Prep for OSWP

SaSkiller

I'll be taking the OSWP in a few days, i've prepped by doing the labs, but I'm wondering if anyone has any last minute advice or tips. I know its supposed to be easy, but its always a good idea to ask.

I'm planning on using screen to work the various windows I will need for the SSH session. Anyone got advice on that, or in recording my commands for the report? Do I just need to paste them into a document and submit it with the keys?

Also any advice for follow up material on catching up with new WPA attacks before I start the next thing? I know some people said I could go for the Hacking Exposed Wireless book, not sure if i'm going to do that yet.

GirlyGirl

SaSkiller wrote: »

I'll be taking the OSWP in a few days, i've prepped by doing the labs, but I'm wondering if anyone has any last minute advice or tips. I know its supposed to be easy, but its always a good idea to ask.

I'm planning on using screen to work the various windows I will need for the SSH session. Anyone got advice on that, or in recording my commands for the report? Do I just need to paste them into a document and submit it with the keys?

Also any advice for follow up material on catching up with new WPA attacks before I start the next thing? I know some people said I could go for the Hacking Exposed Wireless book, not sure if i'm going to do that yet.

I would suggest have a document with commands. That way you will save yourself an enormous amount of time. For instance you should be able to copy and paste the following sample commands:

airmon-ng start wlan0 (Example interface)
airodump-ng (interface name)
tcpdump .....
airreplay-ng -9 -e (BSSID) -a (AP MAC) -1 (interface) (interface name)

The commands should look familiar.

The point I am trying to make is, it's quicker to copy and paste then to type out an entire command. I would also suggest when you have an SSID/MAC to copy/type it into a separate sheet..so you can copy and paste it later...inside of a command.

Yes, you are going to SSH in. But, I would personally do it on the fastest computer in my house. That is really my second best recommendation. First recommendation is to copy and paste commands. Second is to use the fastest computer in your house.

Third..Hmmmm. Open up more than one SSH session, on the fastest computer in your house.

Maybe your computer speeds don't matter. I don't know.

I like to take screen captures. I am not sure about the recording of the entire way you took and passed the exam. Maybe I am taking it out of your unintended/accidental context. That is kinda borderline cheating in my opinion. But who am I and nor am I certification police.

I am pretty sure SANS has a wireless course. Just FYI.


GG

airzero

GirlyGirl has the right idea about copying and pasting being quicker and just take screenshots of each command for reference and you report. Honestly, it's a pretty straight forward exam without any tricks really. Just know how to perform each type of attack in the course and you should be able to pass no problem. I think I spent more time on the report (3 hours) then the exam. But I went overkill with the report to make sure I passed.

SaSkiller

Thanks, no i was talking about programs or scripts that record your command history so you don't have to re-type them for the report.

Hmm. Re-reading the email it states "documentation and explanations." I wasn't expecting that, but it shouldn't be a big deal. I'm slightly worried about the timezone as they have me slotted for CST I think. But no big deal, should only be an hour behind me.

ottucsak

As others said, compile a reference and copy-paste that. Some of my friends had problems with some targets not working/showing up, so make sure that you ask for help if you have problems with that. Overall it's a really easy exam and can be done in 1.5 hours plus reporting. Good luck!

SaSkiller

I just completed the exam and wanted to post a review. Obviously no results and I expect they stick to their three day window for results so I may not find out whether I passed until Monday.

I did complete the exam, but let me tell you, I was worried there for a minute. I spent some time before the exam writing a command guide as others suggested. In my personal opinion I think a better option would be marking relevant sections in the guide (I printed mine out) and simply go to where you need to in the book. I ended up falling back to this procedure, though I do recommend recording relevant data like mac addresses in a document for ease of copying. I also recommend that is you feel the need to review a command, review that section of the course, not just the command listing at the end of the chapter. That section can be useful in making sure you haven't missed a step, but occasionally there are better commands or additional info in the section.

I SSHed in for the exam and abandoned my plan to use screen. I decided to just open up a few screens and ssh into the machine. I think 4 is a good number. I also opened a document to keep track of my commands, and took screenshots as I went. I mainly to shots of the keys when I cracked them, but occasionally when I was able to... do other things that I think would be relevant. Sorry I don't want to give too much away. My exam had a certain number of AP's, and the first one threw me. I connected and new what I had to do, but a few commands in I start getting errors. After working on it for a while myself and reading the book, I was convinced I had a driver issue and needed to swap them out... not something I had practiced that much. It was very frustrating. Before doing this though I spoke with support who after a significant amount of time assured me there was nothing wrong with the exam or machine. I dove back in to try again and at some point this sunk in.

I don't know if this is intentional or not, but I think there was a little TRY HARDER here. So after changing up my method I easily completed the challenged and was onto my next one. This one took me some time as well, But I went back into the section of the book and I think I was able to find something that helped me out. Also pay attention to error messages. I was getting contradictory information so I started my commands over and walked through. I also considered an error message and did something that got me back on track. Make sure to double check your commands and to notate them when you can. If you don't spend an hour like I did flailing at the start you should have plenty of time.

Eventually I got all my keys and did the report. Previous posts indicated that perhaps not much was needed but the instructions I got indicated that the report was important. I didn't go with the official format suggested but I made sure to not just have a list of commands (which is what I thought was required), but wrote what I was doing and its purpose along with the command and snapshots when relevant. I was a little inconsistent with my periods but we'll see. Hopefully the report was sufficient.

Ultimately I am pleased with the course and the exam. I know many people think its outdated, but I think its important to cover the past, and for new wireless pros to be able to execute the same attacks that veterans can. Now onto the issue of WPA and whether more data needs to be included... I suppose I wouldn't complain about having additional data or resources on newer attacks. I'm not sure that including labs for saw Enterprise WPA would make much sense, just because of the difficulty associated with getting that setup and distributing materials. But I wouldn't be against a supplementary guide with walkthroughs on more recent attacks that needn't be tested. Realistically if you can perform 5 attacks, theres no reason you cant perform 8-9, the additional testing wouldn't add anything significant IMO.

So what is next for me? Good question. The plan was to brush up on more recent attacks and practice a few of those before rolling into Wifi Pineapple. I'm tempted to jump right into WP because I have everything I need right now and I don't have an immediate use for most of this stuff. It was really an attempt to get something done as I hadn't done any certs in a few years. I also realized I need to renew my GIAC certs and this should take care of that. After wireless, I don't know. My goals over the past few years went unrealized, passing the GREM, and getting a pentest position (along with obtaining the eCPPT). I have also been wanting to go get a college certificate in programming which I feel I can utilize in getting me to program on a decently regular basis and utilize that in my security studies. It looks like there is a program starting soon in my area, so that is an option though I need to figure out when i'm going to sleep, going from 8hr work nights to class in the morning. The other option is a second job just to save money so i can travel and save up for whatever.

So one step at a time I guess.

Thanks for reading.

SaSkiller

Also, someone said that you have your choice of wifi adapter, not on my exam, just the one.