CyberCop's OSCP blog

1246

Comments

  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 13 - UPDATE

    Managed to root Gh0st - it was a bit of an odd machine and totally different to the rest of the ones I've dealt with. It was an important lesson in just digging and looking into things thoroughly.

    Privilege Escalation was pretty easy and a silly mistake meant it took me about 2 hours when it should have taken me about 5 minutes! Lesson learned though.

    26 days until my exam. Not sure how I feel about it. To be brutally honest I just want to get my OSCP and not have the pressure of it on me all the time.

    Rooted (29): Alice, Alpha, Barry, Beta, Bethany, Bob, DJ, Dotty, Gamma, Gh0st, Helpdesk, Humble, Kevin, JD, Jeff, Joe, Lefturn, Mail, Mike, Niky, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Susie, Tophat
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 14 - UPDATE

    Quite a frustrating few days. Managed within about 20 minutes to get a low privileged shell on one of the easier exam machines and for about 2 days now I've been stuck trying to escalate to root. I know it's not an exploit that needs run, but another method which I can't figure out.

    The OSCP really does ground you at times like this. When things are going well and then suddenly you feel like you're at the beginning clueless about what to do and how to do something.

    Privilege Escalation is without doubt my weakness I think. I struggle each time with this.

    It's concerning too as at present, if I'm struggling I can spend 1-2 days trying and maybe have a break or a think through the week about it. With the exam though, it's obviously 24 hours and it's got to be rooted in that time.

    Will keep trying to escalate privileges and see how I get on. I've got about 5-6 other machines which I've recently scanned and are ready to be enumerated more. So will try that over the weekend and after Christmas.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 14 - UPDATE

    Very unproductive week. About 2-3 weeks ago I gained access to MASTER and OBSERVER using an exploit. However, this is not the intended method and there's another way, the proper way, which I've spent about a week trying to figure out. It's caused me sleepless nights (seriously) and HUGE frustration.

    Anyway, I used the exploit to get back into MASTER/OBSERVER and also then got access to SLAVE. I was hoping to hunt around the machines to maybe reverse engineer the hack, figure out what I had missed maybe. This hasn't been possible yet. I half think that may poor post-enumeration earlier in the labs has meant I missed something.

    Anyway, for my own sanity, my own progress and the OSCP in general, I've had to just accept that I haven't gained access to these machines in the proper way. I feel a bit like I cheated (although I haven't).

    Anyway, they are now going down as rooted machines and I'm moving on with the other remaining lab machines now. Christmas tomorrow and then Boxing Day. I had already planned to not do any work over these two days, so will be back at it on Wednesday 27th when I plan to start looking at Sufference and some of the other machines I have left.

    Rooted (32): Alice, Alpha, Barry, Beta, Bethany, Bob, DJ, Dotty, Gamma, Gh0st, Helpdesk, Humble, Kevin, JD, Jeff, Joe, Lefturn, Mail, Master, Mike, Niky, Observer, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Slave, Susie, Tophat
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Oh and I'm pretty keen to just get my OSCP now. Feel a bit burned out and fed up. Very keen to move on to the CISSP so want to get the OSCP sorted so I can do work on that
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 15 - UPDATE

    Managed to root CORE earlier which was very easy actually. I'm relieved as I need an easy machine after about 1-2 weeks of just treading water.

    The plan this week is to write up the final 3 lab machines for my lab report. I can then save that and know it's ready if and when I pass the exam. I did start writing up and re-doing the exercises, but it's very very tedious when you have to go back and do it, so I'm not sure I will complete this. Will probably just focus on doing a bit more learning.

    I will try to re-read the second half of the PWK PDF over the next 2 weeks to refresh my memory on some of the more difficult ares. I will also re-do the Buffer Overflow section in the book and write this up into note form so I can claim the exam points should this come up.

    Exam is in 16 days time.

    Rooted (33): Alice, Alpha, Barry, Beta, Bethany, Bob, Core, DJ, Dotty, Gamma, Gh0st, Helpdesk, Humble, Kevin, JD, Jeff, Joe, Lefturn, Mail, Master, Mike, Niky, Observer, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Slave, Susie, Tophat
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Awesome progress! You're going to knock the exam out.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Blucodex wrote: »
    Awesome progress! You're going to knock the exam out.

    Thank you! I really hope I do icon_smile.gif
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 15 - UPDATE

    Off from work all week thankfully. I've written up some more of my lab reports, and so far have included 9 machines in it, so just one more to go. The report is currently 90 pages, so it will most likely be around 100 pages when fully completed.

    Managed to fully root three more more machines - KRAKEN which was really simple. Also FC4 and HOTLINE.

    I spent longer than needed on FC4 as I once again failed to identify the privilege escalation. I had a hint from the forum which helped and I quickly found the way. My concern for the exam is definitely privilege escalation, I often struggle in this area.

    HOTLINE was quite easy too.

    Still intending to start Sufference but I'm quite tired today and also a big hungover from Christmas! icon_twisted.gif Maybe will start this machine tomorrow.

    Rooted (36): Alice, Alpha, Barry, Beta, Bethany, Bob, Core, DJ, Dotty, FC4, Gamma, Gh0st, Helpdesk, Hotline, Humble, Kevin, JD, Jeff, Joe, Kraken, Lefturn, Mail, Master, Mike, Niky, Observer, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Slave, Susie, Tophat
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Having a complete nightmare!

    My plan was always to submit the Lab report but NOT exercises. I wrongly believed that there were 5 points on offer for each, and so I would get only 5 points for one of the reports and miss the other.

    However, I stupidly didn't check that and I've discovered that it's actually 5 points for BOTH. Meaning if you only submit one then you obviously don't get any extra points.

    To make things worse, I also noticed that in each final screenshot on the lab report where you show you have full root access, you MUST include ipconfig or ifconfig to show the IP of the machine. I haven't done that, all I've got is hostname to show what machine I'm one.

    That means I will have to re-hack the 10 machines - not too hard but just annoying and will take an hour or two. I will also have to now document all the exercises which I'm now starting.

    ...

    Typical me, never doing things the easy or sensible way!
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    Having a complete nightmare!

    My plan was always to submit the Lab report but NOT exercises. I wrongly believed that there were 5 points on offer for each, and so I would get only 5 points for one of the reports and miss the other.

    However, I stupidly didn't check that and I've discovered that it's actually 5 points for BOTH. Meaning if you only submit one then you obviously don't get any extra points.

    To make things worse, I also noticed that in each final screenshot on the lab report where you show you have full root access, you MUST include ipconfig or ifconfig to show the IP of the machine. I haven't done that, all I've got is hostname to show what machine I'm one.

    That means I will have to re-hack the 10 machines - not too hard but just annoying and will take an hour or two. I will also have to now document all the exercises which I'm now starting.

    ...

    Typical me, never doing things the easy or sensible way!

    Haha, at least you noticed it now and not when you were in the middle of your 24 hour time frame to submit your report. I had my lab write up and exercises all ready to go before I started the exam like you're doing and to me it was a huge relief to have all of it done before hand. Also the 5 points total for the lab report and exercises is a recent change, it used to be 5 points each for a total of 10 points possible.

    I also have a similar story to yours, I submitted my exam report and was reading over it for the 1000th time and noticed that the word processing program I used had actually mushed some of my screenshots together. Not a big deal in most areas, but as I was looking it over, I noticed that it had cut the ipconfig out of one of my screenshots. I almost had a heart attack when I saw that LOL Luckily Offsec was kind enough to let me fix it and resubmit my report (This was within the 24 hour timeframe).
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    McxRisley wrote: »
    Haha, at least you noticed it now and not when you were in the middle of your 24 hour time frame to submit your report. I had my lab write up and exercises all ready to go before I started the exam like you're doing and to me it was a huge relief to have all of it done before hand. Also the 5 points total for the lab report and exercises is a recent change, it used to be 5 points each for a total of 10 points possible.

    I also have a similar story to yours, I submitted my exam report and was reading over it for the 1000th time and noticed that the word processing program I used had actually mushed some of my screenshots together. Not a big deal in most areas, but as I was looking it over, I noticed that it had cut the ipconfig out of one of my screenshots. I almost had a heart attack when I saw that LOL Luckily Offsec was kind enough to let me fix it and resubmit my report (This was within the 24 hour timeframe).

    Very true, glad I noticed now and also glad I read through some of the guidelines at this point and not later on! Yea, I think you're right, I'm positive I read it was 5 points for each, total of 10. That was why I had always just thought I wouldn't do the exercises.

    To be honest I'm still very tempted to just waive the 5 points. I've been working for about 3 hours on the exercises and I'm not even half way. Some of them are very time consuming and quite abstract. Like there's no right answer, it's just "Try these password attacks on the lab machines".

    Wow, you must have gone mad when you realised your mistake! Glad that it all worked out, would have been terrible had they not allowed you to correct it.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    Ya I about lost my mind lol But my advice would be to do the exercises and lab report. You don't want to join the numerous people who have failed by only 5 points.... Just my 2 cents.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    McxRisley wrote: »
    Ya I about lost my mind lol But my advice would be to do the exercises and lab report. You don't want to join the numerous people who have failed by only 5 points.... Just my 2 cents.

    Yea I think you're right. I'd rather know from minute 1 that I'm already 5 points up. I'm also learning 1-2 new things, and remembering things I could probably do in the labs. SO it's all good.

    I've stopped for the day. Managed to do a lot today:

    - Written up all exercises up to Buffer Overflows (I want to write up a guide for myself on these, so will do that whilst doing the exercises) - hopefully will result in an easyish 25 points in the exam

    - Also managed to re-hack 6 of the lab machines to get the ipconfig and ifconfig screenshots.

    ...

    I'm a bit fried now. Spent about 6 hours on this today and not even half way.

    As stated I have 14 days till the exam, so I don't have to go mad with this and can spread it out over the next week or so.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 15 - UPDATE


    I did another 4 hours today writing up the exercises. In contrast to the last two days I actually really enjoyed it today and it helped me loads. I did about 4-5 hours on buffer overflows which included writing the whole process up into a neat guide.

    I think it's actually quite beneficial having to return now. In week one you don't really fully understand it all. I was copying it all down and trying it out but with no experience it didn't mean that much.

    Hopefully by Monday I can have the entire exercise report finished. I will also add 3-4 new machines to my lab report just in case there's any cross overs or issues.

    If I do all this then I will have about 8-9 days before the exam. I will probably concentrate only on Sufferance as it would be nice to get that rooted. I'd also love to get access to the other networks.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 15 - UPDATE

    Another 4 hours yesterday and 8 hours today on excercises. Mostly enjoyable but quite a bit frustrating. My exercise report is now 83 pages... my lab report is 97 pages.

    The excercises are mostly excellent, however a few are infuriating. Things like "look in the lab and locate sqlmap vulnerabilities". Totally abstract, dependant on so so many things. It's very annoying and I feel that Offsect honestly need to remove this ridiculous excercise.

    As proof of this, I have breached ALL public network machines other than two and I'm still struggling to complete this excercise. It's one of those where you may find that issue, but I may find another way, it doesn't make me or you wrong, it's just the way it is.

    Very annoying...

    Anyway, abuot another 3-4 chapters left which should be done tomorrow i hope. I'm all on track now for the exam. I should have my lab report complete AND my exercises.

    I'm hoping that before my exam, I will have a document all laid out. As in ready and waiting for the exam and for each exercise. I'm determined now to pass, first time I hope.

    I said before I stupidly didn't do exercises before, but honestly I feel I'm better off now. I'm now screenshotting every 2 minutes as most exercises are easy due to my experience. That means that I am used to screenshoting (good for exam). It's also good for confidence as I'm finding it all very easy due to battling with it all "in real life".
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 16 - UPDATE

    Exercises very nearly finished, about 3-4 left. Very very tedious going over them so late into the course... anyone reading this, let this be a lesson to you NOT to leave it like I did. It's also clear that most of the later exercises are geared up to guide you to towards finding exploits on the lab machines. Ultimately this can save you time in the long run.

    Exam is in just 8 days and honestly I can not wait to do it, pass or fail I just want to give it a go now. It's unlikely I will do any more lab work up until the exam. I hope to have 1-2 days before exam of just doing nothing and relaxing a bit.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Good luck CyberCop!!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    You're going to kill it. Definitely learned a few things reading your writeup.
  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    I agree on the exercises. I feel that a few of them should be "Documentation of this step not required" as there are a few that seem to be fluff questions. A lot of the exercises are good though. I know the buffer overflow was by far my favorite.

    Also, you probably did read correctly regarding the bonus points. They use to award points for both but recently changed it.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    JoJoCal19 wrote: »
    Good luck CyberCop!!

    Thank you! :D

    Blucodex wrote: »
    You're going to kill it. Definitely learned a few things reading your writeup.

    That's great to hear, I really enjoyed other people's blogs and felt better knowing they were feeling stressed, frustrated etc.... so I wasn't alone in that. It's also nice to see that some struggled with certain machines. Thanks for the post!

    Mooseboost wrote: »
    I agree on the exercises. I feel that a few of them should be "Documentation of this step not required" as there are a few that seem to be fluff questions. A lot of the exercises are good though. I know the buffer overflow was by far my favorite.


    Also, you probably did read correctly regarding the bonus points. They use to award points for both but recently changed it.

    Darn it... need all the points I can get! icon_twisted.gif

    Thanks for the post, I really enjoyed the Overflows too, I learned lots by doing the exercises, and repairing some of the code. Also enjoyed doing some of the Ruby stuff at the end too.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    WEEK 16 - UPDATE

    So pleased to say I've finally finished the entire lab report and exercises. They are now within one PDF and the total length is 237 pages icon_surprised.gif - not sure how I will email this as it's quite a big file.

    The exercises - as previously stated - are amazing and if you listen to ANYTHING I say, then let it be this do the exercises. This is for three reasons:

    1) it's worth points, and also it's easier to write them up as you start the course.

    2) Also it's an amazing, fantastic, priceless document that you can refer to in years to come as techniques, tools, syntax, vectors, methods are all documented. Not in scrappy notes, or in half-written text, but in actual write-ups. It's invaluable.

    3) I stupidly realised as the exercises went through that they actually signpost many of the vulnerabilities, and ways to start off in the labs. E.g. they will say, scan for these exploits... and gather up all the Netbios names and there operating systems.

    I've actually got a lot from the exercises doing them this late in the day. It's really cemented some of my knowledge and made me think of new things I hadn't previously.

    My exam is now is in 5 days time. Can not wait as I just want to start it and try my best at passing. It's caused a lot of anxiety for me... I don't mind not passing 1st or 2nd time but my real concern is never getting over the line and getting the OSCP. Whatever the case, will give it my best shot anyway!

    Thanks for reading.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Managed to use pivoting techniques in order to gain access to the Development network.

    Managed to fully root TIMECLOCK. My first machine outside of the Public network (other than SEAN).


    Rooted (37): Alice, Alpha, Barry, Beta, Bethany, Bob, Core, DJ, Dotty, FC4, Gamma, Gh0st, Helpdesk, Hotline, Humble, Kevin, JD, Jeff, Joe, Kraken, Lefturn, Mail, Master, Mike, Niky, Observer, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Slave, Susie, Timeclock, Tophat
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Managed to use pivoting techniques in order to gain access to the Development network.

    Managed to fully root TIMECLOCK. My first machine outside of the Public network (other than SEAN).


    Rooted (37): Alice, Alpha, Barry, Beta, Bethany, Bob, Core, DJ, Dotty, FC4, Gamma, Gh0st, Helpdesk, Hotline, Humble, Kevin, JD, Jeff, Joe, Kraken, Lefturn, Mail, Master, Mike, Niky, Observer, Oracle, Pain, Payday, Pheonix, Ralph, Sean, Sherlock, Slave, Susie, Timeclock, Tophat

    Looking forward to reading about your exam experience.
  • jewjitsusecjewjitsusec Registered Users Posts: 3 ■□□□□□□□□□
    Did you upgrade the PWK Kali build Offsec recommends? Or did you keep it static?
  • --chris----chris-- Member Posts: 1,518 ■■■■■□□□□□
    I get the warm and fuzzys reading your progress, I have a feeling if you carry this work ethic into the exam you will do well.
  • saeriansaerian Registered Users Posts: 3 ■□□□□□□□□□
    CyberCop -

    Thank you for this fantastic thread detailing your OSCP journey. I've been wanting to do the OSCP for a while now, as pentesting has always fascinated me. Reading over this thread really lit a fire inside me, and I pulled the trigger and signed up for the course and lab access ... yesterday was my start date!

    Good luck on your exam!
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Blucodex wrote: »
    Looking forward to reading about your exam experience.


    Thank you! Hopefully it's good updates I will be posting!

    --chris-- wrote: »
    I get the warm and fuzzys reading your progress, I have a feeling if you carry this work ethic into the exam you will do well.


    Thanks Chris, I really appreciate that. I'm really ready for the exam now (not saying I will pass), but I just feel like I can't do much more at this stage. I made the mistake last night of reading some blogs on the OSCP and exams which filled me with dread as many sounded pretty gruelling. But staying grounded, it's nothing I didn't know before. Will give it my best shot and I know I can/will pass if I keep giving it a go.



    saerian wrote: »
    CyberCop -


    Thank you for this fantastic thread detailing your OSCP journey. I've been wanting to do the OSCP for a while now, as pentesting has always fascinated me. Reading over this thread really lit a fire inside me, and I pulled the trigger and signed up for the course and lab access ... yesterday was my start date!


    Good luck on your exam!




    That's amazing news, well done Saerian! I know there's tons and tons of threads about tips and advice, but to add my bits very briefly:


    1) do the exercises as the beginning - many steer you into finding vulnerabilities and holes in lab machines to exploit


    2) If you do end up getting root access on any machine, STOP and make sure you do some more digging, particularly for user accounts, hashes, passwords, ipconfig/ifconfig. I've missed out on 1-2 roots based on my sloppiness


    3) I'm terrible at note taking. But one thing I've started to do now, is that if and when I get root access, I immediately write down in a VERY clear way what I did. I sometimes even revert the machine and do it again, with the commands I used. Before I started doing this, I had to re-hack a few machines which took ages as I couldn't work out what I had done.


    Good luck with the journey. It's hard, but fun and worth it.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Oh and OffSec just emailed me a reminder about the exam on Thursday... trust me, I haven't forgot about it!!!! icon_twisted.gif
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Oh and OffSec just emailed me a reminder about the exam on Thursday... trust me, I haven't forgot about it!!!! icon_twisted.gif

    Good luck with the exam CyberCop123! I passed last month and already missing the labs! Have a plan of action and you should be fine, you pwned a lot more machines then I did. I sat my exam after about 21 days of labs an managed to pwn just over a box a day before sitting the exam.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    t17hha wrote: »
    Good luck with the exam CyberCop123! I passed last month and already missing the labs! Have a plan of action and you should be fine, you pwned a lot more machines then I did. I sat my exam after about 21 days of labs an managed to pwn just over a box a day before sitting the exam.

    Thank you!


    I'm really excited and nervous to take the exam. Well done on passing, it's a great achievement.


    I'm looking forward to passing as I'm all set to start CISSP prep next. I've started casually reading some of the material. It's very very difficult I've found to know exactly what context each area is in and what's important to know, and what is there to just help explain what it means.


    Thanks again, and hopefully I will update on Friday with some positive news
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
Sign In or Register to comment.