verge of pulling my hair out till i got it.

Boxes rooted - 9
alice
alpha
payday
tophat
oracle
kraken
susie
dj
jd

luger

Day 24 from the start of lab time and still plucking away at the low hanging fruit. I am up to 12 boxes from 14 days of real time hacking in the labs which I still feel is satisfactory when considering that from those 14 days, I took 1 day off last Sunday to help with my sanity and yesterday was spent on the exercises. In fact the next few days will be spent away from the labs and doing all the exercises which I have stupidly skipped whilst doing the pdf and videos. I just couldn't wait to start the labs so I skipped the labs thinking they were not really important seeing that I did the pdf and videos anyways. I said to myself what benefit would I take from spending time on the exercises when I could use that time in the labs.

BIG MISTAKE!

The exercises are an integral part of the course which must not be taken for granted or skipped. True that my progress was not bad with a box per day average but I was spending way too much time on each box, sometimes even up to 8hrs which could have at least been quartered if I invested some time with the exercises. This is where the Discord channel came in play when all the members 'scolded' me last weekend for not doing the exercises and made me realize why I was spending so much time to root certain boxes. It was not easy to distance myself from the lab as they are addictive as hell but yesterday I just made it a point to sit down and start doing all the exercises from the pdf material and truth be told I am actually enjoying them AND learning more since they are mostly practical exercises which will hugely benefit me in the labs. I am calculating around 5 days to complete them and taking into account the initial 10 days to see off the pdf and videos makes sense when compared to most other OSCP students.

So my advice here is do not cut corners. Offsec provide you all the material to complete for a very good reason. As for the 3 other boxes rooted during last weekend, they were not too difficult looking back but Hotline had me almost throw in the towel but it was all down to my incorrect mindset when tackling certain exploits. Never overlook anything as the answer could be just under your nose. You just have to keep calm, look deeper and use some common sense with what you have in front of you.

Thats it for now and hope to update the thread again sometime next week when I clear the exercises and get back in the labs once again.

Boxes rooted - 12
helpdesk
barry
hotline
alice
alpha
payday
tophat
oracle
kraken
susie
dj
jd

Dr. Fluxx

Are you using metasploit on these?

luger

Dr. Fluxx wrote: »

Are you using metasploit on these?

Some of them yes. Offsec actually encourages msf use in the labs and u have one shot with msf in the exam. Must have rooted maybe 3 of these with msf and when im ready i will go back on the msf rooted machines and root them manually.

sathish09

I am also doing my oscp i have started on 05-03-2017 ...Can i get the invite to discord

Mefistogr

I would also need an invite to this discord channel. I wonder if you are kind enough to send me an invitation!!! Thanks in advance!!!!

p@r0tuXus

Sathish09, Mefistogr...... People can't send you PMs because you don't have enough activity on your accounts. With more participation on these forums people will have the ability to PM you and vice-versa. You won't find public links for the discord group as it's private. Sorry.

alvin2038

Started OSCP early January and spent most of the first two months on the material and exercises. Finally got down to labs a few weeks back. Though OffSec recommends using Metasploit as much as possible for the labs, I've tried not to use it much.

Rooted:
Alice
Phoenix
Mike
Bob2
Barry
Payday
Ralph
Sherlock
Joe (Metasploit. Still trying to get manual exploit working)

olaHalo

Damn this sounds like fun. I may have to try this

TreySong

luger wrote: »

Some of them yes. Offsec actually encourages msf use in the labs and u have one shot with msf in the exam. Must have rooted maybe 3 of these with msf and when im ready i will go back on the msf rooted machines and root them manually.

Hi Luger.
Any updates?

luger

I should have updated this thread much earlier, but this course is so time consuming and exhaustive that i simply never had the time or strength to update it. After work I very often spent from 6pm till 1-2am and on occasions even till 3am in the labs then wake up at 5:30am for work. This happened approximately around the 20-25 box mark when i started to hit brick walls and boxes took a much longer time to fall.

Before sitting for my first attempt at the exam, I had rooted 34 boxes including gh0st, pain and sufference. From the public network all i have remaining are a few dependent boxes and humble.

I sat for my 1st attempt on April 14th. Total disaster and only managed 35 points. My first mistake was time management. Spent 5hrs on the BoF machine and another 5 hours on the 10 point box which I was still not able to root by the end of the exam. Thats already almost half of the time gone and only had a look at 2 from 5 boxes. Started exam at 11am and by 5am the following day I knew I had no chance of passing so went to bed tired and defeated.

I rescheduled a second attempt for 2 weeks later 30th April. This time i managed my time better and got some more points than my 1st attempt around 40-45 points. Exam started at 11am and once again by 5am I knew I had failed. I learnt alot of valuable lessons from those 2 attempts and was confident that a 3rd time would yield success.

3rd attempt was scheduled for 15th May, exactly 4 months to the day I had started the course on Jan 15th! I was determined to make this an anniversary I would celebrate in the end. This time i rooted 3 machines and got shells on the other 2 scoring me a solid 70 points and also had the lab report for a 5 point cushion if needed. Took me 21 hours straight to complete with no rest or food. I had big problems with the BoF machine as I was overlooking something very simple yet took alot of time to detect. I sent the report the following Monday evening and received my passed email on Tuesday night.

All in all this was a fantastic voyage and experience and I highly recommend it to anyone interested in offensive security but you really got to have time for it. In my case, 4 hours a day just didnt cut it. I needed at least 6 hours daily to be able to do decent progress on any machine I was working on. Unless you really got time to dedicate on this course, my advice is to postpone until you do.

saraguru

luger wrote: »

I should have updated this thread much earlier, but this course is so time consuming and exhaustive that i simply never had the time or strength to update it. After work I very often spent from 6pm till 1-2am and on occasions even till 3am in the labs then wake up at 5:30am for work. This happened approximately around the 20-25 box mark when i started to hit brick walls and boxes took a much longer time to fall.

Before sitting for my first attempt at the exam, I had rooted 34 boxes including gh0st, pain and sufference. From the public network all i have remaining are a few dependent boxes and humble.

I sat for my 1st attempt on April 14th. Total disaster and only managed 35 points. My first mistake was time management. Spent 5hrs on the BoF machine and another 5 hours on the 10 point box which I was still not able to root by the end of the exam. Thats already almost half of the time gone and only had a look at 2 from 5 boxes. Started exam at 11am and by 5am the following day I knew I had no chance of passing so went to bed tired and defeated.

I rescheduled a second attempt for 2 weeks later 30th April. This time i managed my time better and got some more points than my 1st attempt around 40-45 points. Exam started at 11am and once again by 5am I knew I had failed. I learnt alot of valuable lessons from those 2 attempts and was confident that a 3rd time would yield success.

3rd attempt was scheduled for 15th May, exactly 4 months to the day I had started the course on Jan 15th! I was determined to make this an anniversary I would celebrate in the end. This time i rooted 3 machines and got shells on the other 2 scoring me a solid 70 points and also had the lab report for a 5 point cushion if needed. Took me 21 hours straight to complete with no rest or food. I had big problems with the BoF machines as I was overlooking something very simple yet took alot of time to detect. Is sent the report the following Monday evening and received my passed email on Tuesday night.

All in all this was a fantastic voyage and experience and I highly recommend it to anyone interested in offensive security but you really got to have time for it. In my case, 4 hours a day just didnt cut it. I needed at least 6 hours daily to be able to do decent progress on any machine I was working on. Unless you really got time to dedicate on this course, my advice is to postpone until you do.

Congratzz dude!! (Y) (Y)
I gave my first attempt on may 14th and it was a failure. I got root on 25 ( BoF ) and 10 pointer machines plus a low privilege shell on 20 pointer.

Thinking of taking the exam again by the end of June. Let's see how it goes for me!!!

luger

saraguru wrote: »

Congratzz dude!! (Y) (Y)
I gave my first attempt on may 14th and it was a failure. I got root on 25 ( BoF ) and 10 pointer machines plus a low privilege shell on 20 pointer.

Thinking of taking the exam again by the end of June. Let's see how it goes for me!!!

Thanks man

Don't be discouraged by the fail....u did well for ur 1st attempt and im sure u will do even better on ur next try.

Dr. Fluxx

Keep pushing on!