OSCP journey starts 4/29/17, Lets go!
Blucodex
Member Posts: 430 ■■■■□□□□□□
I was going to sit for the CISA in May but knowing I'll be starting my MS at WGU this fall I decided this may be the only chance I get to take this training (work sponsored) with plenty of free time.
I've been reading the forums and think I have an idea as to how much time I will need to put in. I signed up for 90 days of lab access. This next month I'll be working on the boxes at vulnhub, reading, reading, and I'll be putting together a binder with commands, tips, and techniques that I learn this next 3.5 weeks.
Any advice or relevant chat group recommendations are welcomes and appreciated. In a perfect world I'll get this done right before I head to DefCon this summer.
I've been reading the forums and think I have an idea as to how much time I will need to put in. I signed up for 90 days of lab access. This next month I'll be working on the boxes at vulnhub, reading, reading, and I'll be putting together a binder with commands, tips, and techniques that I learn this next 3.5 weeks.
Any advice or relevant chat group recommendations are welcomes and appreciated. In a perfect world I'll get this done right before I head to DefCon this summer.
Comments
Degree: B.S. in Computing Science, emphasis Information Assurance
Certifications: CISSP, PSP, Network+, Security+, CySA+, OSWP
This is something I should have pursued in my late teens and 20's but I was too busy chasing girls and being stupid. I'm fortunate that my fiance works nights and weekends so putting in 30+ hours a week won't be an issue or leave me laden with guilt
Degree: B.S. in Computing Science, emphasis Information Assurance
Certifications: CISSP, PSP, Network+, Security+, CySA+, OSWP
Well done you! I am hoping to start sometime this month or early next month if I can sort out the compiling of PwK on VMware Fusion on my MAC OS X!
This post IMMEDIATELY reminded me about RFC 2468!
Master of Science in Information Security and Assurance - Western Governors University
Bachelor of Science in Network Administration - Western Governors University
Associate of Applied Science x4 - Heald College
Looking forward to tomorrow when I can sit down with a large block of time to try and crack Alice.
Good luck, and have fun learning!!
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Learned a lot today through the lab manual and my own research. I feel like there is still so much to do with this box that I want to try out. So I'm going to try and accomplish a few more things before I call it a night. I still don't know if I've gotten shell access since this is all new to me but I did change the local Admin password. Haven't done anything with it yet though.
Edit: I was able to verify I'm operating as the systemprofile.
In case of windows, if the user you are logged in/having a shell is a member of either Administrators or System then it is fine I guess and in case of linux you must be root. Beware that in some cases you may be able to grab the proof.txt file without being a root or system user and that is not taken into consideration.
I thought it was always time to chase girls, be stupid and party... Unless it's 9pm, then it's bedtime.
No one will care about my MCSA or any other cert I've earned. I do, though. That's why I do things. For me. My tombstone will read - "Game Over, man!"... that, and "Excellent father and husband, here lies Dustin Harper, MCSA, CCNA, CISSP, CEH, A+, Net+, Some CIW BS, and donut connoisseur."
Good luck! I hope to conquer it when work pays for it and for a personal goal.
I'm not sure how discreet is enough so I don't want to give too much away. I probably spent 30 minutes searching for answers before I felt confident I was able to verify I had the most privileged shell access.
And I will agree on your statement about the proof files. Simply grabbing them does not mean you have highest privilege.
I should have had this box last night. I made a mistake and didn't do one small thing. The funny part is I thought to myself last night "don't I need to do _____ ?" but I ignored my gut and ended up spending a few hours chasing other avenues.
Tonight I reverted the machine and started over. Boom, had root and proof.txt very easily.
On to more boxes!
Well, I just really jumped in. For anyone without pen-test experience I would say that knowing the tools, learning how to enumerate, and practicing CTF's is a great way. Once you have the PWK materials I would say make sure to do both the labs and videos. There is a lot of good stuff in there that will help shape the way you do self research on exploits.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Agreed. My problem is really sifting through it all and figuring out what is worth using. There is way too much content and a lot of it is ehhhh. This is naturally a time sink so I'm trying to use my time as efficiently as possible. I'd rather use fewer resources that are thorough rather than collecting knowledge in a million fragments off different hacker blogs. Obviously that is an important data source but for learning the basics, there's got to be a few well written books or something, no?
I wanted his perspective as I'm in a similar boat. I'm well aware of all the vulnhubs and hacklabs but I'm more concerned with materials like books and webpages that focus on teaching workflow, methodology, and underlying concepts of things, etc. I can read man pages of tools and vague blog posts all day long and attempt to practice in all the convenient ways out there. But trying to develop my own methodology from scratch is feeling really slow.
It's quite possible this is just the stage I'm at and with enough sifting and practice all the pieces will feel a little more together and the process won't feel so confusing and abstract...
Or maybe I'm just slow, and people in daily life are nice enough to not mention I'm an idiot
Georgia Weidman's book Penetration Testing: A Hands-On Introduction to Hacking is pretty much the de facto book on overall pentesting, especially for newbies.
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
You just have to put in the time brother. I feel like no time is wasted because you often learn more from your mistakes and I am finding that I am learning a lot just while searching for exploits even when they end up not being applicable. You may find some answers to later findings.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
You bring up some excellent points!
I see some people get so wrapped up in the hacking (the fun stuff!!), they don't put the same focus or discipline into the business and soft skills to run a good pentest program. I spent way more time creating meetings, scope documents, reporting, etc. than I do on a terminal. It certainly takes structure and discipline to manage the supporting tasks.
It's not for every budget but the SANS SEC560/GPEN sounds like a perfect fit for your needs. Ed Skoudis is excellent at taking these complex topics (both business and technical) and making them very, very easy to follow. You aren't just thrown into the deep end. I too would like to go after the OSCP someday, but I would just as much benefit from a Visio or PowerPoint class, lol. All good stuff and glad to see a post thinking about methodology and workflows!
Degree: B.S. in Computing Science, emphasis Information Assurance
Certifications: CISSP, PSP, Network+, Security+, CySA+, OSWP
I'm 60 days in and have not done nearly enough. In a perfect world I would suggest at a minimum 30 hours a week.
With my newfound optimism I got straight to work on Mike. Mike was a lot of fun. Very different compared to the rest of the boxes I've done--definitley my favorite for now. Again, I think there may have been a quicker way but I was having a hard time getting it to work. I ended up getting system by thinking "differently". Thinking like a different job description than I had been. It was actually really straightforward at that point.
Hopefully I can keep up the steam. So far I've rooted Alice, Barry, Ralph, and Mike. I have a low priv shell on bob and will need to come back to him sometime soon. Might try another machine or two first though.