OSCP Journey Starting this week

aakashc1

Ok, so i enrolled to PWK course and my lab started on 28 January 2018.

Will share my learning experience daily

Here is my experience.

I did MCA in aug 2013. After that i took course CEH and RHCE course. In 2014 i started learning sql injection without having programming language. After did sql injection lots of challenges i started learning web programming language.From 2015 to 2016 i learned some web attacks and some programming languages like html,css,javascript,php,mysql,python,bash. All basics i learned and even made some sqli lab and lfi lab my own writing code. In 2017 aug to sept i solved many vulnhub machines and overthewire challenges and nebula 0 to 10 series i started hackthebox. In october i started solving HTB machines and solved 47 user and 46 root till now and got 30 rank till now.

Also learning BOF and today i enrolled to PWK course for 30 days.

I also did essential badge challenges and white badge and some serialize badge challenges of pentesterlab pro website

From 28 January to 27 March.

I need lots of guidance from this forum.Please guide me during my journey.

Thanks

suraj2010

Welcome to the board and best of luck

aakashc1

So, today was my first day on oscp lab and rooted two machines so far
1. Alice
2. Phoenix

Alice i rooted with metasploit and i have python exploit for same too but it was not working and i will figure it out soon so this one is i kept in my TODO List

Phoenix i did manually and i loved it too.Not so tough

Many things i learn today and also put in my to do list as i need to learn that new thing again

Machine force us to heavily depend on GOOGLE-FU and i really loved this

Once i done my oscp i will share my bookmarks-list which are going to help me in my journey.

I actually attempted 4 machines today

2 i already rooted, one is i see depend on other machine and as suggested from friend that do this machine later so i skip it,and another machine i tried and almost got limited shell but machine is not stable so it is frustrating a lot.

So, that one i also put in my to do list

My aim is to solve as much as labs as i can in 25 days out of 30 days and which i can't solve put in my to-do list and then focus on them completely.And if needing i will extend my lab time to 15 days more.

Suggestion: Do machine randomly and check hints on forums which will get idea is machine depend on others or not so that time will be save

Thanks

aakashc1

Day 2

So, i did 2 machines today so far -> HELPDESK and bob

First machine,HELPDESK was easy ,rooted within a hour but again with msf. I got exploit manually way mean without msf but that didn't work. So, this i keep in my todo list

Second machine,bob,oh man this machine gave me headache today. I almost spent 7 hours on this machine alone to root it. I got shell using msf again but after that real fun was waiting for me and yes i did it finally with that new method which i learnt today though still one more tool remaining to do with that machine and i noted that in my to-do list again.Also i asked my friend is there more way in this machine and he said yes there is one more way.So i noted it in my note and will do this machine again with another method and ofcourse without metasploit.

So, in two days i rooted 4 machines out of 6 machines attempted where one machine as suggested i skip for later purpose as that was depend on other machine and one machine i saw unstable so i will do this too later as my main focus/aim is to root machines as much as i can upto 3 Feb...

I planned,from 4 Feb to 15 Feb,practice on exercises like buffer overflow and other which i skipped from PDF/Video materials

I almost done 85% PWK material[PDF/Video]

And from 16 Feb to 25 Feb again do lab machines and on 26 Feb will extend my lab time for another 30 Days so that i practice on my to do list with great focus

Suggestion:
Don't rely only on google search. Search everywhere our problem on internet
Before today i was search my problem like this ->

Stackoverflow->github->google

Now,it changed to ->
Stackoverflow->github->google/bing/duck duck go/yahoo -> exploit-db->offensive security itself->youtube/vimeo->archive.org->pastebin/ghostbin

TIP:
if window box then for directory searching whether gobuster or dirbuster,i will use these extension everytime -> asp,aspx,txt,bak,conf,cfm

The concept i learned today to root bob machine i found from some of above places

Thanks

aakashc1

I see no one reply to my thread don't know why
Anyway,nevermind i will continue write my experience everyday here

DAY 3

So,i did only 1 machine today and other 1 machine is in enumeration phase.

Machine 1 -> mike
This machine is good and i did manually as metasploit exploit didn't work but the exploit which didn't work i try to understand that exploit what actually it doing and then by hand manually i did it and this experience to solve this machine was really so awesome.Learned the way we need to solve this machine

Machine 2 -> Barry
I am still enumerating this machine. Actually got headache so i took medicine and went for sleep and just now woke up and will continue with this machine for sometime

Tip:Always understand the application and exploit so that we get knowledge as much as we can
Also in three days i addicted to Terminator and now i am thinking to learn and practice tmux in upcoming days.
Also nikto is our friend helping us a lot. Before that i used nikto sometime only not everytime but as i got suggested from my friend to use nikto always then i see why he said this as it is absolutely correct that nikto will save us a lot during lab time though we not heavily depend on this but not a bad to use it.
Thanks

Machine done so far:
Alice,Bob,HELPDESK,mike,Phoenix

LonerVamp

Good job, and good luck, though with your preparation, you should be doing just fine. Just to interject a counter-point, I find/found using Google searching to suffice as a first step.

JoJoCal19

Thanks for posting your progress aakashc1! One question I have, how do you manually exploit machines? I've always read about people exploiting the machines with Metasploit and then going back and doing it manually. However when I ask how one does manual exploitation, I don't get a good explanation lol. So are you able to give an example of you do a manual exploit, without naming any machines?

aakashc1

JoJoCal19 wrote: »

Thanks for posting your progress aakashc1! One question I have, how do you manually exploit machines? I've always read about people exploiting the machines with Metasploit and then going back and doing it manually. However when I ask how one does manual exploitation, I don't get a good explanation lol. So are you able to give an example of you do a manual exploit, without naming any machines?

Yes sure mate

By exploiting manually means doing attack vulnerable system as same as exploit does. So if we understand the exploit what it does really doing then we can do same as it doing. I am not a very good programmer but i can understand almost of programming language.

Don't use exploit blindly,just see what it doing as backend process. Best thing is reading first and understand and second thing is just intercept them and check what's going on? Like here is example ->

HTB Machine Arieki solution from IPPSEC video on youtube there ippsec what does is add a new proxy in burpsuite and too in msf exploit and intercept them and understood why exploit first failed

Another good approach is use either tcpdump/wireshark and check whats going on as exploit doing

Now another thing is exploit by using tool like -> gdb,gdb-peda,radare2,mona.py etc

I will do BOF exercises tomorrow from PWK Material and will understand mona.py and what i understood in first time reading is exploit thing with mona.py and understand what's going on under the hood

Hope it helps you

Thanks

JoJoCal19

Thanks aakashc1, that helps from a high level, which is usually what I get. So how are you delivering the exploit to the victims manually?

unkn0wnsh3ll

Hi aakashc1,

Good luck on your venture... Personally, I suggest you not to disclose the method like python script on xxx machine or MSF exploit etc. As this leave breadcrumbs and whoever genuinely trying might use this clue.
Hope you don't mistake it

Cheers

aakashc1

After getting response now mine confidence go to next level

Day 4

Today i did 3 machines -> BARRY,PAYDAY,RALPH

Total Machine done -> 8

TIP:Don't overthink and follow guide for methodology from xapax and bitsvijay.Link? just google it

Next Plan ->
Feb 1 to Feb 7 -> PWK Exercises like BOF and others

Also i booked my exam on 11 March 12:30 PM Asian/Kolkata

Thanks

aakashc1

Day 5




Ok , so i today rooted 3 machines. 2 machines rooted easily while 1 machine took some hours to solve




Rooted -> asterisk,tophat,kraken




Total Rooted Machine -> 11




Today i learned something and also i got another note taking software ->

https://github.com/geckom/Attero




And also i used Reconnitre which is too good




Really Doing HTB Machine helped a lot




Thanks

jortjr

How did you like pentesterlab.com pro? Was the cost worth it?

GirlyGirl

You are on a roll. Started in January and already scheduled the exam for 2 months later. That is not the norm. I wish you the best. I guess this was in your blood.

aakashc1

jortjr wrote: »

How did you like pentesterlab.com pro? Was the cost worth it?

https://awesomeaakash.github.io/pentesterlab_pro_review/

aakashc1

DAY 6

So, today i did only machine root and another machine is very very near to root.

I did PAIN and rooted it
I am in shell in GHOST machine and nearly to root. I spend my whole day in GHOST machine and still unable to root it.This machine is really NIGHTMARE for me. PAIN machine was easy and compared to GHOST is nothing.

Will do GHOST machine tomorrow again

Total Machine done -> 12

and today is really so tired day and at the same time very learning day

Thanks

aakashc1

DAY 7

So, I today rooted 2 machines and one machine very close to root. It was totally tired and fun and very learning day.

Today i rooted -> Ghost,Dotty
and nearly root to -> Bethany

Best learning experience i ever got from GHOST Machine. This is superb

Total ROOTED Machine -> 14

ROOTED Machine Names ->
Alice,Phoenix,Mike,Bob,Barry,Tophat,Payday,Ralph,Pain,Dotty,Ghost,Helpdesk,Kraken,Hotline

Thanks

aakashc1

Day 8

So, today is the day where i learned a lot by doing 4 machines. Yes,i rooted 4 machines today. I learned the basic concept of shellcoding part today.

Rooted machines today -> oracle,susie,jd,mail

Total Machine done -> 18

Machine names i rooted ->
Alice,Phoenix,Mike,Bob,Barry,Payday,Ralph,Pain,Dotty,Tophat,Ghost,Helpdesk,Susie,Oracle,Kraken,Hotline,Jd,Mail

TIP:My tip is play with msfvenom manually mean not meterpreter shell and use them with in your exploit and try to learn to modify scripts by understanding them

Thanks

Higgsx

Thank you for posting about OSCP journey. It is helpful.
I have one question. Are Kioptrix challenges(1,2,3,4) almost the same as OSCP lab machines?

P.S I'm going to buy tomorrow PWK training course and soon I'll create my own journey

aakashc1

Day 9

So, i rooted 1 machine only and that is leftturn. Very nice and interesting machine.learned new thing.I might solve more than 1 machine today but i got VPN issue today so i mail offsec staff and mine issue solved after 3:00 PM and after that i started solving machine. Enough for today. Also i played with tmux and i learned it

Machine i rooted today -> Leftturn

Total Machines done -> 19

Total Machine done names ->
Alice,Phoenix,Mike,Bob,Barry,Payday,Ralph,Pain,Dot ty,Tophat,Ghost,Helpdesk,Susie,Oracle,Kraken,Hotli ne,Jd,Mail,Leftturn

TMUX Resource ->
https://hkh4cks.com/blog/2017/12/29/tmux-**********/
https://github.com/samoshkin/tmux-config

Thanks

aakashc1

Day 10,11,12

Rooted 26 machines total.Unlocked IT and Dev Department. Still hard machines like humble and sufferance remaining. Practicing a lot in file transfer and will learn a lot in this area

Thanks

suraj2010

Congrats Aakash Choudhary & Keep going

technogoat

I'll follow this thread

I"m trying to get into infosec but it might take a few more jobs until I land a gig

I like the journal entries since it gives me an idea where/how to go

thanks

aakashc1

Day 13,14,15,16

Rooted humble,edbmachine,sean,sufferance,dj,master,fc4

Total machine done 37

Today i will focus on IT and Developer Department

So much fun and learned.Superb journey so far.Those who want to do oscp this year please focus on HTB+VULNHUB and be calm and play with msfvenom

Thanks

aakashc1

Day 17, superb day. Learned pivoting concept and done two machines of it department and one more from public network and hence i unlocked admin department too

Total Machines done -> 40

woooootttt

suraj2010

Congrats and Keep Going

gphalpin

Thanks for posting. I'm also taking the Offensive Security Kali Linux Pen Testing class and labs. I've been so busy with late nights at work that I got sidetracked. I have many years IT experience but no previous pen testing experience. I finished the videos and have worked along with my test VM. Now that it's my time to start hacking, I don't even know where to begin. The class is all a big blur to me now...event though I have lots of notes.

I've scanned via nmap and got a list of all the lab IPs that are up. I've also scanned the top 20 ports of all the systems. I've tried Metasploit but when I try the command: show auxilary, I get an error. It's been one problem after another. I'm going back to review my notes to see where to begin over.

I'd appreciate any help getting me on track. Thanks.

aakashc1

gphalpin wrote: »

Thanks for posting. I'm also taking the Offensive Security Kali Linux Pen Testing class and labs. I've been so busy with late nights at work that I got sidetracked. I have many years IT experience but no previous pen testing experience. I finished the videos and have worked along with my test VM. Now that it's my time to start hacking, I don't even know where to begin. The class is all a big blur to me now...event though I have lots of notes.

I've scanned via nmap and got a list of all the lab IPs that are up. I've also scanned the top 20 ports of all the systems. I've tried Metasploit but when I try the command: show auxilary, I get an error. It's been one problem after another. I'm going back to review my notes to see where to begin over.

I'd appreciate any help getting me on track. Thanks.

codeninja#8112 < my discord id. come there and i will guide you
Thanks

aakashc1

Lab time 6 days more left for me and today i started exercise. My plan to do exercises from today to 25 Feb and on 26th and 27th Feb i will review my lab and to do list things.Today done some exercises and now i am o BOF exercise and i will take time on this one

Total machine done 44 so far and almost learned the concept of Pivoting and still learning. My client side weakness problem is still on and because of this 4,5 machines left.

My tip is to get your hands dirty on client side and pivoting techniques and think outside of the box

Thanks

aakashc1

Today is 22 Feb and and my lab will finish on 27 Feb so counting from tomorrow i will then 4 days left only for lab but the main thing is i really learned a lot and enjoying.

As i rooted only 44 machines and was on 45th machines since 4 days then i left it and then started exercises and you know what these exercises really not disappointing us. I started solving exercise for future lab report but i found this is the thing not for lab report only but also for increase our knowledge purpose.

I highly suggest other to purchase 60 days course and take your time on materials atleast 2 to 3 weeks and then jump to solving labs.

As i had experience on solving vulnhub + HTB Machines so i started directly jump on labs but now i see why others said about materials first.

Really we all have weakness on some particular area or areas and from the material we should cover our weakness so that our weakness vanish.

I am really learning lots of things on doing exercises

One thing i also want to suggest of my experience

As i was stuck on 45th machine for 4 days but what i was really not focusing on learning rather than asking solution of that machine. Then my friend said me you are struggling in this machine because you are not focusing on problem.Just take a break and then come to this machine think what's the problem it has and then solve it. So, i appreciate this advice and i will solve that machine at night or may be in morning soon

So, friends please take your time on problems rather then asking solution and if unable to do things just take break and read materials then start again. It really help us a lot of time

Thanks

aakashc1

23 Feb, and still 4 days left to 27Feb which is my last date for OSCP Lab and i have done 90% of exercises and will complete tomorrow. Lots of things in exercise which i learned like client side exploit which is my weakness and still more to learn. Superb day is going on. Yesteday night i also tried again on my 45th machine but failed so now i will again try today night.
Thanks