Removed

m4v3r1ck

Removed

adrenaline19

Find the lab book syllabus and start researching each chapter now. The actual pdf and videos you receive with the course won't teach you anything. It's garbage.

All of the real learning happens in the lab, by yourself.

ITSpectre

m4v3r1ck wrote: »

I managed to accomplish that. I also managed to get a limited shell on Alice. I happened to remember the exploit from a course I watched on Cybrary.

Do you remember the course name?

wd40

I am going through the same course on Cybrary, however I am skipping the winxp exercises and the windows based tools, do you think that I should go back and do them or will the newer windows 7 exploits and Linux tools be enough for the OSCP

EnderWiggin

m4v3r1ck wrote: »

Finally, I think it's good to mention that I have full support from my girlfriend. I briefed her on the course and the hours required before I purchased it. She's as fully committed as I am. Maybe she's secretly going to enjoy the alone time, who knows!

"So if you get this, you'll then be making six figures? (Damn this diamond is gonna be huge!) Whatever you need, I got you babe!"

adrenaline19

You should write a small post exploit looting script. I have found it to be extremely helpful to make sure I didn't forget anything. Even if you just write down the things to grab and check them off individually, it's still better than just wandering around the box hoping to hit stuff.

Alice is everybody's first, lol.

If you popped her, you'll already know your next two victims.
If you don't know what I'm talking about, go back and check your enumeration notes.

wd40

m4v3r1ck wrote: »

There are several XP machines in the lab that I've discovered already. I wouldn't skip anything. Pay close attention to her Meteasploit section as well, but learn how to also execute the same exploit without using Metasploit.

Thanks, I will go back to the xp sections after finishing the course.

adrenaline19

The second exercise to finish buffer overflows is no joke. I thought it was the second hardest exercise behind the LFI RFI exercises.

If you write down each step in buffer overflows and follow them one at a time, it won't be so overwhelming. Just focus on the step in front of you and worry about the rest after that.

Write out an enumeration check list too. I made one and used it for every single box.

technobro

Sup M4v

Nice to read your post. I am also stating this month.
Send you an invite.

looking forward to fallow your journey. GL

LonerVamp

Good luck! I like the rolling totals on time spent and progress and such. That sort of organization tickles my deeper happiness regions.

technobro

Interesting... i guess they expect you to already know msf pth . or they want you to learn on your one , or perhaps its just absurd and not in the right order.

any idea why i cant send you pm . or even check my own

technobro, you do not have permission to access this page. This could be due to one of several reasons:

1. Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
2. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

katawia

technobro wrote: »

Interesting... i guess they expect you to already know msf pth . or they want you to learn on your one , or perhaps its just absurd and not in the right order.

any idea why i cant send you pm . or even check my own

technobro, you do not have permission to access this page. This could be due to one of several reasons:

1. Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
2. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

@technobro,
You gotta do more posting and your request/requirements will auto-magically appear...in short just post and see around 8-10 or so

technobro

thx . sorry M4v for the hijack there

7777777

Best of luck to you. I start my course next week. I would like to have the same dedication you have to the course. If you wanted a study-buddy let me know.

JoJoCal19

Awesome work m4v3r1ck! I'm following your thread closely as I start the course on September 30th.

hal9k2

Interesting thread to follow

Good luck.

hal9k2

m4v3r1ck wrote: »

The exciting thing was that I have still been able to craft all of my own exploits manually.

What are your sources to get more info about exploit writing?

technobro

Nice read. are u sure the poping your own box have anything to do whit apache ? you seems convince ... ?
the reason i ask is i always use apache .... i cant agree more the IDE ... so andy

i many case if possible i input as file.txt and write on the server as php.
just so it dont execute in ur own browser.
and then browse the destination... executing it on the remote srv


Way to go , keep it up

vynx

adrenaline19 wrote: »

Find the lab book syllabus and start researching each chapter now. The actual pdf and videos you receive with the course won't teach you anything. It's garbage.

All of the real learning happens in the lab, by yourself.

i think pdf and videos is fishing rod, the rest how to get the fish, is really depends on man behind the gun
really need a lot of practice

EANx

vynx wrote: »

i think pdf and videos is fishing rod, the rest how to get the fish, is really depends on man behind the gun
really need a lot of practice

A man using a fishing rod as a gun to catch fish needs all the help he can get.

vynx

sure Sir.... definetely agree with that

vynx

agree with your statistics method

Hornswoggler

BEAST!! Keep up the great work! I started a month ago and just finishing up the exercises.. Props to your dedication and focus! I'm sure we've crossed paths in the slack channel.

Hornswoggler

Yep! I'm on there as cmizeur. I'm slow as a turtle but managed to root sufferance this weekend.

Pseudonym

Well done on your progress so far OP. Got to say, this looks like the most fun and satisfying cert out there.

Hornswoggler

I predict you'll crush the exam. When you taking it?

Pseudonym

Out of curiosity, are you able to lab at work? 14 hours is a long time haha

ottucsak

Great progress, you are a real inspiration!

Hornswoggler

I'm shooting for November 13th but might move it forward if I have good progress in the labs.

Khohezion

You are amazing man. I tried the OSCP a while back and get burned so hard. Please keep updating this thread and I wish you the best of luck.

CyberCop123

adrenaline19 wrote: »

Find the lab book syllabus and start researching each chapter now. The actual pdf and videos you receive with the course won't teach you anything. It's garbage.

All of the real learning happens in the lab, by yourself.

I can't agree with you on this. I've hacked a few VM's from vulnhub, had decent scripting knowledge and some decent konwledge of nmap, nikto, dirbuster, sqlmap, etc....


I think the PDF is very well laid out and covers some good points, and is a good reference for the future. I've made a lot of notes from them.


I do find the videos sometimes a bit tedious, e.g. it's kind of just repeating what you've read. HOWEVER, in certain times they do cover valuable things. On buffer overflows they were valuable as it was good to actually see it working and have a voice talking you through it. It made it clearer.


The exercises - I really really don't like them. In fact I'm very close to just not doing them. Often the exercise will ask you to something quite out of scope which doesn't make any sense. It also frustrates me that they often don't provide any guidance or answers. I know it's all about "Try Harder", and I am, but it's a lab book, a training guide, a reference, so it would be nice if it tested you and also walked through the answer and reasoning. Even if you got it right, it's nice to know that.