OSCP 06-02-2018 Accountability Thread

TL;DR: I signed up for 60 days (projected to go 90) of lab for the OSCP starting June 2nd. This will be my journal/thread from that day forward.

I was a little reluctant to record this, because whether one or several hold me accountable; someone is. This is to get me to put the games down for a few months, and put the Friday work week finale's on hold. This is what I feel is necessary.

Background: I'm a skiddie at best. I do not have any professional experience in Penetration Testing/Red Team. I've read many books, from Georgia's Penetration Testing book. David Kennedy's Metasploit book. Parts of Gray Hat Hacking, Art of Exploitation, Violent Python, and I've done a few udemy courses for fun. I just received the new Hacker's Playbook.

Strengths: I enjoy this. I spend nights playing with vulnhub for fun. Most of the vulnhubs I've done, I used metasploit and msfvenom. (Mind you this was just because I was trying to learn metasploit). I completed eJPT relatively quickly (I know not even comparable). I understand networking and is my full time job.
I have an entire workspace (converted the dining room) in my home with two 32-inch monitors with dry erase board. May go 3 monitors. Depends. This will be command and control. Lots of desk space.

Weaknesses:
Dev skills are mediocre at best. I can read and understand and modify programs and scripts, but writing it from scratch is a whole different ball game. Python and Bash are the only two that I am relatively competent in comparison to the others. I could never get a job as dev.

Opportunities: None. This is just for fun. I'm Pvt. Joker in the rear with the gear in FMJ wanting to experience "the suck" that everyone talks about. I want that "stare." There is no financial gain or bragging rights because nobody in my workspace or friends circle know wtf offensive sec is.

Threats: Time. External Influences. Friends and coworkers won't understand the purpose and I don't have the patience or time to explain. They will attempt to drag me out of my cave. They will bother me for the next 90 days to go out to eat. Drinks. Play some PUBG or State of Decay 2. GF will do the same, but I told her to put her feelings in autonomous mode because she will become irrelevant most of the week. ( relax, i'm being facetious).

Schedule:
Sat June 2nd is D-DAY. Just as it's been said many times before. Print and read the PDF > Complete the exercises > Hit the labs>Test.

Days:
Work M-F 630-3pm: (I can make time to read). Problem with my work environment is it goes 0-100 real quick so it can be difficult to get some time to read. This is time I wont be able to do any labbing or exercising. Just reading. I may bring a laptop on the days I decide to stay after work and sneak a few labs in, but I can't count on it because despite my private network, it doesn't look good to have Kali Linux with text streaming down the screen in a secured environment. Then again, I doubt anyone would know what I'm doing and I could just say i'm "programming" before the curious scurry's off.

Off-time M-F 4pm-9pm: This is when I can complete exercises and labs. I will sneak my daily 12-15 minute catnap to stay refreshed. I imagine my coffee maker will go kaput sometime around here in this window.

Sat - Sun: These will be my sprint periods. 9am - 9pm. With 1-hour lunches and maybe a 15min snooze somewhere in there. Saturday's can go into over-time beyond 9pm. Crash modes incase I fall behind. (I will.)

Month 1: I want to be completely done with the PDF and Exercises. I will cross out the syllabus as I go. I want to make sure I have a solid understanding of this "method" everyone speaks of.

Month 2: Labs Labs Labs! July 31st, I want to be complete with the Labs!

Month 3.
Overtime. I know the Threats are stronger than I make them out to be. I know I will get burned out and will need a day break or so. Going to the bar and gassing up with the friends maybe. Hell, I may even cut those evening breaks short just to come back home and attempt the impasses in a more relaxed state.
I want to complete all the labs. I already have a large white sheet of paper pulled out where I will mark everything based on what I believe the difficulty is. HVT's will be the hardest ones. They will be the Aces. That way, if they turn out to be easy, it will surprise me. I will put them in order based on names and enumeration.
If I feel comfortable by day 90, based on what I have read, I will schedule the exam. I don't see this being the case, but I don't really know what I am in for either. I am open to a Month 4.

Who Should Follow:
n00bs, nubs, noobs, newbies, newbs, skiddies. In regards to pentesting, I'm a noob.

I will try to update daily. No promises. But I want to so I can stay accountable and of course use it to reread one day. I may look at official updates weekly with the occasional daily vents.

Footnotes: Maybe I'm overthinking this. I don't know. I'm not an optimistic person so this could just be my natural thinking habits. My chances of success, I believe, without knowing anything is 80%. This is an optimistic outlook, but I believe I should say 100%, but I can't. There is a chance I will fail, and when I say fail, I mean quit. Why? No idea. I'm just being pessimistic.


See you June 2nd!
Current: OSCP

Next: CCNP (R&S and Sec)

Follow my OSCP Thread!

Comments

  • EANxEANx Posts: 1,049Member ■■■■■■■□□□
    Opportunities: None. This is just for fun. I'm Pvt. Joker in the rear with the gear in FMJ wanting to experience "the suck" that everyone talks about. I want that "stare." There is no financial gain or bragging rights because nobody in my workspace or friends circle know wtf offensive sec is.

    Gotta respect someone who simply wants to learn. Too many people never try to improve themselves and even here, too many people need a kick in the pants to start studying.
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,865Member ■■■■■■■■□□
    Ha cool! I am in the same class/course start date. I start June 2nd too, good Luck!!! We can PM resources later, I can’t type much on the phone.
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • JoJoCal19JoJoCal19 California Kid Posts: 2,797Mod Mod
    Good luck man!! Sub'd to the thread. Will follow your progress for sure!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • MooseboostMooseboost Senior Member Posts: 773Member ■■■■□□□□□□
    You have a plan and that is most of the battle when you are first starting out. The pace you go at will determine the length of lab time that you need, but 60 days is a great starting point. I recommend doing the PDF and the videos together as it seems like they intentionally leave out things that will be covered by each other. By the time you finish the exercises, you should have a pretty good grasp on some low hanging fruit and will be hitting the labs with potential roots ready to roll.

    Good luck man!
    2019 Certification Goals: OSCE OSWE
    Blog: https://hackfox.net
  • Moldygr33nb3anMoldygr33nb3an Posts: 241Member
    Thanks Everyone!

    Date:
    June 2nd 2018.
    Time: 11:40pm

    Update:
    I am just testing my format for future posts. That said, I received all the documents and videos at 1900. I went ahead and downloaded and printed the 380 page document (RIP Work Copier). I set up a 3 monitor workstation at home with a corner desk and one of those outdoor tables to encompass 3/4 sides. Stretched out a roll of white paper across and stapled it to it for writing. Used that to create a quadrant chart and title it the lab domain. It's nice little setup I believe. Anyway, I read 43 pages, watched 11 videos. Did two simple exercises and think i'm going to call it. Tomorrow i'll start looking at the scripting and work with the exercises.
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,865Member ■■■■■■■■□□
    Good luck bro! I got my course materials earlier today, but I was working on the eCPPT test right now lol I just finished rooting everything in the eCPPT exam too. So glad because I don't want to waste any of these 90 days from the PWK. Now I just need to write my report for the eCPPT exam.

    Here are some recommended materials to cover and research outside of the course pdf.

    Reviews/guides

    The Penetration Testing Execution Standard

    https://blog.g0tmi1k.com/2011/07/pentesting-with-backtrack-pwb/

    https://dejandayoff.com/oscp-review---felt-the-pain-and-suffered-through-it/

    https://support.offensive-security.com/#!oscp-exam-guide.md

    https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob

    https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms


    This guy has good insight and a good video of his progress
    https://www.youtube.com/watch?v=5NvBujK_0dQ&t=5s

    Linux privilege escalation:
    https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

    Windows Escalation techniques:
    https://www.fuzzysecurity.com/tutorials/16.html

    https://www.youtube.com/watch?v=kMG8IsCohHA

    Learn nikto:
    https://cirt.net/Nikto2

    Dirsearch:
    https://github.com/maurosoria/dirsearch

    IPPSEC videos:
    https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

    NMAP **** sheet:
    https://highon.coffee/blog/nmap-****-sheet/

    Pentester Academy: Exploiting Simple Buffer Overflows on WIN32
    Exploiting Simple Buffer Overflows on Win32

    WIN32 shellcode
    https://www.codeproject.com/Articles/325776/The-Art-of-Win-Shellcoding#ch3.2


    Hack VMs:
    Metasploitable
    pwnOS
    pwnOS.com
    https://medium.com/@rafaveira3/pwnos-2-0-walkthrough-fe5bcc9f6e05

    Kioptrix
    Kioptrix » Downloads

    Nebula
    https://exploit-exercises.com/nebula/
    Protostar
    https://exploit-exercises.com/protostar/


    Pull an all nighter
    https://lifehacker.com/how-to-pull-an-effective-all-nighter-1569813126


    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • Moldygr33nb3anMoldygr33nb3an Posts: 241Member
    I wish I could give you more rep. Thanks brotha! Goodluck. PM anytime!

    chrisone wrote: »
    Good luck bro! I got my course materials earlier today, but I was working on the eCPPT test right now lol I just finished rooting everything in the eCPPT exam too. So glad because I don't want to waste any of these 90 days from the PWK. Now I just need to write my report for the eCPPT exam.

    Here are some recommended materials to cover and research outside of the course pdf.

    Reviews/guides

    The Penetration Testing Execution Standard

    https://blog.g0tmi1k.com/2011/07/pentesting-with-backtrack-pwb/

    https://dejandayoff.com/oscp-review---felt-the-pain-and-suffered-through-it/

    https://support.offensive-security.com/#!oscp-exam-guide.md

    https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob

    https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms


    This guy has good insight and a good video of his progress
    https://www.youtube.com/watch?v=5NvBujK_0dQ&t=5s

    Linux privilege escalation:
    https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

    Windows Escalation techniques:
    https://www.fuzzysecurity.com/tutorials/16.html

    https://www.youtube.com/watch?v=kMG8IsCohHA

    Learn nikto:
    https://cirt.net/Nikto2

    Dirsearch:
    https://github.com/maurosoria/dirsearch

    IPPSEC videos:
    https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

    NMAP **** sheet:
    https://highon.coffee/blog/nmap-****-sheet/

    Pentester Academy: Exploiting Simple Buffer Overflows on WIN32
    Exploiting Simple Buffer Overflows on Win32

    WIN32 shellcode
    https://www.codeproject.com/Articles/325776/The-Art-of-Win-Shellcoding#ch3.2


    Hack VMs:
    Metasploitable
    pwnOS
    pwnOS.com
    https://medium.com/@rafaveira3/pwnos-2-0-walkthrough-fe5bcc9f6e05

    Kioptrix
    Kioptrix » Downloads

    Nebula
    https://exploit-exercises.com/nebula/
    Protostar
    https://exploit-exercises.com/protostar/


    Pull an all nighter
    https://lifehacker.com/how-to-pull-an-effective-all-nighter-1569813126


    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,865Member ■■■■■■■■□□
    The June crew! We will include Moose too even though he started a little earlier lol
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • Moldygr33nb3anMoldygr33nb3an Posts: 241Member
    Date: June 5th 2018
    Time:
    7:24am

    Update:
    Page 129 of 380. I have been taking my time on reading the material and watching the videos. I watch a few videos, then I read the supporting material followed by the exercises. I notice not everything in the reading material is in the videos, and visa versa. I ran a few scans against the lab yesterday. Trying to get a total number of machines with a few passes. I've counted 41 so far, however this has changed since the last time I ran a bash script against the subnet. I have yet to see which devices are hiding behind other devices and which ones are filtering TCP traffic. I've been tempted to run an nmap with -A option against the whole subnet, but something tells me this wont work so I'll just take my time against each live address. One at a time. Build a portfolio of each device. And of course see which hosts are only listening to UDP traffic. I created folders with .txt files named the ip address and hostname. So far, I have been able to enumerate Alice and Kevin. They appear to be easy, but I have yet to attempt anything - correction, I did find a device listening on port 80, and incidentally found a parameter vulnerable to XSS. Shout out to Vikash Chaudhary's web app course, I was able to poke around and find it. I did however document my findings and immediately closed it before I went down a rabbit hole (something that appears to be an easy thing to do here). I write what info I gather on a sticky note color coded based on open ports, Operating System and hung up on the wall for later organization. So far so good. Work has been relatively slow so ive taken the reading material and videos with me on a DVD to watch when I have free time. Then when I get home, I run through the exercises and read until 10-1030pm. So far, so good. Next is buffer overflows.


    PS: I've learned to use the forums. I ran into an issue with the lab and started trying to fix what I believed to be the issue. Although I was right in what I suspected was the problem, once I realized it was a huge issue on the forum, I was able to resolve it an easier way. So yea, there can be issues in the labs. Use the forums

    Edit: I've also kept my RTFM close by. I recommend you get this.
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • Moldygr33nb3anMoldygr33nb3an Posts: 241Member
    Date: June 9th 2018
    Time: 8:16pm

    Update:
    I have made it a point to read over the buffer overflows section several times. I really want to concrete the information because I believe this is a core part of what I may experience in the labs and exam. Lower level languages such as assembly has never been my strong point but it is making much more sense after practicing.

    I decided to change up my note taking from directories and sub directories and .txt files and ported all information to Cherry Tree. I love this little program. It's free. The UI is friendly and seeing little cherries makes me happy from time to time.

    I should be 100% complete with the buffer overflows with windows tonight. I'm enjoying a bottle of wine and going through the execution flow for certain programs. Way more relaxed from when I was trying to decipher what the hell all the hexadecimals were.

    Read. Watch. Practice. Read. Watch. Practice.

    I have been struggling to get time at work to read, but I take responsibility for that. I think I create more work for myself to get out of reading the chapter over again lol. It's okay. I've got it now so it's reminded me the methodology of repetition works despite already knowing this! haha

    Cheers!

    Day 7
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • MrAgentMrAgent Posts: 1,305Member ■■■■■■■□□□
    ... Three weeks lay-ta
    How's it going? Still going at it?
Sign In or Register to comment.