CyberCop's OSCP blog

Hornswoggler

Great progress!! Keep up the good work!

ITSpectre

BuzzSaw wrote: »

Lotus notes is where its at! come on!

I use "OneNote"

works good for me

CyberCop123

Oh and on the subject of note taking, I've recently started using GitHub for writing up guides on certain areas and I've found it to be absolutely perfect for my needs.

Formatting is so quick, easy and clean.

I've organised things into certain areas:

smb.md
payloads.md
file_transfers.md

All nicely typed up and ready for copying/pasting

So I'm kind of re-writing all my notes into this format so they're remotely accessibly anywhere, in a nice easy format, and will be there for years to come to refer to.

BuzzSaw

Nice work man. Looks like you've jumped a head of a bit on the hit list

I think you and I are learning very similar lessons. Ralph in particular was a turd to me. Also, DJ as well .. So let me know what you find when you get to that point - PM me! I wont give it away obviously, but I can help in the typical OSCP fashion hah

Oh and for what it's worth, my thought process on the report and note taking:

1. I have note taking in one note that is more around the actual learning process
- This include useful tools, syntax, etc ..
2. I have note taking on the Kali box that I use strictly for lab reporting

I am trying to write each machine in a way that someone with lesser knowledge could replicate my take down of the box by (mostly) following my screen shots. This is probably overkill, but if I were actually being paid to do this, I would think a customer would like that level of detail and may help them in understand mitigation steps. And honestly, it only takes a couple more minutes as screenshots pretty much tell the story

I also have the screenshot utility in kali auto save all of my screenshots which then get backed up to my local host (And then into the cloud) I'm super paranoid about losing work hah

BTW: good job on pain man ... I haven't event started on the big tough monsters .... yet .... but I guess that's ok. I'm only 3 weeks in now

On a side note: Are you starting to feel like a badass? It's a catch 22 ... in some ways you're like "DANG, I can actually do this! Like for real?!" ... then in someways you're like "I feel like a 2nd grader learning what a keyboard is ..."

CyberCop123

BuzzSaw wrote: »

Nice work man. Looks like you've jumped a head of a bit on the hit list

I think you and I are learning very similar lessons. Ralph in particular was a turd to me. Also, DJ as well .. So let me know what you find when you get to that point - PM me! I wont give it away obviously, but I can help in the typical OSCP fashion hah

Oh and for what it's worth, my thought process on the report and note taking:

1. I have note taking in one note that is more around the actual learning process
- This include useful tools, syntax, etc ..
2. I have note taking on the Kali box that I use strictly for lab reporting

I am trying to write each machine in a way that someone with lesser knowledge could replicate my take down of the box by (mostly) following my screen shots. This is probably overkill, but if I were actually being paid to do this, I would think a customer would like that level of detail and may help them in understand mitigation steps. And honestly, it only takes a couple more minutes as screenshots pretty much tell the story

I also have the screenshot utility in kali auto save all of my screenshots which then get backed up to my local host (And then into the cloud) I'm super paranoid about losing work hah

BTW: good job on pain man ... I haven't event started on the big tough monsters .... yet .... but I guess that's ok. I'm only 3 weeks in now

On a side note: Are you starting to feel like a badass? It's a catch 22 ... in some ways you're like "DANG, I can actually do this! Like for real?!" ... then in someways you're like "I feel like a 2nd grader learning what a keyboard is ..."

Thanks dude, yea this weekend was nuts, a bit too much actually as I barely slept and just felt so tired today at work. I've tried to do some more tonight.

I managed to get one more box down which was HELPDESK which was very easy.

I'm also using a screenshot program in Kali called Shutter - you can tell it where to save screenshots, so I've picked the shared folder so I can access it from Windows, it's worked well so far.

I think you're approach to notetaking is good, absolutely nothing wrong with being ultra clear in the notes, and treating it like you would in the real world.

On Saturday and Sunday I felt like the worlds most elite hacker... and then I got stuck again on one of the lab machines and realised I'm still pretty clueless hahahaa.

This evening I've had a very half hearted attempt at BETHANY again. I then read (on this forum) that it's actually one of the most difficult boxes to escalate, so I think I will leave it for a weekend when I'm off and not tired. I also tried hacking OBSERVER but a bit confused by that one. I'm really tired so I'm going to stop now as I just have no energy at the minute!




Rooted (15): Alice, Alpha, Barry, Bob, Helpdesk, JD, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sherlock, Tophat

BuzzSaw

You and me both!

I was beat and wiped out over the weekend. On Sunday night I went to log into the lab, and I just felt lost and dazed. Mental fatigue and OSCP don't mix well at all!

I briefly looked at helpdesk. You must have found a vector easier than I did because nothing jumped off the page at me.

Also, I don't want to give anything away ... but .... I think CORE may be of interest to you ......

CyberCop123

WEEK 10 - UPDATE

Managed to root DOTTY tonight which was a bit of a ballache. Quite a long time spent trying to get in but got there in the end after about 3 hours.

I'm really tired tonight and made some hearted attempts at two other boxes which went nowhere.

Im working from home tomorrow and may be able to squeeze in some more hacking toward the afternoon. I'm hoping to get 3 more boxes rooted by Monday.

BETHANY is killing me! Privilege escalation is a major major weak point of mine. I'm going to return (for the 3rd time) to this machine on Sunday when I have lots of time and hopefully energy too

Rooted (16): Alice, Alpha, Barry, Bob, Dotty, Helpdesk, JD, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sherlock, Tophat

CyberCop123

WEEK 10 - Update

Well, it's fair to say this entire weekend has been a bit of a nightmare. I had wanted to crack 3 more machines but flopped majorly and just went round in circles for hours.

The biggest issue has been tiredness and mental fatigue. I've not been sleeping well and have just felt dazed for several days now meaning I've found it hard to think and concentrate.

My attempts have been half hearted as a result.

Honestly the OSCP has taken over my life and I think about nothing else. It's nearly 4pm and I've stopped for the rest of the day. Just need a break I think.

Anyway, I've rooted 16 and ideally wanted to get to 20 by the end of the day which is not going to happen.

I have around 3 weeks lab time left.

My plan is to extend for 3 months and book an exam attempt half way through that time. So probably around end of January time.

Arrghhhhh very frustrating! Anyway ... time to chill out

CyberCop123

WEEK 11 - UPDATE

It's been a bad 1-2 weeks in respect of OSCP. I've had the same 4-5 Targets which I haven't cracked and I've just been going around in circles. Thankfully in the last day or two I've had a bit of success with one of them, and also rooted a new one too.

Managed to root SEAN which took me ages to get the initial shell

Also rooted BETA which was a really fun one as it was a vulnerability I haven't seen in any other shells before and I learned some really good stuff with it

I've also managed to gain access to The IT Network a different subnet to the main one. I also set up some SSH pivotting to access some of the internal intranet web pages. Not done anything else apart from some internal nmap scans, but will come back to this later, and try to root some of the IT machines too.

I've now written up 6 of my hacks into a lab report which is currently 60 pages long - not much text, just Heading -> screenshot and repeat just showing the steps taken to get to root.

I've still got 7 other hosts which are in progress, again going around in circles with them a bit. I want to try to root some of them and start on some new ones.

My lab access runs out in 14 days time. I plan to extend this for another 2-3 months until I'm super confident about the exam.

Rooted (19): Alice, Alpha, Barry, Beta, Bob, Dotty, Helpdesk, Kevin, JD, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Tophat

NEODREAM

A little bit late to this thread, but wanted to wish you good luck on your studies! I'll be following this thread as I am looking to attempt this monster sometime towards the end of next year possibly.

Wishing you the best and thanks for sharing your journey!

CyberCop123

NEODREAM wrote: »

A little bit late to this thread, but wanted to wish you good luck on your studies! I'll be following this thread as I am looking to attempt this monster sometime towards the end of next year possibly.

Wishing you the best and thanks for sharing your journey!

Thanks for reading!

Good luck for when you go for it. It's not too bad, just keep plucking away and you learn as you go.

My main mindset is that there is no rush. I see so many (probably more experienced) post things saying they signed up for 30 days. That's a really really short amount of time even for the experienced person.

Anyway, will look forward to a blog from you when you start the journey!

CyberCop123

WEEK 11 - FINAL UPDATE

it's 2am so technically I guess it's week 12 ...

Managed to full root Leftturn- really fun machine despite getting stuck at the very first hurdle! I read someone mention it was their favourite machine. I'd say it's definitely in my top 3. A satisfying one to get.

Ive now rooted 20 so a bit of a landmark figure. I'm really looking forward to getting to 30 which many say is the minimum needed before trying the exam. I will do the exam when I feel ready. Most likely towards the end of January.

Ive yet to attempt Sufference, Humble or Gh0st. I will try them when I have 1-2 free days and feeling really up for it.

ROOTED: 20

CyberCop123

Managed to finally hack Bethany- well I got an Admin shell after escalation but can't get System. I'm moving on anyway as I got proof.txt from it and have already spent about 4 days on it. I needed some hints from the forum. But got there eventually and it was really challenging.

Ive run my enumeration script against Humble - ​and will start to look at this properly at the weekend when I have some proper time. I've had a quick glance at the results and some of the services but will dedicate some time this weekend to the machine. I have two days spare and hope to make some progress with it


Rooted (21): Alice, Alpha, Barry, Beta, Bethany, Bob, Dotty, Helpdesk, Kevin, JD, Lefturn, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Tophat

Mooseboost

Not rushing it is definitely the way to go. You are making good progress and being realistic about it.

Looking forward to seeing your "I passed" post.

CyberCop123

Mooseboost wrote: »

Looking forward to seeing your "I passed" post.

Me too!

CyberCop123

WEEK 12 - UPDATE

Not been a great week so far. Not had much chance to do much work and what I have done hasn't been productive.

I'm really stuck on one machine - it's not a hard one, in fact I think it's one of the easier ones but the privilege escalation is just a MASSIVE WEAK POINT for me.

With this particular machine I know the route in to escalate privileges but just can't figure out exactly how to.

It's ridiculous sometimes on the OSCP that some of the more difficult things are easy, yet you have blindness to the easier ones. It's happened before, where you struggle on a really simple thing because you're just thinking way too much about it.

Anyway, I will try again tonight and possibly forget it and move on as I've wasted about 12 hours on this particular machine.

Got the whole of Saturday and Sunday to work on it so hopefully I can up my numbers.

My lab time expires in 10 days time. I will buy another 30 days as money is very tight and I can't afford much more. I'm planning my first exam attempt towards the end of January.

BuzzSaw

CyberCop123 wrote: »

WEEK 12 - UPDATE

Not been a great week so far. Not had much chance to do much work and what I have done hasn't been productive.

I'm really stuck on one machine - it's not a hard one, in fact I think it's one of the easier ones but the privilege escalation is just a MASSIVE WEAK POINT for me.

With this particular machine I know the route in to escalate privileges but just can't figure out exactly how to.

It's ridiculous sometimes on the OSCP that some of the more difficult things are easy, yet you have blindness to the easier ones. It's happened before, where you struggle on a really simple thing because you're just thinking way too much about it.

Anyway, I will try again tonight and possibly forget it and move on as I've wasted about 12 hours on this particular machine.

Got the whole of Saturday and Sunday to work on it so hopefully I can up my numbers.

My lab time expires in 10 days time. I will buy another 30 days as money is very tight and I can't afford much more. I'm planning my first exam attempt towards the end of January.

Just keep at it man!

I've spend the last week or so working on the big 4. I've rooted HUMBLE, PAIN, and Gh0st ... but Sufferance is .... well .... making me suffer

I don't think I am ready for the exam yet ... but I think I am going to schedule it for Dec 12 only because my lab time expires the next day, which should tell me if I need to renew or not.

CyberCop123

BuzzSaw wrote: »

Just keep at it man!

I've spend the last week or so working on the big 4. I've rooted HUMBLE, PAIN, and Gh0st ... but Sufferance is .... well .... making me suffer

I don't think I am ready for the exam yet ... but I think I am going to schedule it for Dec 12 only because my lab time expires the next day, which should tell me if I need to renew or not.

thanks dude!

thats brilliant you've done those machines. I've not started them but planning on humble and gh0st after christmas as I have an entire week to dedicate to it.

If I don't end up getting sufferance I won't be too upset. It sounds a really tough one.

Its now getting to the stage where I just want to do and pass the exam. The labs are great but tiring!

Good plan for the exam. I obviously want to pass but I'm treating my first attempt as a chance to see what it involves. So if I fail then that's fine it's just part of the prep.

Hope you get into sufferance!

CyberCop123

WEEK 12 UPDATE

6 days of lab access left
This weekend was incredibly frustrating and my motivation levels were low. As a result I barely did much except a few half hearted attempts with two boxes which are still really confusing me. No obvious access points or vulnerabilities. They have ports open that don't mean anything to me and Google results doesn't through up much at all. I've even trried a few Metasploit attacks but nothing at all has come of it.

I spent most of the weekend on an unrelated project as I was a bit fed up.

I posted before about one machine that is killing me and that is JOE. I've seriously had it with it, I've spent about 15 hours now on the machine trying to escalate privilege and can't. I know the weak point in the system but just can't get it to work and continually just get the same access level shell back. This was kind of what really sapped my motivation to be honest.

Anyway, today I've managed about 5 hours work.

One good thing is I FINALLY managed to get a shell on GAMMA. Seriously this is a really really difficult machine. People go on about PAIN, SUFFERENCE, HUMBLE (I've only got 1/3 of them) but I swear Gamma must be up there as one of the most difficult ones. I'm not trying to get privilege escalation. I know the weak point again but it's something that I'm finding confusing so I will have to read up on it and learn some stuff before looking at this.

I also got a full shell with SUSIE which actually was very easy and refreshing to have something less challenging.

Renewing my lab time

I will have to renew my lab time. I can't really afford to do longer than a month at the minute, so will just do that for now. That will take me up to early January. I have time off over Christmas. I'm hoping to do my first exam attempt at the end part of January.

I am 22 machines down so far. I feel really CONFIDENT, especially in Windows Privilege Escalation.

If I have any chance of passing an exam I seriously need to improve in that area. Anyway, it's hard going at the minute, but will keep going and hopefully make progress in the next week or two.


Rooted (22): Alice, Alpha, Barry, Beta, Bethany, Bob, Dotty, Helpdesk, Kevin, JD, Lefturn, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Susie, Tophat

CyberCop123

Just a quick update. Managed to fully root GAMMA. It was weird as I was struggling and looked in the forum and a lot of people are talking about one specific technique to achieve System level access.

I found an exploit online, compiled it and after running I had full system access. Guess it shows there's many ways to get there.

Going to go back to JEFF now - one machine that I just can't understand...


Rooted (23): Alice, Alpha, Barry, Beta, Bethany, Bob, Dotty, Gamma, Helpdesk, Kevin, JD, Lefturn, Mail, Mike, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Susie, Tophat

shoey

Keep up the good work man!! Quick question for ya: Do you reset machines right off the bat, or will you wait (and if you wait, how long on average before you decide to reset the machine)?

CyberCop123

shoey wrote: »

Keep up the good work man!! Quick question for ya: Do you reset machines right off the bat, or will you wait (and if you wait, how long on average before you decide to reset the machine)?

Good question!


If I am starting a new set of scans, like at the very beginning of enumeration I will always revert so that I get an accurate set of results.


A lot of my approach to reverts depends on the type of day I'm having. For example, days where I am intending to spend ALL DAY on the OSCP I will be a bit cautious with the reverts as I may need them if I get to the exploiting stage.


Reverts I've found are very valuable when:


1) You first scan the machine for ports and services
2) You launch an exploit or one fails, this often causes the service to crash or become unresponsive
3) You gain entry and don't want to see spoilers or have other issues affect you




I won't revert if I'm doing something like looking at the website of the host as it doesn't seem worth it.


In terms of reverts, I also try to revert late at night (before the midnight cut off point) and then run a scan then.


That means the next day I have the full amount of reverts left, and have all the results from the scans from the previous night. As opposed to doing this the next day and burning 1-2 reverts scanning a couple of machines.


I've said on other posts that I have around 5-6 machines which I'm actively hacking away at, and I flick between them every few hours/days until I make progress.

CyberCop123

WEEK 12 - UPDATE

Managed to root two more hosts yesterday and this morning - JEFF and NIKY.

In terms of Jeff that was achieved with Metasploit. I haven't looked at the manual exploit too much but may try to go back to do that.

4 days access to labs left.



Rooted (25): Alice, Alpha, Barry, Beta, Bethany, Bob, Dotty, Gamma, Helpdesk, Kevin, JD, Jeff, Lefturn, Mail, Mike, Niky, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Susie, Tophat

CyberCop123

WEEK 12 - UPDATE

Managed to root DJ last night which wasn't too difficult as there was a lot of similarities with another machine I'd previously dealt with. Funnily I gained low privilege shell, then went to sleep. I woke up about midnight and the answer of how to get root access dawned on me so I jumped up and went straight to computer and it worked.

I spent about 2-3 hours trying to look for an access point into another machine. I then checked the forum for a hint and the first thread said to avoid the machine as it's not directly vulnerable. Annoying to "waste" the time, but as they say, the OSCP does try to represent real life so that's the way it goes I guess.

I'm now starting to seriously look at exam dates for the middle of January. I'm going to try to book this in within the next few days.


Finally, I'm trying my best to avoid Humble and Sufference! Actually, to be honest I'm putting it off until I have time off work as I want to concentrate as much time as I can to them rather than 1-2 hours each night.



Rooted (26): Alice, Alpha, Barry, Beta, Bethany, Bob, DJ, Dotty, Gamma, Helpdesk, Kevin, JD, Jeff, Lefturn, Mail, Mike, Niky, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Susie, Tophat

BuzzSaw

Keep up the good work! I've rooted Humble and Sufferance, and I can say that they do take some time. I spent an entire week working on "the big 4" ... but in the end it was worth it! Let me know when you are taking the exam! My exam date is rapidly approaching

CyberCop123

Thanks Buzzsaw - I've PM'd you.

WEEK 12 - UPDATE

Not much to update on, no more roots achieved. But I have booked my exam! I did originally plan for the end of January. However, my lab extension takes me up to 10th January, and so I've booked my exam in for the 11th January, so there's no big gaps and no further need at that point to extend my lab access.

I'm taking 2 days off work in order to do the exam and recover/rest.

The exam starts at 12pm, so that hopefully will allow me to sleep more and not rush early in the morning, especially as I struggle at times to sleep.
I'm also off work Saturday, Sunday, Monday, Tuesday, Wednesday. So that's some solid time I have to dedicate to more lab work. I'm going to probably start my attempts at Humble and Sufferance this weekend. I'd also like to try attacking some of the other networks, particularly the IT network which I already gained access to.

katawia

CyberCop123 wrote: »

Thanks Buzzsaw - I've PM'd you.

WEEK 12 - UPDATE

Not much to update on, no more roots achieved. But I have booked my exam! I did originally plan for the end of January. However, my lab extension takes me up to 10th January, and so I've booked my exam in for the 11th January, so there's no big gaps and no further need at that point to extend my lab access.

I'm taking 2 days off work in order to do the exam and recover/rest.

The exam starts at 12pm, so that hopefully will allow me to sleep more and not rush early in the morning, especially as I struggle at times to sleep.
I'm also off work Saturday, Sunday, Monday, Tuesday, Wednesday. So that's some solid time I have to dedicate to more lab work. I'm going to probably start my attempts at Humble and Sufferance this weekend. I'd also like to try attacking some of the other networks, particularly the IT network which I already gained access to.

Wishing you all the best of luck!

CyberCop123

katawia wrote: »

Wishing you all the best of luck!

Thanks Katawia, appreciate that and thank you for reading!!!

CyberCop123

WEEK 13 (Extension 1) - UPDATE

As planned, I have extended for 1 month. That takes me right up to my exam date and should allow me some more time to get a few more machines and finish lab report. I'm still not planning on writing up exercises, I will have to sacrifice the 5 points on offer there.

The last few days have been dedicated entirely to rooting HUMBLE which I have just done. It was extremely difficult and frustrating. It took me around 15-20 hours to gain a limited shell and about 20 minutes to escalate. If Sufference is as hard as that then wow, I don't want to know!

I'm off work the next two days, but one of those I will be christmas shopping, so I will dedicate one day entirely to the OSCP to try to bring down another few machines.


Rooted (27): Alice, Alpha, Barry, Beta, Bethany, Bob, DJ, Dotty, Gamma, Helpdesk, Humble, Kevin, JD, Jeff, Lefturn, Mail, Mike, Niky, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Susie, Tophat

BuzzSaw

Hey fellow suffering of pain

Keep up the good work!

Also, I hate to say it, but I actually thought sufferance was harder than Humble ... I know you don't want to hear that ....

I know how it goes though. I spent an entire week working on the big four, and it probably equaled about 7-9 hours a day. It's rough because you get so focused, yet you also get thirsty to solve the puzzle!