Beginning my OSCP Journey
saraguru
Member Posts: 46 ■■□□□□□□□□
Hi All,
I will be starting my Journey of OSCP from 03/12/2017 ( day after tomorrow ). A little about my background: I have been doing competitive programming for almost two and a half years during my college days. About 10 months back I decided to explore the Security domain and since then I am spending my entire time on this. I have practiced about a dozen of VMs in vulnhub and attended quite a few CTFs. I have purchased the lab time for 2 months and then extend if need arise. My aim is to compromise atleast 30 machines:) . If anyone is starting on the same time and is interested to work with me together please let me know!!! And I will try to update this atleast once a week.
I will be starting my Journey of OSCP from 03/12/2017 ( day after tomorrow ). A little about my background: I have been doing competitive programming for almost two and a half years during my college days. About 10 months back I decided to explore the Security domain and since then I am spending my entire time on this. I have practiced about a dozen of VMs in vulnhub and attended quite a few CTFs. I have purchased the lab time for 2 months and then extend if need arise. My aim is to compromise atleast 30 machines:) . If anyone is starting on the same time and is interested to work with me together please let me know!!! And I will try to update this atleast once a week.
Comments
-
theMACHINE Registered Users Posts: 3 ■□□□□□□□□□Good luck, I have that one on my todo list after I knock out some other stuff. I have coworker going through it now, it's tough, but I think he's enjoying it.
-
saraguru Member Posts: 46 ■■□□□□□□□□@JasminLandry
Any tip you would like to give me before I begin the course??! -
Ignacio2019 Registered Users Posts: 3 ■□□□□□□□□□Saraguru, how's it going? I am starting the course this weekend & perhaps will reach out to you.
-
saraguru Member Posts: 46 ■■□□□□□□□□Sorry guyz for not updating it...let me try to do it on a regular basis from now on
For the 1st week I was pretty much going through the materials given( pdf+videos ) and visited the lab just once or twice...by the weekend I almost completed everything which will get me started in the Lab...
To be honest I was having a reallly realllly hard time the first time when I was in the lab...I felt like I am completely lost and didn't even have an idea of what to do..I had pages and pages of Nmap scan report to look at...slowly and steadily after 3-4 days have passed I started getting machines one by one...The first one I got was ALICE...It was a very straight forward machine though...and by the end of 2nd week I had almost 5 machines in my hand...so I kept my target like "I have to get 5 machines per week"
in the third week I faced some windows machine and found out that I am very very weak with Windows privilege escalations...since I had done about a dozen of vulnhub VMs I didn't face much difficulty with Linux machines till now..however I am completely stuck with the Windows ones...I have got SYSTEM account on only two windows machine and have two limited shells which I have escalate...
Just yesterday I had rooted DOTTY and the machine was like its name suggests...we have to connect many dots to get the machine...I really enjoyed rooting DOTTY..
so to conclude I have about 11 machines with full shell access and 2 limited shell on windows without counting duplicates..I feel like I am moving pretty slow and would like to speed things up in the coming weeks!!!
Ignacio2019: sure...you can reach me out via facebook, gtalk, watsapp or IRC..just let me know which you are okay with -
saraguru Member Posts: 46 ■■□□□□□□□□And this weekend I had pretty much hard time in the Lab...Saturday I was working on DJ, which was quite similar to one other machine I have done previously...But since I didn't properly enumerate it I was not able to own it for a long time..once I found the way I tried to use the same old trick I used for the other machine but man, It didn't work!!!! obviously, If it worked then what is the point of keeping this machine in the lab, I thought to myself...then I found Metasploit way of rooting this machine which worked perfectly fine!!! however, I was not satisfied at all since I wanted to avoid Metasploit as much as possible...then, after some gooogling I found what is required to root this machine without using MSF...That was really a cooool trick and I was happppy to have learnt it...
And on Sunday I got stuck with gh0st for a long time and hence decided to move further...I went on taking one other machine for which I had the limited shell in about 5-10 min..but Privilege Escalation for it was taking a helll lotttttt of time and till night I was not able to figure it out..!!
So, by the end of this week I had 12 full shells and 3 limited shells...I am very sad that the count of Limited shells is also keep on increasing which actually hints me that I have work HARDER on Priv Ecs!! -
saraguru Member Posts: 46 ■■□□□□□□□□Today marks the end of the first Month of my OSCP journey!!! i must definitely admit that it has been awesomeeeeeee and i'm totally enjoying it ..Though it will be frustrating when you hit the wall and don't know how to proceed, the feeling you get when you find the way will be incredible!!!!!!! can't explain it through words...
By the time I'm writing this, I have about 17 full shells and 3 limited shells in my hands...so, I now have the confidence that I can reach my target of getting atleast 30 shells...however, I'll work harder and try to get more and more machines...
Dr. Fluxx: thanks buddy!! -
redworld Member Posts: 35 ■■□□□□□□□□Today marks the end of the first Month of my OSCP journey!!! i must definitely admit that it has been awesomeeeeeee and i'm totally enjoying it ..Though it will be frustrating when you hit the wall and don't know how to proceed, the feeling you get when you find the way will be incredible!!!!!!! can't explain it through words...
By the time I'm writing this, I have about 17 full shells and 3 limited shells in my hands...so, I now have the confidence that I can reach my target of getting atleast 30 shells...however, I'll work harder and try to get more and more machines...
Dr. Fluxx: thanks buddy!! -
VoyagerOne Registered Users Posts: 3 ■□□□□□□□□□All the best saraguru and pls keep us posted with ur updates.
-
TreySong Member Posts: 65 ■■■□□□□□□□Today marks the end of the first Month of my OSCP journey!!! i must definitely admit that it has been awesomeeeeeee and i'm totally enjoying it ..Though it will be frustrating when you hit the wall and don't know how to proceed, the feeling you get when you find the way will be incredible!!!!!!! can't explain it through words...
By the time I'm writing this, I have about 17 full shells and 3 limited shells in my hands...so, I now have the confidence that I can reach my target of getting atleast 30 shells...however, I'll work harder and try to get more and more machines...
Dr. Fluxx: thanks buddy!!
All the best. You're giving me hope! -
saraguru Member Posts: 46 ■■□□□□□□□□Is there any machine you recommend from vulnhub?
For the beginning I would suggest go on with the kioptrix series..that should give you a rough idea about some of the easy machines in the lab
go through each and every level in it!! -
saraguru Member Posts: 46 ■■□□□□□□□□VoyagerOne wrote: »All the best saraguru and pls keep us posted with ur updates.
Thanks a lott VoyagerOne...Will update the status of this weekend probably by tomorrow!! -
saraguru Member Posts: 46 ■■□□□□□□□□All the best. You're giving me hope!
Thank you TreySong!! are you taking up OSCP now?!? -
TreySong Member Posts: 65 ■■■□□□□□□□Thank you TreySong!! are you taking up OSCP now?!?
Yes I am . I am starting next week Sunday the 23rd. From what I've heard so far, it is going to be very rough. I am not reading anything to prepare myself. I am simply going to wait for next Sunday, receive my training documents and start reading the pdf and the video and take it from there. Let's keep in touch all through. Wish you well. -
saraguru Member Posts: 46 ■■□□□□□□□□Yes I am . I am starting next week Sunday the 23rd. From what I've heard so far, it is going to be very rough. I am not reading anything to prepare myself. I am simply going to wait for next Sunday, receive my training documents and start reading the pdf and the video and take it from there. Let's keep in touch all through. Wish you well.
If you are already a pentester by profession then it should just be a cake walk for you...otherwise I would suggest, you may do some vulnhub challenges in the meantime
I say this coz although the pdf+video teaches you a lot of things it is DEFINITELY NOT sufficient for the lab..most of the times you will be googling around for almost everything!! If you do some of the vulnhub challenges you will have some idea of how things will be and get prepared accordingly!! anyway it's upto you...have a nice time in the lab -
TreySong Member Posts: 65 ■■■□□□□□□□If you are already a pentester by profession then it should just be a cake walk for you...otherwise I would suggest, you may do some vulnhub challenges in the meantime
I say this coz although the pdf+video teaches you a lot of things it is DEFINITELY NOT sufficient for the lab..most of the times you will be googling around for almost everything!! If you do some of the vulnhub challenges you will have some idea of how things will be and get prepared accordingly!! anyway it's upto you...have a nice time in the lab
THANKS> I did loads of pen testing in another lifetime. But your advice is welcome. Cheers! -
Ghostrider007 Member Posts: 7 ■□□□□□□□□□Hi TreySong... If you're already in the pentesting world, then you already have half the job done ....
Am starting my lab time from 14th May (next month), have started prep work for it. But i know of 5 pentesters at my work place who cracked it in the first go. They didn't say it was an easy task, but not too hard for them as well due to their experience and am sure it will be the same for you
Keep us posted.... -
saraguru Member Posts: 46 ■■□□□□□□□□Hi everyone,
This weekend was the best for me and I experienced both painful & joyful time in the lab!! This Friday I experienced failures after failures..i tried about 3 machines but couldn't even find the entry point for any of them...later i decided to look at the forum for hints and found that all 3 of them had some dependencies...frustrated with the failures I didn't have the mindset to proceed with other machine today!!
And on saturday I rooted a machine and found network-secret file in it!! By this victory I have successfully unlocked the IT network ...I have been waiting to unlock a network for a long time and it happened today!! That moment, I was really feeling like floating in the sky!!!!!!
On sunday, I was working on a privilege escalation of a machine for which I have got a limited shell long long back...since I couldn't find any way after working on it for a long time I decided to get some hint from the forum for Privilege Escalation...Based on the hint provided I went back to the lab and rooted it within like 5 min or so...i was just shocked and asked myself "Did you miss something which was this obvious??!!"..so i decided to revert the machine just to ensure that I did root the machine in the right manner!! After reverting I was shocked to see that, what I had done earlier was not the intended way to root the machine and I just used a backdoor which someone has left behind when they were working!!! I was very sad and challenged myself to complete the machine within today...I tried everything which I could but still I was stuck..evening I talked to the admin and he gave me a nudge..And after an hour or so, I OWNED this box!!! Mannn, that was really awesome..I am learning very coool things which I had never even Imagined before taking up this course...And to add to the joy of rooting this box, there was another network-secret found on this box!!! so, I even unlocked the DEV network!!! it was back to back victory for me this weekend..in two days I have unlocked two networks...Only after rooting this machine I was able to have my dinner
Finally, I have 20 full shells and 3 limited shells with me now and also I have unlocked IT and DEV network!!! sooon, I hope to have fun with "tunneling and pivoting" Well, that's the update for this weekend!! -
Ghostrider007 Member Posts: 7 ■□□□□□□□□□Thats amazing work saraguru... by this rate you'll have cracked through the rest of the lab before you finish the 90 days.. keep us posted. Also post anything that may help aspirants like me in terms of what tools you've learnt, methodology etc (i know there are numerous threads on this).You say you were a pro programmer before starting OSCP, had you ever done any work on the offensive side ?Today marks the end of the first Month of my OSCP journey!!! i must definitely admit that it has been awesomeeeeeee and i'm totally enjoying it ..Though it will be frustrating when you hit the wall and don't know how to proceed, the feeling you get when you find the way will be incredible!!!!!!! can't explain it through words...
By the time I'm writing this, I have about 17 full shells and 3 limited shells in my hands...so, I now have the confidence that I can reach my target of getting atleast 30 shells...however, I'll work harder and try to get more and more machines...
Dr. Fluxx: thanks buddy!! -
saraguru Member Posts: 46 ■■□□□□□□□□Ghostrider007 wrote: »Hi TreySong... If you're already in the pentesting world, then you already have half the job done ....
Am starting my lab time from 14th May (next month), have started prep work for it. But i know of 5 pentesters at my work place who cracked it in the first go. They didn't say it was an easy task, but not too hard for them as well due to their experience and am sure it will be the same for you
Keep us posted....
Yah..As i had already mentioned, If you are a pentester by profession the course and lab shouldn't be a problem for you at all
All the best for your journey Ghostrider007 (Y) -
Ghostrider007 Member Posts: 7 ■□□□□□□□□□Thanks saraguru and likewise to you too, am sure you'll crack it in the first go as well... You're becoming quite an inspiration (or atleast the speeds of you popping the boxes)... Are you using msf on some/any boxes or are you just manually working through these ?Yah..As i had already mentioned, If you are a pentester by profession the course and lab shouldn't be a problem for you at all
All the best for your journey Ghostrider007 (Y) -
Ghostrider007 Member Posts: 7 ■□□□□□□□□□Wow ! That is some amazing work ! You seem to be plowing through it. Well done saraguru ! I know you said you were a pro programmer but do you have any experience in the offensive side as well ?Hi everyone,
This weekend was the best for me and I experienced both painful & joyful time in the lab!! This Friday I experienced failures after failures..i tried about 3 machines but couldn't even find the entry point for any of them...later i decided to look at the forum for hints and found that all 3 of them had some dependencies...frustrated with the failures I didn't have the mindset to proceed with other machine today!!
And on saturday I rooted a machine and found network-secret file in it!! By this victory I have successfully unlocked the IT network ...I have been waiting to unlock a network for a long time and it happened today!! That moment, I was really feeling like floating in the sky!!!!!!
On sunday, I was working on a privilege escalation of a machine for which I have got a limited shell long long back...since I couldn't find any way after working on it for a long time I decided to get some hint from the forum for Privilege Escalation...Based on the hint provided I went back to the lab and rooted it within like 5 min or so...i was just shocked and asked myself "Did you miss something which was this obvious??!!"..so i decided to revert the machine just to ensure that I did root the machine in the right manner!! After reverting I was shocked to see that, what I had done earlier was not the intended way to root the machine and I just used a backdoor which someone has left behind when they were working!!! I was very sad and challenged myself to complete the machine within today...I tried everything which I could but still I was stuck..evening I talked to the admin and he gave me a nudge..And after an hour or so, I OWNED this box!!! Mannn, that was really awesome..I am learning very coool things which I had never even Imagined before taking up this course...And to add to the joy of rooting this box, there was another network-secret found on this box!!! so, I even unlocked the DEV network!!! it was back to back victory for me this weekend..in two days I have unlocked two networks...Only after rooting this machine I was able to have my dinner
Finally, I have 20 full shells and 3 limited shells with me now and also I have unlocked IT and DEV network!!! sooon, I hope to have fun with "tunneling and pivoting" Well, that's the update for this weekend!! -
saraguru Member Posts: 46 ■■□□□□□□□□Ghostrider007 wrote: »Thanks saraguru and likewise to you too, am sure you'll crack it in the first go as well... You're becoming quite an inspiration (or atleast the speeds of you popping the boxes)... Are you using msf on some/any boxes or are you just manually working through these ?
Thanks a lotttt Ghostrider007!!! I too wish that I clear it in the first go..but I'm not so sure if i'll be able to do that
My aim is to get this Cert within the end of the year though..hope I can do that
Regarding MSF, till now I have used in about 4 machines...I know that out of the 4 I can get one without using MSF using some publically available exploit..however with the remaining 3 machines, i read from forum that, people who have done it manually have actually rewritten the MSF code to a standalone python script..I'm planning to do that in the end if I have time in the lab...and except these 4 machines I have exploited every other machine I own now manually -
22306 Member Posts: 223 ■■□□□□□□□□Hello, I am taking the course as well and i have pwned machines and i didnt have to use MSF at all (besides meterpreter which is allowed in the exams). PM these 3 machine names that you have to use MSF and ill let you know if they really need MSF.Thanks a lotttt Ghostrider007!!! I too wish that I clear it in the first go..but I'm not so sure if i'll be able to do that
My aim is to get this Cert within the end of the year though..hope I can do that
Regarding MSF, till now I have used in about 4 machines...I know that out of the 4 I can get one without using MSF using some publically available exploit..however with the remaining 3 machines, i read from forum that, people who have done it manually have actually rewritten the MSF code to a standalone python script..I'm planning to do that in the end if I have time in the lab...and except these 4 machines I have exploited every other machine I own now manually -
TreySong Member Posts: 65 ■■■□□□□□□□Ghostrider007 wrote: »Hi TreySong... If you're already in the pentesting world, then you already have half the job done ....
Am starting my lab time from 14th May (next month), have started prep work for it. But i know of 5 pentesters at my work place who cracked it in the first go. They didn't say it was an easy task, but not too hard for them as well due to their experience and am sure it will be the same for you
Keep us posted.... -
TreySong Member Posts: 65 ■■■□□□□□□□Hi everyone,
This weekend was the best for me and I experienced both painful & joyful time in the lab!! This Friday I experienced failures after failures..i tried about 3 machines but couldn't even find the entry point for any of them...later i decided to look at the forum for hints and found that all 3 of them had some dependencies...frustrated with the failures I didn't have the mindset to proceed with other machine today!!
And on saturday I rooted a machine and found network-secret file in it!! By this victory I have successfully unlocked the IT network ...I have been waiting to unlock a network for a long time and it happened today!! That moment, I was really feeling like floating in the sky!!!!!!
On sunday, I was working on a privilege escalation of a machine for which I have got a limited shell long long back...since I couldn't find any way after working on it for a long time I decided to get some hint from the forum for Privilege Escalation...Based on the hint provided I went back to the lab and rooted it within like 5 min or so...i was just shocked and asked myself "Did you miss something which was this obvious??!!"..so i decided to revert the machine just to ensure that I did root the machine in the right manner!! After reverting I was shocked to see that, what I had done earlier was not the intended way to root the machine and I just used a backdoor which someone has left behind when they were working!!! I was very sad and challenged myself to complete the machine within today...I tried everything which I could but still I was stuck..evening I talked to the admin and he gave me a nudge..And after an hour or so, I OWNED this box!!! Mannn, that was really awesome..I am learning very coool things which I had never even Imagined before taking up this course...And to add to the joy of rooting this box, there was another network-secret found on this box!!! so, I even unlocked the DEV network!!! it was back to back victory for me this weekend..in two days I have unlocked two networks...Only after rooting this machine I was able to have my dinner
Finally, I have 20 full shells and 3 limited shells with me now and also I have unlocked IT and DEV network!!! sooon, I hope to have fun with "tunneling and pivoting" Well, that's the update for this weekend!!