OSCP - Starting 15/01/17
luger
Member Posts: 52 ■□□□□□□□□□
Finally took the plunge and last week signed up for the course, scheduled to start next Sunday 15th Jan.
I started my pen testing adventure last March with the eJPT course and passed the exam the following month. Plan was to go straight on to the eCPPT course but due to work commitments that was impossible so signed up for the course but had to wait till end of July to actually start it. I went through the material and videos twice and started the labs but half way through them I felt my motivation and enthusiasm had dwindled during the labs. Not that its a bad course. Far from it the material and videos are great and learnt a ton but the labs have too much hand holding and knowing that you have the answers under your nose did not push me hard enough to give my all to solve the labs. I also felt the time is ripe to change jobs and seeing that the eCPPT holds very little weight with HR and interviewers compared to OSCP, I decided to go for the OSCP and come back to tackle the eCPPT exam after the OSCP.
Having read all the OSCP threads on here, their labs will surely keep me on my toes and push my sanity (whats left of it
) to the limit. This is what I want and that is how I learn. Of course this is just me as others find the elearning security way of teaching as best for them but I'm different. In fact coming back to the eCCPT, I will not hit the labs but will jump straight to the exam.
Some might say that I should have just jumped straight to the OSCP but I disagree. As already pointed out, their material and videos are very good and learnt a lot. I'm pretty sure they will come to very good use during my OSCP adventure.
I will try to update this thread as often as possible after the commencement of the course.
I started my pen testing adventure last March with the eJPT course and passed the exam the following month. Plan was to go straight on to the eCPPT course but due to work commitments that was impossible so signed up for the course but had to wait till end of July to actually start it. I went through the material and videos twice and started the labs but half way through them I felt my motivation and enthusiasm had dwindled during the labs. Not that its a bad course. Far from it the material and videos are great and learnt a ton but the labs have too much hand holding and knowing that you have the answers under your nose did not push me hard enough to give my all to solve the labs. I also felt the time is ripe to change jobs and seeing that the eCPPT holds very little weight with HR and interviewers compared to OSCP, I decided to go for the OSCP and come back to tackle the eCPPT exam after the OSCP.
Having read all the OSCP threads on here, their labs will surely keep me on my toes and push my sanity (whats left of it
) to the limit. This is what I want and that is how I learn. Of course this is just me as others find the elearning security way of teaching as best for them but I'm different. In fact coming back to the eCCPT, I will not hit the labs but will jump straight to the exam.Some might say that I should have just jumped straight to the OSCP but I disagree. As already pointed out, their material and videos are very good and learnt a lot. I'm pretty sure they will come to very good use during my OSCP adventure.
I will try to update this thread as often as possible after the commencement of the course.
Comments
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Phase 1
Go through all the material/videos and do as many of the exercises as I can. Will try not to spend more than 1 week so that I can hit the labs ASAP. In the meantime will do a full discovery scan of the network to identify all the boxes in the network and document all my findings as detailed as possible. Plan is to spend approx 4-5hrs during the week and try 12hrs during the weekend.
Lets do this.....
Day 11 since the beginning of the lab time. Spent the first 10 days clearing the pdf and videos. The pdf is quite dry compared to the elearnsecurity PTP course material which immediately indicates that lots of self study will have to be done.....but i already knew that. The videos complement the pdf but extra explanations are given so it is very important that these are done in parallel. I would also recommend going through the video of the module first followed by the pdf. You will understand the module much better this way. One example is the BoF module where i got lost a little when going through the pdf but everything fell to place after watching the video.
Yesterday was my first day actually in the labs trying to root some boxes and i managed to root a grand total of 1 box.....Alice. Yes I know Alice is one of the easiest and simplest boxes to pop.....using msf of course but i wanted to make it a point to root this box manually no matter how long it took me and I managed. I have to thank a study buddy for this as he nudged me in the right direction and it is ok to get a little help when stuck on a machine. Inevitably everyone will need a nudge at some point so never be afraid to ask as long as no spoilers are involved. Alice might be an easy box but popping it manually has taught me some nifty tricks which im sure to use on other boxes.
I have a couple of boxes in mind i will be attacking this evening but even if i only get 1 box im happy. I bought 90 days so if i manage to average 1 box a day i would be elated as that would mean clearing all the lab machines in approx 60 days and leaving me with 30 days to seriously prepare for the exam. I know this will be a very difficult task to accomplish seeing that for now its just the low hanging fruits and boxes will be getting significantly harder to pop but i will take this as part of the challenge.
One final tip for anyone about to start the labs.....RDP is your friend.....use it!
Boxes rooted - 1
Alice
hey join the discord server we have for this forum.. trust me itll be very beneficial for you.
This is the link for the channel https://discord.gg/AQwaeGf
Im doing my pre prep for the oscp currently.
NOPE, JOIN m
I have also managed to keep my box a day average sine I started hitting the machines in the lab 9 days ago so I have 9 boxes to my name. Some where easy kills and some had me scratch my head for some time that got me on the verge of pulling my hair out till i got it.
Boxes rooted - 9
alice
alpha
payday
tophat
oracle
kraken
susie
dj
jd
BIG MISTAKE!
The exercises are an integral part of the course which must not be taken for granted or skipped. True that my progress was not bad with a box per day average but I was spending way too much time on each box, sometimes even up to 8hrs which could have at least been quartered if I invested some time with the exercises. This is where the Discord channel came in play when all the members 'scolded' me last weekend for not doing the exercises and made me realize why I was spending so much time to root certain boxes. It was not easy to distance myself from the lab as they are addictive as hell but yesterday I just made it a point to sit down and start doing all the exercises from the pdf material and truth be told I am actually enjoying them AND learning more since they are mostly practical exercises which will hugely benefit me in the labs. I am calculating around 5 days to complete them and taking into account the initial 10 days to see off the pdf and videos makes sense when compared to most other OSCP students.
So my advice here is do not cut corners. Offsec provide you all the material to complete for a very good reason. As for the 3 other boxes rooted during last weekend, they were not too difficult looking back but Hotline had me almost throw in the towel but it was all down to my incorrect mindset when tackling certain exploits. Never overlook anything as the answer could be just under your nose. You just have to keep calm, look deeper and use some common sense with what you have in front of you.
Thats it for now and hope to update the thread again sometime next week when I clear the exercises and get back in the labs once again.
Boxes rooted - 12
helpdesk
barry
hotline
alice
alpha
payday
tophat
oracle
kraken
susie
dj
jd
Some of them yes. Offsec actually encourages msf use in the labs and u have one shot with msf in the exam. Must have rooted maybe 3 of these with msf and when im ready i will go back on the msf rooted machines and root them manually.
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
Rooted:
Alice
Phoenix
Mike
Bob2
Barry
Payday
Ralph
Sherlock
Joe (Metasploit. Still trying to get manual exploit working)
Hi Luger.
Any updates?
Before sitting for my first attempt at the exam, I had rooted 34 boxes including gh0st, pain and sufference. From the public network all i have remaining are a few dependent boxes and humble.
I sat for my 1st attempt on April 14th. Total disaster and only managed 35 points. My first mistake was time management. Spent 5hrs on the BoF machine and another 5 hours on the 10 point box which I was still not able to root by the end of the exam. Thats already almost half of the time gone and only had a look at 2 from 5 boxes. Started exam at 11am and by 5am the following day I knew I had no chance of passing so went to bed tired and defeated.
I rescheduled a second attempt for 2 weeks later 30th April. This time i managed my time better and got some more points than my 1st attempt around 40-45 points. Exam started at 11am and once again by 5am I knew I had failed. I learnt alot of valuable lessons from those 2 attempts and was confident that a 3rd time would yield success.
3rd attempt was scheduled for 15th May, exactly 4 months to the day I had started the course on Jan 15th! I was determined to make this an anniversary I would celebrate in the end. This time i rooted 3 machines and got shells on the other 2 scoring me a solid 70 points and also had the lab report for a 5 point cushion if needed. Took me 21 hours straight to complete with no rest or food. I had big problems with the BoF machine as I was overlooking something very simple yet took alot of time to detect. I sent the report the following Monday evening and received my passed email on Tuesday night.
All in all this was a fantastic voyage and experience and I highly recommend it to anyone interested in offensive security but you really got to have time for it. In my case, 4 hours a day just didnt cut it. I needed at least 6 hours daily to be able to do decent progress on any machine I was working on. Unless you really got time to dedicate on this course, my advice is to postpone until you do.
Congratzz dude!! (Y) (Y)
I gave my first attempt on may 14th and it was a failure. I got root on 25 ( BoF ) and 10 pointer machines plus a low privilege shell on 20 pointer.
Thinking of taking the exam again by the end of June. Let's see how it goes for me!!!
Thanks man
Don't be discouraged by the fail....u did well for ur 1st attempt and im sure u will do even better on ur next try.