OSCP Journey Starting this week

aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
Ok, so i enrolled to PWK course and my lab started on 28 January 2018.

Will share my learning experience daily

Here is my experience.

I did MCA in aug 2013. After that i took course CEH and RHCE course. In 2014 i started learning sql injection without having programming language. After did sql injection lots of challenges i started learning web programming language.From 2015 to 2016 i learned some web attacks and some programming languages like html,css,javascript,php,mysql,python,bash. All basics i learned and even made some sqli lab and lfi lab my own writing code. In 2017 aug to sept i solved many vulnhub machines and overthewire challenges and nebula 0 to 10 series i started hackthebox. In october i started solving HTB machines and solved 47 user and 46 root till now and got 30 rank till now.

Also learning BOF and today i enrolled to PWK course for 30 days.

I also did essential badge challenges and white badge and some serialize badge challenges of pentesterlab pro website

From 28 January to 27 March.

I need lots of guidance from this forum.Please guide me during my journey.

Thanks
«1

Comments

  • suraj2010suraj2010 Posts: 15Member ■□□□□□□□□□
    Welcome to the board and best of luck
    2018: OSCP - COMPLETED, CISSP - Continue...
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    So, today was my first day on oscp lab and rooted two machines so far
    1. Alice
    2. Phoenix

    Alice i rooted with metasploit and i have python exploit for same too but it was not working and i will figure it out soon so this one is i kept in my TODO List

    Phoenix i did manually and i loved it too.Not so tough

    Many things i learn today and also put in my to do list as i need to learn that new thing again

    Machine force us to heavily depend on GOOGLE-FU and i really loved this

    Once i done my oscp i will share my bookmarks-list which are going to help me in my journey.

    I actually attempted 4 machines today

    2 i already rooted, one is i see depend on other machine and as suggested from friend that do this machine later so i skip it,and another machine i tried and almost got limited shell but machine is not stable so it is frustrating a lot.

    So, that one i also put in my to do list

    My aim is to solve as much as labs as i can in 25 days out of 30 days and which i can't solve put in my to-do list and then focus on them completely.And if needing i will extend my lab time to 15 days more.

    Suggestion: Do machine randomly and check hints on forums which will get idea is machine depend on others or not so that time will be save

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Day 2

    So, i did 2 machines today so far -> HELPDESK and bob

    First machine,HELPDESK was easy ,rooted within a hour but again with msf. I got exploit manually way mean without msf but that didn't work. So, this i keep in my todo list

    Second machine,bob,oh man this machine gave me headache today. I almost spent 7 hours on this machine alone to root it. I got shell using msf again but after that real fun was waiting for me and yes i did it finally with that new method which i learnt today though still one more tool remaining to do with that machine and i noted that in my to-do list again.Also i asked my friend is there more way in this machine and he said yes there is one more way.So i noted it in my note and will do this machine again with another method and ofcourse without metasploit.

    So, in two days i rooted 4 machines out of 6 machines attempted where one machine as suggested i skip for later purpose as that was depend on other machine and one machine i saw unstable so i will do this too later as my main focus/aim is to root machines as much as i can upto 3 Feb...

    I planned,from 4 Feb to 15 Feb,practice on exercises like buffer overflow and other which i skipped from PDF/Video materials

    I almost done 85% PWK material[PDF/Video]

    And from 16 Feb to 25 Feb again do lab machines and on 26 Feb will extend my lab time for another 30 Days so that i practice on my to do list with great focus

    Suggestion:
    Don't rely only on google search. Search everywhere our problem on internet
    Before today i was search my problem like this ->

    Stackoverflow->github->google

    Now,it changed to ->
    Stackoverflow->github->google/bing/duck duck go/yahoo -> exploit-db->offensive security itself->youtube/vimeo->archive.org->pastebin/ghostbin

    TIP:
    if window box then for directory searching whether gobuster or dirbuster,i will use these extension everytime -> asp,aspx,txt,bak,conf,cfm

    The concept i learned today to root bob machine i found from some of above places

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    I see no one reply to my thread don't know why icon_sad.gif
    Anyway,nevermind i will continue write my experience everyday here

    DAY 3

    So,i did only 1 machine today and other 1 machine is in enumeration phase.

    Machine 1 -> mike
    This machine is good and i did manually as metasploit exploit didn't work but the exploit which didn't work i try to understand that exploit what actually it doing and then by hand manually i did it and this experience to solve this machine was really so awesome.Learned the way we need to solve this machine

    Machine 2 -> Barry
    I am still enumerating this machine. Actually got headache so i took medicine and went for sleep and just now woke up and will continue with this machine for sometime

    Tip:Always understand the application and exploit so that we get knowledge as much as we can
    Also in three days i addicted to Terminator and now i am thinking to learn and practice tmux in upcoming days.
    Also nikto is our friend helping us a lot. Before that i used nikto sometime only not everytime but as i got suggested from my friend to use nikto always then i see why he said this as it is absolutely correct that nikto will save us a lot during lab time though we not heavily depend on this but not a bad to use it.
    Thanks

    Machine done so far:
    Alice,Bob,HELPDESK,mike,Phoenix
  • LonerVampLonerVamp Senior Member Posts: 221Member ■■■□□□□□□□
    Good job, and good luck, though with your preparation, you should be doing just fine. :) Just to interject a counter-point, I find/found using Google searching to suffice as a first step.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, CISSP, OSWP, CCNA Cyber Ops, Sec+
    2019 goals: GWAPT, Linux+, SLAE (possible: SEC573, CCSP, Splunk F&PU)
  • JoJoCal19JoJoCal19 California Kid Posts: 2,721Mod Mod
    Thanks for posting your progress aakashc1! One question I have, how do you manually exploit machines? I've always read about people exploiting the machines with Metasploit and then going back and doing it manually. However when I ask how one does manual exploitation, I don't get a good explanation lol. So are you able to give an example of you do a manual exploit, without naming any machines?
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    JoJoCal19 wrote: »
    Thanks for posting your progress aakashc1! One question I have, how do you manually exploit machines? I've always read about people exploiting the machines with Metasploit and then going back and doing it manually. However when I ask how one does manual exploitation, I don't get a good explanation lol. So are you able to give an example of you do a manual exploit, without naming any machines?

    Yes sure mate

    By exploiting manually means doing attack vulnerable system as same as exploit does. So if we understand the exploit what it does really doing then we can do same as it doing. I am not a very good programmer but i can understand almost of programming language.

    Don't use exploit blindly,just see what it doing as backend process. Best thing is reading first and understand and second thing is just intercept them and check what's going on? Like here is example ->

    HTB Machine Arieki solution from IPPSEC video on youtube there ippsec what does is add a new proxy in burpsuite and too in msf exploit and intercept them and understood why exploit first failed

    Another good approach is use either tcpdump/wireshark and check whats going on as exploit doing

    Now another thing is exploit by using tool like -> gdb,gdb-peda,radare2,mona.py etc

    I will do BOF exercises tomorrow from PWK Material and will understand mona.py and what i understood in first time reading is exploit thing with mona.py and understand what's going on under the hood

    Hope it helps you

    Thanks
  • JoJoCal19JoJoCal19 California Kid Posts: 2,721Mod Mod
    Thanks aakashc1, that helps from a high level, which is usually what I get. So how are you delivering the exploit to the victims manually?
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • unkn0wnsh3llunkn0wnsh3ll Posts: 68Member ■■□□□□□□□□
    Hi aakashc1,

    Good luck on your venture... Personally, I suggest you not to disclose the method like python script on xxx machine or MSF exploit etc. As this leave breadcrumbs and whoever genuinely trying might use this clue.
    Hope you don't mistake it

    Cheers
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    After getting response now mine confidence go to next level icon_cheers.gif

    Day 4

    Today i did 3 machines -> BARRY,PAYDAY,RALPH

    Total Machine done -> 8

    TIP:Don't overthink and follow guide for methodology from xapax and bitsvijay.Link? just google it

    Next Plan ->
    Feb 1 to Feb 7 -> PWK Exercises like BOF and others

    Also i booked my exam on 11 March 12:30 PM Asian/Kolkata

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Day 5




    Ok , so i today rooted 3 machines. 2 machines rooted easily while 1 machine took some hours to solve




    Rooted -> asterisk,tophat,kraken




    Total Rooted Machine -> 11




    Today i learned something and also i got another note taking software ->

    https://github.com/geckom/Attero




    And also i used Reconnitre which is too good




    Really Doing HTB Machine helped a lot




    Thanks
  • jortjrjortjr Posts: 8Member ■□□□□□□□□□
    How did you like pentesterlab.com pro? Was the cost worth it?
  • GirlyGirlGirlyGirl Posts: 219Member
    You are on a roll. Started in January and already scheduled the exam for 2 months later. That is not the norm. I wish you the best. I guess this was in your blood.
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    jortjr wrote: »
    How did you like pentesterlab.com pro? Was the cost worth it?
    https://awesomeaakash.github.io/pentesterlab_pro_review/
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    DAY 6

    So, today i did only machine root and another machine is very very near to root.

    I did PAIN and rooted it
    I am in shell in GHOST machine and nearly to root. I spend my whole day in GHOST machine and still unable to root it.This machine is really NIGHTMARE for me. PAIN machine was easy and compared to GHOST is nothing.

    Will do GHOST machine tomorrow again

    Total Machine done -> 12

    and today is really so tired day and at the same time very learning day
    icon_razz.gif

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    DAY 7

    So, I today rooted 2 machines and one machine very close to root. It was totally tired and fun and very learning day.

    Today i rooted -> Ghost,Dotty
    and nearly root to -> Bethany

    Best learning experience i ever got from GHOST Machine. This is superb

    Total ROOTED Machine -> 14

    ROOTED Machine Names ->
    Alice,Phoenix,Mike,Bob,Barry,Tophat,Payday,Ralph,Pain,Dotty,Ghost,Helpdesk,Kraken,Hotline

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Day 8

    So, today is the day where i learned a lot by doing 4 machines. Yes,i rooted 4 machines today. I learned the basic concept of shellcoding part today.

    Rooted machines today -> oracle,susie,jd,mail

    Total Machine done -> 18

    Machine names i rooted ->
    Alice,Phoenix,Mike,Bob,Barry,Payday,Ralph,Pain,Dotty,Tophat,Ghost,Helpdesk,Susie,Oracle,Kraken,Hotline,Jd,Mail

    TIP:My tip is play with msfvenom manually mean not meterpreter shell and use them with in your exploit and try to learn to modify scripts by understanding them

    Thanks
  • HiggsxHiggsx Posts: 71Member ■■□□□□□□□□
    Thank you for posting about OSCP journey. It is helpful.
    I have one question. Are Kioptrix challenges(1,2,3,4) almost the same as OSCP lab machines?

    P.S I'm going to buy tomorrow PWK training course and soon I'll create my own journey :)
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Day 9

    So, i rooted 1 machine only and that is leftturn. Very nice and interesting machine.learned new thing.I might solve more than 1 machine today but i got VPN issue today so i mail offsec staff and mine issue solved after 3:00 PM and after that i started solving machine. Enough for today. Also i played with tmux and i learned it

    Machine i rooted today -> Leftturn

    Total Machines done -> 19

    Total Machine done names ->
    Alice,Phoenix,Mike,Bob,Barry,Payday,Ralph,Pain,Dot ty,Tophat,Ghost,Helpdesk,Susie,Oracle,Kraken,Hotli ne,Jd,Mail,Leftturn

    TMUX Resource ->
    https://hkh4cks.com/blog/2017/12/29/tmux-**********/
    https://github.com/samoshkin/tmux-config

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Day 10,11,12

    Rooted 26 machines total.Unlocked IT and Dev Department. Still hard machines like humble and sufferance remaining. Practicing a lot in file transfer and will learn a lot in this area

    Thanks
  • suraj2010suraj2010 Posts: 15Member ■□□□□□□□□□
    Congrats Aakash Choudhary & Keep going
    2018: OSCP - COMPLETED, CISSP - Continue...
  • technogoattechnogoat Posts: 73Member ■■□□□□□□□□
    I'll follow this thread

    I"m trying to get into infosec but it might take a few more jobs until I land a gig

    I like the journal entries since it gives me an idea where/how to go

    thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Day 13,14,15,16

    Rooted humble,edbmachine,sean,sufferance,dj,master,fc4

    Total machine done 37

    Today i will focus on IT and Developer Department

    So much fun and learned.Superb journey so far.Those who want to do oscp this year please focus on HTB+VULNHUB and be calm and play with msfvenom

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Day 17, superb day. Learned pivoting concept and done two machines of it department and one more from public network and hence i unlocked admin department too

    Total Machines done -> 40

    woooootttt
  • suraj2010suraj2010 Posts: 15Member ■□□□□□□□□□
    Congrats and Keep Going
    2018: OSCP - COMPLETED, CISSP - Continue...
  • gphalpingphalpin Posts: 14Member ■□□□□□□□□□
    Thanks for posting. I'm also taking the Offensive Security Kali Linux Pen Testing class and labs. I've been so busy with late nights at work that I got sidetracked. I have many years IT experience but no previous pen testing experience. I finished the videos and have worked along with my test VM. Now that it's my time to start hacking, I don't even know where to begin. The class is all a big blur to me now...event though I have lots of notes.

    I've scanned via nmap and got a list of all the lab IPs that are up. I've also scanned the top 20 ports of all the systems. I've tried Metasploit but when I try the command: show auxilary, I get an error. It's been one problem after another. I'm going back to review my notes to see where to begin over.

    I'd appreciate any help getting me on track. Thanks.
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    gphalpin wrote: »
    Thanks for posting. I'm also taking the Offensive Security Kali Linux Pen Testing class and labs. I've been so busy with late nights at work that I got sidetracked. I have many years IT experience but no previous pen testing experience. I finished the videos and have worked along with my test VM. Now that it's my time to start hacking, I don't even know where to begin. The class is all a big blur to me now...event though I have lots of notes.

    I've scanned via nmap and got a list of all the lab IPs that are up. I've also scanned the top 20 ports of all the systems. I've tried Metasploit but when I try the command: show auxilary, I get an error. It's been one problem after another. I'm going back to review my notes to see where to begin over.

    I'd appreciate any help getting me on track. Thanks.

    codeninja#8112 < my discord id. come there and i will guide you
    Thanks

  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Lab time 6 days more left for me and today i started exercise. My plan to do exercises from today to 25 Feb and on 26th and 27th Feb i will review my lab and to do list things.Today done some exercises and now i am o BOF exercise and i will take time on this one

    Total machine done 44 so far and almost learned the concept of Pivoting and still learning. My client side weakness problem is still on and because of this 4,5 machines left.

    My tip is to get your hands dirty on client side and pivoting techniques and think outside of the box

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    Today is 22 Feb and and my lab will finish on 27 Feb so counting from tomorrow i will then 4 days left only for lab but the main thing is i really learned a lot and enjoying.

    As i rooted only 44 machines and was on 45th machines since 4 days then i left it and then started exercises and you know what these exercises really not disappointing us. I started solving exercise for future lab report but i found this is the thing not for lab report only but also for increase our knowledge purpose.

    I highly suggest other to purchase 60 days course and take your time on materials atleast 2 to 3 weeks and then jump to solving labs.

    As i had experience on solving vulnhub + HTB Machines so i started directly jump on labs but now i see why others said about materials first.

    Really we all have weakness on some particular area or areas and from the material we should cover our weakness so that our weakness vanish.

    I am really learning lots of things on doing exercises

    One thing i also want to suggest of my experience

    As i was stuck on 45th machine for 4 days but what i was really not focusing on learning rather than asking solution of that machine. Then my friend said me you are struggling in this machine because you are not focusing on problem.Just take a break and then come to this machine think what's the problem it has and then solve it. So, i appreciate this advice and i will solve that machine at night or may be in morning soon

    So, friends please take your time on problems rather then asking solution and if unable to do things just take break and read materials then start again. It really help us a lot of time

    Thanks
  • aakashc1aakashc1 Posts: 41Member ■■□□□□□□□□
    23 Feb, and still 4 days left to 27Feb which is my last date for OSCP Lab and i have done 90% of exercises and will complete tomorrow. Lots of things in exercise which i learned like client side exploit which is my weakness and still more to learn. Superb day is going on. Yesteday night i also tried again on my 45th machine but failed so now i will again try today night.
    Thanks
«1
Sign In or Register to comment.