Options
OSCP - aka: Running head first into a brick wall - a journey
Comments
-
Options
CyberCop123
Member Posts: 338 ■■■■□□□□□□
Popped "Oracle"
It was far too easy which makes me think I need to go back and do it the hard way ...
ROOTED: 12
Yea i did I the same as you I think using metasploit.
There is a python script that does the same thing with minor changes.
I may go back but for now ive just carried onMy Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
OptionsCyberCop123
Member Posts: 338 ■■■■□□□□□□
Quick tips: you will slowly build up a good enumeration workflow
Yea that's very true.
At first I was really beating myself up about not having any methodology but slowly it's come just naturally. I'm still very disorganised at times but generally I'm following the same process each time.
My note taking starts off good with each box, but I then start just throwing different exploits and don't note which I've tried.
Additionally, as I've enumerated more and more lab machines, I've seen the same things each time, e.g. some ports come up a lot but aren't valuable, you quickly can identify when a port is not really going to go anywhere.
So I think in that respect you start to get an instinct and an idea early on about which direction things are going in
Good work for only 3 weeks in! Keep it upMy Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
Options
BuzzSaw
Member Posts: 259 ■■■□□□□□□□
Oh, something else fun I did ...
I took over a big white board at work that is in a common area. I'm writing my hit list on it and crossing out names! It looks cool, and is good motivation to be able to cross off names on a board the next morning after my exploits at night
-
OptionsCyberCop123
Member Posts: 338 ■■■■□□□□□□
Hey,
As you've seen on my blog I've also had 1-2 weeks of not doing much due to general life being in the way, so I know exactly how you're feeling.
I'm similar to you, I don't mind repeating some steps. It's funny as the further I get into this, the more I look back on earlier boxes and see how poor my appraoch was, and how all over the place my notes are. So I fully expect and I'm happy to go back to some of them - especially for post exploitation, and have a better look at IP configurations, network layouts, etc...
I'm really keen to try to break out of the public network if I can.
Haha, that's funny about the white board, do your colleagues know what you're up to? I hope so or they'll start worrying about you just writing "SUFFERENCE" in massive letters and GH0ST
Keep up the good work!My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
OptionsCyberCop123
Member Posts: 338 ■■■■□□□□□□
Buzz saw - was the new machine you hacked with Metasploit ORACLE?My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
OptionsCyberCop123
Member Posts: 338 ■■■■□□□□□□
ROOTED PAIN!
I dug in and rooted PAIN tonight. It was a great learning experience and probably more closely resembles a real world example.
Some Tips for PAIN:
- As with all servers, you should have write access to atleast one place in the file system
- Make sure when you are trying your exploit you know what it is actually doing ... I had to stare at C code for awhile before it clicked with me!
Updated hit list:
ROOTED 16
ALICE | MIKE | BOB | BOB2 | BARRY | PAYDAY | RALPH | PAIN | TOPHAT | DJ | ORACLE | KRAKEN | MASTER | CORE | JD | NINA
Hi Buzz,
I logged on to respond to your PM and then saw this post - well done!
This is exactly like me... I think I actually posted on my thread that it taught me to at least have a flick through the code and just see roughly how it's laid out. It's also made me want to start properly learning C as it's coming up so frequently.
Good progress, you've overtaken me though - I will have to try to overtake you or at least catch you up!My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
OptionsCyberCop123
Member Posts: 338 ■■■■□□□□□□
This was the first machine I ran linuxprivchecker against.
Weirdly... me too! I'd heard about it, but I ran it.
I even stumbled through a few of the results and then sort of felt I was losing my way.
A bit like you I went back and it jumped off the page when I actually looked at the code and comments! Lesson learnedMy Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
Options
McxRisley
Member Posts: 494 ■■■■■□□□□□
Just a fair warning, you are revealing a little too much about some of the lab systems in these posts. Please delete this info so that it doesnt spoil it for others and to not draw the attention of offsec, they have admins who lurk here.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect. -
OptionsBuzzSaw
Member Posts: 259 ■■■□□□□□□□
Just a fair warning, you are revealing a little too much about some of the lab systems in these posts. Please delete this info so that it doesnt spoil it for others and to not draw the attention of offsec, they have admins who lurk here.
there ya go ......
Might want to go chase down the 965 blog posts on the interwebs too and let them know ........ -
OptionsMcxRisley
Member Posts: 494 ■■■■■□□□□□
Just saying, you should respect the rules of this forum and Offsec. You devalue thier training by giving up too much about the lab systems.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
-
OptionsBuzzSaw
Member Posts: 259 ■■■□□□□□□□
Just saying, you should respect the rules of this forum and Offsec. You devalue their training by giving up too much about the lab systems.
Sure thing -- Didnt mean to reveal too much -
OptionsMcxRisley
Member Posts: 494 ■■■■■□□□□□
Thank you, it's ok to talk about rooting the box, you just have to avoid being too specific like not mentioning the language the exploit is in or certain tools that you used. Because a lot of times, these can be dead giveaways for those who are in the labs and scouring for hints. I know I spent countless hours searching the web for even the smallest of clues sometimes lolI'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
-
OptionsCyberCop123
Member Posts: 338 ■■■■□□□□□□
Just a fair warning, you are revealing a little too much about some of the lab systems in these posts. Please delete this info so that it doesnt spoil it for others and to not draw the attention of offsec, they have admins who lurk here.
im a bit confused tbh as what has been discussed is on the OSCP forums themselves. I also feel that Buzz has been very diplomatic with his posts
Thats just my take on it
I'm pretty eagle eyed about giving too much away and only 2 days ago I emailed OFFSEC about a GitHub account which had a walkthrough for some of the lab machinesMy Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
