Removed

CyberCop123

I'm tempted to make my own thread on the OSCP. I am 3 weeks into my 90 day course now. I'm stunned by how quickly you've gone through the materials.

My plan was:

Weeks 1-4: Read the PDF, watch videos and make notes... come up with enumeration checklist and some scripts
Weeks 5-12: Do the labs and improve checklist, work on skills and get faster with the machines

...

I'm on page 280 of 375 and a bit behind due to not being well. I found the buffer overflows quite difficult and after about 2 days I moved on as I needed a break. I will go back at some point when I'm fresh and re-do them. I got the overflows to work, but didn't quite grasp each step and how the debugger was working, and the different registries.

As stated in my post above, the exercises are annoying in my view. I was naturally doing them without realising at first, as it would teach you say, nmap scans which i was trying as I read and learned. The exercise would then say 1) do the nmap scans and record results.... but it would also ask you to do something really weird which wasn't covered and was out of scope with where you were in the course. The fact it offers 5 extra points is a bit silly in my view.

I have the whole of next week off work, so I really want to finish the PDF and Videos by Sunday, meaning that I have ALL of next week to start with the labs. I hope to do around 6 hours per day.

I'm very keen now to start the labs as I feel I'm getting a bit lost in more and more tools and syntax. I know when I start I will become far more fluent, my enumeration will start to flow better, etc... At the minute it's entirely theoretical, even when you try the exercises as they're all set up to work and be exploited.

CyberCop123

Sorry, one more post - best of luck to you with the course, sounds like you're doing very well.

Just one question, when you started the labs did you do large network wide scans for vulnerabilities and exploits? E.g. running an nmap script over the entire network for an easy target? Or did you just pick a box and start hacking it?

Thanks and good luck again

CyberCop123

m4v3r1ck wrote: »

I made it my goal to push through the lab materials as quickly as possible as I wanted as much time in the labs as I could have. I believe I was able to work through the material so fast because I had studying up a little bit on coding, ethical hacking, and knew some tools from the CEH course. The buffer overflow section is a beast, but just keeping pushing through it. I'm on Slack all the time if you ever have questions pertaining to the exercise. My understanding is one of the exam boxes is pretty much like the exercise, but I haven't taken the exam, so take that with a grain of salt.


When I started the labs, I did not do any vulnerability scanning outside of what was required in the exercises. I kind of picked what looked "easy" (i.e. had only a service or two running), but even then, that's not always accurate. Some of the boxes with a lot of services open are much easier. I just like the narrow focus of having a single port or two to enumerate. I definitely shied away from attacking any web services as I feared that these were going to be full of SQL injections and other shenanigans that I was not comfortable with. It turns out, most of the web boxes have been pretty easy. You run Nikto or Dirbuster on them and enumerate what services are running. There generally tends to be some sort of vulnerability there.


You'll start to notice the easy targets as you go. My advice is to avoid using any vulnerability scanner outside of maybe NSE. MSF auxiliary isn't really allowed outside of one box on the exam and the other scanners (i.e. Nessus, OpenVAS) are prohibited. I also highly advise using Metasploit where you can. This may be against what others say, but it'll help you pin point you exploit and execute it. You can always read the code later and rewrite the exploit to work manually. I've heard the exam has the BoF box and a super easy MSF rooted box. Again, grain of salt. However, if true, you could knock out 2/5 boxes in an hour or two then focus on the other 3.

Thanks for the useful advice there.


Interesting advice about Metasploit, I'm glad you've mentioned that as I was going to try to avoid using it as it's not allowed in the exam, but it makes COMPLETE sense to try it, then reverse engineer what you did to really learn how to do it manually. I'd probably be lost otherwise.


Yea like you said, I don't plan on using OpenVAS or Nessus at all. I'm sticking to the standard tools like nikto, nmap, dirbuster, hydra, etc...


I've made my own blog now so I don't hijack yours... if you're bored, it's here:


http://www.techexams.net/forums/security-certifications/129407-cybercops-oscp-blog.html

CyberCop123

m4v3r1ck wrote: »

I spent most of the morning/early afternoon working on my lab report. Now that my formatting is done, it seems to be coming together a lot faster. I have reports written for 3/10 machines. I hope to wrap up the other 7 tomorrow.

Can you explain what you mean by this?


I understand that many get a report prepared in advance, but what machines are you referring to as obviously you haven't had any access to the exam machines yet.


Is there lab machines that are also supposed to be documented in the report or something?

p@r0tuXus

CyberCop123 wrote: »

Can you explain what you mean by this?


I understand that many get a report prepared in advance, but what machines are you referring to as obviously you haven't had any access to the exam machines yet.


Is there lab machines that are also supposed to be documented in the report or something?

CyberCop123 -

Bonus points towards your Exam can be earned by preparing a lab report which documents your work through some of the lab machines. I believe the awarded point value has decreased just recently so I couldn't tell you what it is. However, right below is a good thread on some resources for that final report.

http://www.techexams.net/forums/security-certifications/128309-oscp-lab-exam-report.html

Hornswoggler

I put 100+ pages of exercises in my lab report but once I got to the part about creating Metasploit modules I quit. I'll put that 5 points worth of effort towards exam prep. If I can't use Metasploit on the exam (except for one box) I'm not going to fill my brain with it at this time.

JoJoCal19

m4v3r1ck wrote: »

Trying to end this madness as quickly as possible :P

Until you start the next madness that is OSCE

hal9k2

Hey,

I assume that checklist is some kind of methodology, step by step with commands you will follow trough the exam boxes? If so please share it here

CyberCop123

I'd be interested in how you organise your notes during the hacking. I'm using KeepNote in Windows and I'm still a bit all over the place with structure.

I have a folder with the IP set as the target then inside I have 2 pages:

--- Information Gathering (scans, dirbuster, etc....)
--- Hacked - for when I have some form of access and now I have privilege escalation to do

I'm thinking of maybe having pages like "Nmap scans.... "dirbuster results" etc... but think it may be a bit excessive.

My other thought was to have a folder for each port that is open

lsimon305

It is worth using and practicing with Metasploit for the labs and with VulnHub? I ask because the rules for the OSCP exam state that you can only use Metasploit for one machine so I’m thinking it’s not worth it, unless I’m wrong?

jibtech

For the OSCP specifically, and penetrating in general, it is a good idea to learn and use every tool you can get your hands on. Metasploit is a reality in the testing and real world. There is no way I would want to work in pen testing without having a thorough understanding of the industry standard tools.

katawia

...and with your preparation, I wish you success with a prayer to support.

CyberCop123

m4v3r1ck wrote: »

Very quick update again. I'll be writing a detailed post in the next coming days.

I'm about 17 hours into my exam right now. I was able to root 4 boxes in the first 14 hours or so for 80 points. I've decided that I would rather write my report now and perfect it than try another box. Fingers crossed, but it's looking like a pass.

That is fantastic ... well done! I'm a bit jealous


Out of interest how did you find the exam in comparison to the labs, I'm guessing it prepared you pretty well?

Hornswoggler

Awesome!!!!!

katawia

m4v3r1ck Congratulations!!!

The intense effort paid off...waiting for your write up to learn a thing or two.

clarkincnet

Awesome!

vynx

two thumbs up

hal9k2

Awesome man, I am happy you make it!!! I was with you on this post from start For myself I am starting from 12 Nov. I hope I will keep focus on the course same as you. Few questions: 1. Whats the BoF meaning? 2. I was checking your nmap strategy, in your nmap snippets, '$1' it's a network range of a single IP? However I can't assign '1' as name to any variable. i.e : root@kali:~/PowerSploit# export '1=10.0.2.19' bash: export: `1=10.0.2.19': not a valid identifier 3. Can you give the slack channel invite/address? Thanks for answers and best of luck! For some freaking reason this post keeps words in one line...

vynx

m4v3r1ck wrote: »

Hi,

Thank you for the kind words!

1. BoF means buffer overflow
2. $1 means a variable in bash. So it calls the first argument you give. i.e. ./script.sh 192.168.1.2 would scan 192.168.1.2 in place of $1
3. netsecfocus.slack.com

4. try harder ...

CyberCop123

Can I just ask about the documentation during labs...

Did you use the PWK Report Template to start properly writting up exploited machines as you downed them? I'm going to spend some time this weekend re-doing some of the machines as I don't think my notes are that good, and also I want to start the lab report now as a good reference and also to just get started on this side of things.

vynx

template report maybe shareable thing, but someone's documentation for labs / exercise / exam i dont think its shareable thing...

psheehan5

Good morning All!
M4v3r1ck, thanks for the posts. Which Python course did you do at Cybrary? I see several there: Intro to Python, Python for Security Professionals, Python for Hackers, etc. Thanks in advance! PS

psheehan5

Thanks very much!

Paolo264

Well done dude, very well done...

CyberCop123

m4v3r1ck wrote: »

Sherlock was a tad bit annoying because you only get one crack at your exploit. If it misses, you're reverting your box and starting over. I used probably 10 reverts today on Sherlock alone.

I had the same experience and in fact I ran out of reverts.


I managed to get my exploit working manually using a Python Script on my XP VM. It didn't work on the lab machine but after looking at the ruby script for Metasploit I saw that the offset was ONE CHARACTER different.


Probably because my Lab machine is XP SP2 and the lab one is XP SP3.


I learned loads from doing this particular machine, and it's been my favourite so far

BaraSec

Sorry for the interruption but, any idea why my posts aren't being approved ?! it's been hours !

ottucsak

Why CCNA Security? I think CISSP has a higher value, so it's pointless to take CCNA Security, unless you are actually interested in the course material.

ivyvald

Congrats!!

OSCE isn't too bad

Rooting for you to get your infosec/cyber start!

Blucodex

Great job Mav, you really knocked the OSCP out of the park.

hal9k2

Hey m4v3r1ck

What is your opinion on ECPTX Certification (https://www.elearnsecurity.com/certification/ecptx/) from eLearnScurity?