Been awhile - OSCP

f0rgiv3n

Hello out there, I haven't been on techexams for several years, i was super stoked for a while and took a long hiatus on certs in general as I wasn't sure where i wanted to go with my career.

I wanted to reach out to say hey and that I'm working on my OSCP. All the threads have helped me be inspired again. I did 30 days of lab time and it started out great, I was having a blast but about 3 weeks in a got hung up and then had a medical issue and couldn't finish it out...

I came back after several days break and felt like I had lost a bit of my momentum. I let it expire and decided to take a week to do some "supplemental" studying on some areas I'm weak in:
- Buffer overflow
- Privilege Escalation
- (Scripting in general)

I think i got a bit overwhelmed and disappointed a few times and I need to get back on the horse and keep riding!

Anyone have any pointers on how I can improve my Buffer Overflow skills/understanding and privilege escalation skills?

airzero

My advice is to just get back at it, but don't burn yourself out. I went way too hard int ehlabs when I first started and burned out after I failed the exam the first time. Took months to get back to that motivated state, so definitley don't over due it.

As for the buffer overflows, my advice would to just follow the course material slowly. Run through the example multiple times and really understand how it works, everything you need to know is in the course material and it won't go much deeper then that (maybe one or two surprises that are not too difficult ).

For the priv esc.

FuzzySecurity | Windows Privilege Escalation Fundamentals - Windows Priv Esc
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ - Linux Priv Esc

Those are really the best two guides for the OSCP. The point of it being is that these will get you the information you need, then you need to do some digging on the specifics of that information to find the vulnerability. You can also look into enumeration scripts like LinEnum.sh or LinuxPrivChecker.py.

Good luck man!

f0rgiv3n

that is incredible, thank you so much airzero. I appreciate the resource references and the advice regarding not burning out. I've done that before and I think was close to it this time. I'll look thos eover and go back through the course material again.

Thank you!

jjones2016

download an old windows XP and the vulnerable software that they use as an example in the guide...Then watch the videos and practice on your own. Only note, the return address will be different...

aakashc1

f0rgiv3n wrote: »

Hello out there, I haven't been on techexams for several years, i was super stoked for a while and took a long hiatus on certs in general as I wasn't sure where i wanted to go with my career.

I wanted to reach out to say hey and that I'm working on my OSCP. All the threads have helped me be inspired again. I did 30 days of lab time and it started out great, I was having a blast but about 3 weeks in a got hung up and then had a medical issue and couldn't finish it out...

I came back after several days break and felt like I had lost a bit of my momentum. I let it expire and decided to take a week to do some "supplemental" studying on some areas I'm weak in:
- Buffer overflow
- Privilege Escalation
- (Scripting in general)

I think i got a bit overwhelmed and disappointed a few times and I need to get back on the horse and keep riding!

Anyone have any pointers on how I can improve my Buffer Overflow skills/understanding and privilege escalation skills?

Hi buddy

For Buffer Overflow :
practice some vulnhub machine regarding buffer overflow like brainpan series

Also checked these below :->

https://pastebin.com/xaRxgYqQ

https://pastebin.com/VfwhT8Yd

https://pastebin.com/Xjr7eQnp

https://www.youtube.com/watch?v=OOkU7to0Ty4

For Privilege Escalation:

beside above posts check this too :

https://github.com/sagishahar/lpeworkshop/blob/master/README.md


Hope you like

Thanks

f0rgiv3n

Thanks a ton! I'll keep ya posted how the whole thing goes!!

f0rgiv3n

Question... how often do you actually write out your own buffer overflow "in the wild"?

I'm starting to wonder some things and it seems a bit odd to be sitting here with full control of a system doing all this research to create my own buffer overflow. is that something that is common? Or only mostly in the "research" side of things? How does a buffer overflow look when you don't already have full access to the system to see what's going on in memory? Are you just using known scripts based on the version you have identified?


Sorry for all the questions, I'm a bit frustrated right now because of the complications... :P

LonerVamp

If you're doing research or bug hunting, it can be often enough. Some CTFs as well.

For some pen testers you will as well, but I'd say that is below 50% of all testers. Probably way below that.

For 95% of infosec, you won't ever write a buffer overflow.

For your direct question, you don't really find buffer overflows if you don't have the ability to inspect memory, which requires access. You won't run up against a system you don't know and start to fuzz it and find a crash and such. You do that when you can download the application/executable and control the environment.


That said, knowing how it works and having done simple examples (like in the PWK course) help separate candidates a bit. It also helps when you run across an application that someone else has already overflowed for you and uploaded exploit code to EDB. You'll be able to read and understand what is going on, and how that may apply to your immediate testing.

f0rgiv3n

LonerVamp wrote: »

If you're doing research or bug hunting, it can be often enough. Some CTFs as well.

For some pen testers you will as well, but I'd say that is below 50% of all testers. Probably way below that.

For 95% of infosec, you won't ever write a buffer overflow.

For your direct question, you don't really find buffer overflows if you don't have the ability to inspect memory, which requires access. You won't run up against a system you don't know and start to fuzz it and find a crash and such. You do that when you can download the application/executable and control the environment.


That said, knowing how it works and having done simple examples (like in the PWK course) help separate candidates a bit. It also helps when you run across an application that someone else has already overflowed for you and uploaded exploit code to EDB. You'll be able to read and understand what is going on, and how that may apply to your immediate testing.

Thanks man. This helps a lot. I honestly don't find the buffer overflow stuff all that interesting so knowing that it's not really a huge part of pentesting in general is actually a relief. I'll definitely continue with practice and learning but this helps me breathe a bit easier so thanks again!

drifta303

Hey mate. Re buffer overflows its a bit tough to get it into your mind but once you do you are good. I attempted the oscp exam and failed everything but at least got the overflow.. its worth learning for the exam because once you get it you at least will know how to do one big task in the exam . All the other boxes in the exam i couldn't find any way in

f0rgiv3n

drifta303 wrote: »

Hey mate. Re buffer overflows its a bit tough to get it into your mind but once you do you are good. I attempted the oscp exam and failed everything but at least got the overflow.. its worth learning for the exam because once you get it you at least will know how to do one big task in the exam . All the other boxes in the exam i couldn't find any way in

Thanks a ton for responding drifta, this helps me feel a bit more understand going into it. My confidence level is pretty low right now since I still feel like "pentesting as a job" is a pie in the sky dream but hey it's only ever real when it's real. I'll just keep pluckin' away at it all. Thanks for the confidence boost in buffer overflows.