Mooseboost boosting to the OSCP

This post has been a long time coming. I have been kicking around the idea of the OSCP for over a year now with promises of myself that I will get to it "soon" but always find a reason to put it off. The time is now here! Registration complete, payment submitted, and start date set for December 16th, 2017! I feel like a kid during Christmas (ironic that my start date isn't too far from Christmas) who knows that is in the big box under the tree. I already know some areas where I am going to need to focus particular with *nix and scripting. My background has had some level of programming but nothing consistent, although I think that being a jack-of-all trades will play into my favor. I've touched just about every aspect of IT over the years with a heavy emphasis on network and security engineering. My primary focus is trying to dive into scripting as much as I can before my start date. I want to be able to at least automate some of my enumeration process in the beginning. I intend to regularly update this post once the labs get started to keep a track of where I am.

Find more posts tagged with

Comments

JoJoCal19

Good luck Mooseboost! I'll definitely be following your progress!

Mooseboost

Thanks JoJo!

A quick update on how things are going so far!

My scheduled lab time kicked off at 7PM EST Saturday. My lab pack came in at exactly 7PM (1900) on the dot. I figured the VM for the lab was pretty much the same as the one they had me download for the lab connectivity test so I hopped right into the lab while I waited for the course videos to download. I wanted to just poke around a bit before I really dove into the course material. I ended up finding an easily exploited machine that I will have to go back through and exploit again later due to my lack of documentation of what I did. I highly doubt many of the machines in the network will be as easy as Alice was and that isn't a bad thing. Outside of handlers, I want to use as little Metasploit as possible in the labs.

After the videos finished downloading I looked briefly over them and the accompanying PDF. I am going to go through the course materials first and fill out the exercises section as I go. Which brings me to my next point: Documentation is key. Their report template has a heavy emphasis on screenshots, so I will follow their guidelines as closely as I can. Building out the reports shouldn't be too difficult as I do red team and engineering consultation at work which means that I am use to having to do write-ups.

For note taking I am using Cherrytree. I found it quite some time ago and fell in love with it. For the lab and exam I am using a template I got from a Reddit user 411. You can find the template on his blog post: https://411hall.github.io/OSCP-Preparation/

For the lab work I am going to put a little more emphasis on working my blog. I've actually moved to a new template (the link in the sig leads to the old one - for now until I get DNS and stuff fixed up) hosted on GitHub. https://hackf0x.github.io. It is two fold: It will cut down on hosting cost from GoDaddy and I like Jekyll.

Anyone else who is currently doing the OSCP, finished it, or is preparing for it now feel free to hit me up as I move along! Always happy to have companions to chat with. I will probably be updating here and crossposting to the blog once a week at least.

Roots so far: Alice.

Mooseboost

Course is going smooth so far with one exception: One of the exercises is broken. The new(er) ncat binary for windows is not compatible with the newest release in Kali. So when you attempt the exercise, it doesn't work.

I have skipped the exercise for now and will come back to it towards the end of my lab time. If it hasn't been fixed by then I will either email them ask or setup a different environment to show it. Other than that, just chugging along.

About halfway through the course now so hopefully by the end of the weekend I will be completely wrapped up and ready to start pounding away at the lab machines! I'll definitely be building my report out as I go so that I don't end up trying to cram it together at the end.

Blucodex

Mooseboost wrote: »

Course is going smooth so far with one exception: One of the exercises is broken. The new(er) ncat binary for windows is not compatible with the newest release in Kali. So when you attempt the exercise, it doesn't work.

I have skipped the exercise for now and will come back to it towards the end of my lab time. If it hasn't been fixed by then I will either email them ask or setup a different environment to show it. Other than that, just chugging along.

About halfway through the course now so hopefully by the end of the weekend I will be completely wrapped up and ready to start pounding away at the lab machines! I'll definitely be building my report out as I go so that I don't end up trying to cram it together at the end.

If you read the OSCP instructions they recommend you use the custom image they have vetted for the OSCP. It's been tested and works with everything. Using anything else is clearly stated as possibly having issues.

JoJoCal19

Mooseboost wrote: »

Thanks JoJo!

For note taking I am using Cherrytree. I found it quite some time ago and fell in love with it. For the lab and exam I am using a template I got from a Reddit user 411. You can find the template on his blog post: https://411hall.github.io/OSCP-Preparation/

For the lab work I am going to put a little more emphasis on working my blog. I've actually moved to a new template (the link in the sig leads to the old one - for now until I get DNS and stuff fixed up) hosted on GitHub. https://hackf0x.github.io. It is two fold: It will cut down on hosting cost from GoDaddy and I like Jekyll.

Thanks for that! Cherrytree looks awesome!

Mooseboost

Blucodex wrote: »

If you read the OSCP instructions they recommend you use the custom image they have vetted for the OSCP. It's been tested and works with everything. Using anything else is clearly stated as possibly having issues.

Actually their custom image is the one with the issues. They updated their image to include the new version of ncat which is not compatible with the version ncat that they have loaded on the student Windows machine. So far they don't have a fix for it since the issue is actually with ncat (There isn't much Offense Security can do about that)..

@JoJo - It really is! Its actually included in Kali now so someone must have really liked it.

Mooseboost

Found a work around for ncat issue. Downloaded the latest version of windows nmap to my kali machine, setup a python HTTP server and used that to host the download for my windows lab machine. Installed the new version of nmap onto the PC and ncat works now.

Don't think this will be the "official" fix but it was worrying me to death to not have it completed.

BuzzSaw

Keep it up man. It's a great experience, and you will learn more than you thought you would!

If you run up against it, just let me know! I can give none spoiling nudges with the best of them

bsjj27

Mooseboost, I’m going through OSCP right now as well, lab actually started same time as you, I just pm’d you.

Mooseboost

The last week has been absolutely crazy. Between work being so busy and the holiday I have not gotten a lot of time to spend on the OSCP for the last few days. I have worked most of my way through the exercises and wrapping up with the web section now.

The buffer overflow section has been by far my favorite section. I learned a lot doing the exercises and feel way more confident modifying exploits now. Even if this section doesn't play a huge role in the lab/exam, it still will be my favorite. I learned a lot of interesting little tricks while doing it. The biggest lesson from that though is that sometimes you need to walk away for a bit. I spent hours on one of the exercises thinking I had royally messed up and was clueless. Gave up and decided to rest for the night. Ended up getting it within minutes the next day after having a fresh look at my code and realizing I had a small error that was rewriting a value instead of adding to it. Fixed it and the exploit worked perfectly.

Hoping to have the course wrapped up in the next week or two. Once I have that completed and my exercises finished I am going to hit the labs hard.

Blucodex

Mooseboost wrote: »

Found a work around for ncat issue. Downloaded the latest version of windows nmap to my kali machine, setup a python HTTP server and used that to host the download for my windows lab machine. Installed the new version of nmap onto the PC and ncat works now.

Don't think this will be the "official" fix but it was worrying me to death to not have it completed.

Thanks for the heads up and workaround. Following suit.

Mooseboost

Still putting in the work, though not as much as I would have liked to. Had a few bad days due to some dehydration issues (do not forget to drink water folks) but getting back into the full swing.

I skipped some of the exercises post buffer overflow because I felt the content wasn't needed. After discussing on the IRC channel with some of the other folks I can see that was in error so I am circling back to complete those. Probably another good lesson learned there - Do not get ahead of yourself. Even if something seems mundane and not worth your time - its there for a reason.

CyberCop123

Mooseboost wrote: »

Still putting in the work, though not as much as I would have liked to. Had a few bad days due to some dehydration issues (do not forget to drink water folks) but getting back into the full swing.

I skipped some of the exercises post buffer overflow because I felt the content wasn't needed. After discussing on the IRC channel with some of the other folks I can see that was in error so I am circling back to complete those. Probably another good lesson learned there - Do not get ahead of yourself. Even if something seems mundane and not worth your time - its there for a reason.

Definitely a good idea to go back and do these. I too skipped them but went back over every single exercise again in order to complete the Exercise documentation.

The Buffer Overflow section was invaluable. Particularly when you consider that the only thing you CAN predict on the exam is that there is a buffer overflow section.

There's some great learning points there.

When I went back I created a step-by-step guide for myself, so that hopefully in the exam I can just follow it along and get the result needed.

dr_fsmo

Are you running your Kali machine as a physical or VM?

JollyFrogs

Good luck Mooseboost, I do enjoy reading these experiences. I suggest that as you pwn each machine in the labs you write a script (bash or python) to automate the attack. This has several benefits including being able to quickly re-pwn a machine if needed, it will be accurate documentation, you will learn bash and python scripting, and lastly - automating attacks leaves zero room for mistakes/human correction. The last one might sound strange but once you start automating you'll likely experience what it means. All the best mate