Not Another OSCP Blog

ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
I have "officially" started OSCP again. This will be my second attempt, as I tried and failed miserably 4 years ago due to my lack of drive, inexperience and lazyness. This failure made me fear and respect the OSCP, so I have avoided it until now. Due to possible future changes in my work/personal life, I have to accelerate and boost my career a bit. The first step was getting a cloud security certification, the second will be tackling the OSCP and the third will be becoming a CISSP.


My preparation for the OSCP was completing the eLearnSecurity PTP course, which refreshed my pentesting skills and showed me that I can do offensive stuff if I want to. As I said earlier, I failed because I was lazy, so I will try to go all in this time. Read all the chapters, complete all the exercises, root as many machines as I can and try harder. I have no lab time currently, I'm writing the scripts for the exercises 'offline', so I will just need to run them once I renewed and anything that I can do without the labs (DNS or the bash scripting) I do it now.

Currently I finished 50% of the book including both stack overflows and plan to renew my lab right after I finished all the videos. Right now, I have no problems with the materials or the exercises, either I got much more experienced or I'm actually investing time into studying instead of blindly pwning the lab machines. Either way, I'm eager to get back into the labs and gain more experience. icon_thumright.gif
«1

Comments

  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Book finished and most of the offline exercises as well. I will watch all the videos next week, but I'm currently doing Blue Sentinel Security's Penetration Testing with Powershell Empire course.
  • JoJoCal19JoJoCal19 Posts: 2,711Moderators mod
    Good work ottucsak. Having done the PTP course, do you feel much better prepared this time?
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I feel like I'm more prepared mentally/psychologically after passing PTP, but most of the stuff that I learned are from other resources. I don't know, so much time has passed and I'm not sure why I feel better prepared. One thing is for sure, last time I had a hard time even with the lab exercises and now I know how to do all of them, without hesitation.
  • MalwareMikeMalwareMike Posts: 124Registered Members
    Im currently working on the PTP course right now...whats your thoughts on the class/exam?
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I wrote my thoughts about the exam here a few threads below. It was a good experience, we will see how much it helps in the labs. icon_thumright.gif

    Updates:
    I had a 90 days lab voucher from 3 years ago, but it expired. I contacted the Offensive Security support and they renewed it for $180, so I don't need to spend $600 for labs again. I plan on starting tomorrow, exercises first.

    Meanwhile I also completed Penetration Testing with PowerShell Empire on Udemy and did some hands-on exploitation. Still haven't watched all the videos, but plan to do it today at work. icon_twisted.gif
  • MalwareMikeMalwareMike Posts: 124Registered Members
    Have you attempted any boxes on HackTheBox, VulnHub, and/or Pentesters Lab?
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I did all the "OSCP-like" machines on VulnHub, a privesc workshop and a few CTFs. Will do HackTheBox or Virtual Hacking Labs if/when I fail the OSCP exam.
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I started yesterday morning, half of the exercises are done and accidentally drew first blood. I want to pump out all the exercises quickly to focus on the labs as I see targets everywhere.
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I finished all the exercises in the lab, except 3 that require more fiddling: pass-the-hash, tunneling, password attacks. I jumped on the labs, planning to go from easy machines to hard machines, but I accidentally choose 2 hard-ish ones, Sherloc and Phoenix. I managed to tackle both of them in a few hours, learned a bit about compiler switches, a/b/c plans, proper enumeration, finding JMP ESPs and trying harder. Everything is going better than expected. icon_cheers.gifRooted: Alice, Sherloc, Phoenix.Update: Also got Bob and Alpha today.
  • JoJoCal19JoJoCal19 Posts: 2,711Moderators mod
    Good work man!
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I have 12 roots so far. Working on the machines every day for 6-12 hours depending on free time. My method is to hack every machine one way with Metasploit and exploit them manually after I pwnd everything. This way I have maximum exposure on the different type of vulnerabilities covered and I can rely on known good exploits as a sanity check.
  • MooseboostMooseboost Posts: 755Registered Members ■■■□□□□□□□
    Bob was my arch nemesis for quite some time. Felt like slapping myself after I got him though. Looks like you are maxing good progress! By the way, a great chat to be in: netsecfocus.com. Use to be on Slack but now they have shifted to Mattermost. The OSCP channel on there is full of a good group of guys. I honestly don't know if I would have made it through the labs without bouncing ideas off of people in there. Everyone there is going through the labs so you will get extra resources all the time. Not so much in the way of hints, more of a "hey I found this really cool script for doing this thing!"
    2018 Certification Goals: OSCE
    Blog: https://hackfox.net
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Thanks Mooseboost, I'm trying hard(er). icon_lol.gif

    Progress update: 18 machines down, including Pain and Bethany. These two were hard. Not impossible, but hardened in a funny way that you are forced to go down a path. I especially hate machines that have prerequisites. I already found 3 of them. icon_rolleyes.gif

    Anyways, looking forward to the weekend so I can make some more progress without interruptions.
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Status update after 14 days. I have 31 full roots, scheduled the exam for the end of next month. Contrary to popular opinion the machines are not hard, they don't expect you to do crazy things. There is always a way you can make your life easier, you just need to find it. There are no 0days here, you are only expected to chain basic vulnerabilities one by one, until the machine pops.

    Name of the fallen:
    Alice, Phoenix, Mike, Bob, Bob2, Barry, Payday, Ralph, Pain, Leftturn, Bethany, Alpha, Beta, Gamma, Tophat, Dotty, Sherloc, DJ, Gh0st, FC4, Helpdesk, Susie, Oracle, Kraken, Hotline, Observer, Master, Jeff, Niky, Joe, JD.
  • JoJoCal19JoJoCal19 Posts: 2,711Moderators mod
    Awesome progress man! Good luck on your exam attempt. I'm interested in seeing how far you can go in machine count before the exam.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • securitychopssecuritychops Posts: 29Registered Members ■■■□□□□□□□
    Way to go on the progress! Also, don't forget to have fun on that final exam, passing is of course the goal, but having fun is important too! :D
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Thanks guys. I will go until I have no more machines that I can realistically pwn and then do all the machines again, using only manual exploitation. Right now I'm only grinding machines, trying to get a feel for the vulnerabilities, techniques, building up patterns, etc. The most important thing is to have a checklist and to keep calm. If what you are doing is super hard, you are on the wrong path.

    securitychops: I have fun during the labs. On the exam my only goal will be to pass. :D
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Another update: 40 machines down and running out of machines from the public network. There is only a few hosts left to crack open in the main network segment, including two of the big ones. I have IT, Dev unlocked and cracked a few machines that were easy to get. I will try to get Humble and Sufferance this weekend so I can properly move on to the "other" networks. icon_cheers.gif
  • MooseboostMooseboost Posts: 755Registered Members ■■■□□□□□□□
    Making fantastic progress man. Humble and Sufferance are both fun boxes, though priv esc on Humble kind of disappointed me.

    Do you have a date in mind for your exam?
    2018 Certification Goals: OSCE
    Blog: https://hackfox.net
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I scheduled the exam for the end of August. I was lucky as all the exam spots were filled super soon after the proctored announcement. :)

    Update: Fully compromised IT, but Dev gave me a brain meltdown, so moved on from the PWK labs to HackTheBox. I want to get as much exposure as I can get to make the exam a 'walk-in-the-park'. Got 5 machines down so far and everything is a tad harder than the OSCP labs. More CTF like, more up-to-date, BUT unfortunately more guesswork is required, which I really don't like. icon_rolleyes.gif

    I also wrote half of my lab report and it's super long. It's totally not worth the five points, but I will do it just to be on the safe side. Though I must say I will be rather disappointed the pass/fail depends on those five points.
  • meni0nmeni0n Posts: 63Registered Members ■■□□□□□□□□
    Keep checking the exam spots everyday. I found that a lot of times a spot opened up a few days/week ahead due cancellations or reschedules.
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Finished the lab and exercise report (over a hundred pages for 5 points), rooted 11 HackTheBox machines, now compiling cheatsheets and will have a go at the lab machines once again, plus the recommended HTB boxes.

    I'm really good at all aspects of Linux/Unix including privilege escalation, but have harder time with maneuvering on Windows without Meterpreter. I can still pwn everything it just takes more time, so this is an area that I plan to focus on now.

    Overall I feel ready for the exam, but I have to wait until the end of the month because there are no closer exam spots. I really hope that I will not fail, cause I don't want to wait 1.5 months again. :D
  • securitychopssecuritychops Posts: 29Registered Members ■■■□□□□□□□
    ottucsak wrote: »
    Finished the lab and exercise report (over a hundred pages for 5 points)

    I feel you on this one, I think mine was around 142 pages ... but if you need those five points then it was time well spent! :)

    Honestly I think the biggest benefit I got from doing the lab/exercise report was learning how to put together a report in the format they were looking for. If I had waited until the final exam to write the first report I would have been in a world of pain, but happily when it came time I had already suffered through the process and was able to roll through the reporting without much issue! So good job on doing those reports!

    Good luck on the exam at the end of the month! It is corny I know, but I did find myself listening to their OSCP song ( https://vimeo.com/150495755 ) when I needed a gentle push. You got this! :D

    * Side note, keep checking back on the exam scheduler as sometimes a closer spot will pop up due to a cancellation, etc and you can slide the exam closer.
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    They updated the exam scheduler recently and unfortunately, there are no more early exam opportunities anymore. This might be due to the new system or to the fact that everybody wants to schedule their exam before the proctoring kicks in. icon_sad.gif

    Ouch, 142 pages is long. For me most of the value was in completing the exercises, I learned a few things that I would have skipped otherwise.

    Thanks! I'm not too worried about the exam, if it's anything like the labs, I don't need to try harder, I just have to make sure that my enumeration is thorough. :)
  • mirror51mirror51 Posts: 80Registered Members ■■□□□□□□□□
    I feel you on this one, I think mine was around 142 pages ... but if you need those five points then it was time well spent! :)

    Can anyone provide me some link to sample report of any single lab , i want to see how does real report look like .
    LIke we have lab walkthrough available on you tube , i am looking for real sample reports as well

    Thanks
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Update time: still tinkering on HTB, learned a lot about Windows privesc/exploitation and I'm finetuning my exam tools. Overall with PTP, Vulnhub and HTB I'm probably around a hundred pwnd hosts, so I'm really looking forward to the exam.
  • mirror51mirror51 Posts: 80Registered Members ■■□□□□□□□□
    ottucsak wrote: »
    Update time: still tinkering on HTB, learned a lot about Windows privesc/exploitation and I'm finetuning my exam tools. Overall with PTP, Vulnhub and HTB I'm probably around a hundred pwnd hosts, so I'm really looking forward to the exam.

    How many Vulnb labs did u try , I can see there are many labs on vulnhub but mostly blog mention only 15 labs from there
  • securitychopssecuritychops Posts: 29Registered Members ■■■□□□□□□□
    mirror51 wrote: »
    Can anyone provide me some link to sample report of any single lab , i want to see how does real report look like .
    LIke we have lab walkthrough available on you tube , i am looking for real sample reports as well

    Thanks

    Offensive Security provides report templates at the following location under Suggested Documentation Templates:

    https://support.offensive-security.com/#!oscp-exam-guide.md#Suggested_Documentation_Templates
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I did around 10 vulnhub machines I guess. All Kioptrix ones, plus some others that I can't remember.
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    HTB VIP is expiring tomorrow, so I spent my last day hacking Windows machines to get better. Got system on 4 machines and user on one. Yesterday I did some buffer overflow practice with Immunity and Mona, took me 30 minutes to pwn VulnServer.exe. Exam is on Thursday, really looking forward to it. icon_thumright.gif
«1
Sign In or Register to comment.