Calling all Penetration Testing with BackTrack (PWB)/OSCP students!

Judging from recent comments made by some of us here at TE, it appears that some of us will be either starting or resuming our OSCP studies in January, 2012. This thread is being created as a placeholder so that we can bounce ideas off each other, motivate one another, and share our experience as we go through this painful, yet fascinating course.

A few words of advice from someone who has already started the course:

1-) Familiarize yourself with Metasploit here.
2-) Familiarize yourself with bash scripting here.
3-) Familiarize yourself with python here.
4-) Familiarize yourself with the exploit development process by going over some of these tutorials, courtesy of the Corelan Team.
5-) DO all lab exercises, even the extra miles.
6-) Divorce vulnerability scanners. You will NOT be allowed to use them in the exam, so they will be of no use to you.
7-) The use of the Metasploit Framework (MSF) is limited in the exam, so ensure you are NOT dependent on it for exploitation of different targets.
icon_cool.gif Reset lab machines prior to running a port scan on them. Run different port scans TCP / UDP, and do not rely on the standard ports used by tools such as NMAP.
9-) Lab machines exist for a reason, so do not be afraid to attack them in any way, shape or form.
10-) Think outside of the box and do additional research when necessary.
11-) Spend as much time as you can in the labs and try to pivot to other networks.
12-) When in doubt, Google is your best friend.
13-) Persistence is the key. Do not get discouraged if something does not work as expected. Also look for different avenues to attack certain targets.
14-) Document EVERYTHING. Documentation CAN provide you with the few extra points needed to pass the certification exam.
15-) Last, but not least…HAVE FUN!

Please be mindful of the NDA when positing comments in this thread. It’s OK to be helpful, but let’s be ethical and professional about it. Let the PAIN…error…FUN begin!!!
Every day hurts, the last one kills.
«134567

Comments

  • ibcritnibcritn Posts: 340Member
    I will be registering for January 2012 time frame. I appreciate you posting some links and advice, I will check that out when I get home tonight.

    I am ready for the challenge!
    CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+

    Next Up: Linux+/RHCSA, GCIA
  • chrisonechrisone Senior Member Posts: 1,792Member ■■■■■■■■□□
    I might look into this after i finish my CCNP Security in late 2012. Defenitely have to get some PEN testing experience/studies under my belt for security purposes. Thanks for the information and guidance.
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), SANS Security West SEC660 (May), SANS Network Security FOR508 (Sept),
    Certs: SLAE, GCIA (in progress), GCIH, GXPN, GCFA
  • rogue2shadowrogue2shadow Cyber Ninja III Posts: 1,501Member ■■■■■■■■□□
    Already started as of 12/10/11 (going for 90 days). This is going to be a painful one :)

  • chrisonechrisone Senior Member Posts: 1,792Member ■■■■■■■■□□
    Dont make it out to be painful, that means you dont like it and there for you shouldn't even waist your time my friend. You should enjoy and love every minute you spend learning the material you are interested in. Unless you are forced to study it i guess.
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), SANS Security West SEC660 (May), SANS Network Security FOR508 (Sept),
    Certs: SLAE, GCIA (in progress), GCIH, GXPN, GCFA
  • phoeneousphoeneous Go ping yourself... Posts: 2,330Member ■■■■■■■□□□
    Is python big in the pentest scene?
  • rogue2shadowrogue2shadow Cyber Ninja III Posts: 1,501Member ■■■■■■■■□□
    chrisone wrote: »
    Dont make it out to be painful, that means you dont like it and there for you shouldn't even waist your time my friend. You should enjoy and love every minute you spend learning the material you are interested in. Unless you are forced to study it i guess.

    I think you are misconstruing my intent with that statement; I've been looking forward to this experience since I started in information/cybersecurity. "Painful" references the "mind-wracking" to come. People who know me personally understand how driven I am to succeed and how ready I am to engage in courses of this magnitude.

  • the_Grinchthe_Grinch Posts: 4,123Member ■■■■■■■■■■
    phoeneous wrote: »
    Is python big in the pentest scene?

    Python is fairly big as you will find that a lot of tools are written in it (FastTrack is a big one that comes to mind)....
    WIP:
    Python
    Java
  • chrisonechrisone Senior Member Posts: 1,792Member ■■■■■■■■□□
    ah i gotcha! ;) it just seemed like you were depressed or sadden to crunch those hours out lol. Anyways Goodluck! should be a fun ride!
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), SANS Security West SEC660 (May), SANS Network Security FOR508 (Sept),
    Certs: SLAE, GCIA (in progress), GCIH, GXPN, GCFA
  • ipchainipchain Posts: 297Member
    phoeneous wrote: »
    Is python big in the pentest scene?

    It is pretty big. Do a 'find / | grep *.py' in BackTrack and look at the output.
    chrisone wrote: »
    I might look into this after i finish my CCNP Security in late 2012. Defenitely have to get some PEN testing experience/studies under my belt for security purposes. Thanks for the information and guidance.

    Good luck with CCNP:Security and I hope you do decide to take this course, for it's just phenomenal!
    Every day hurts, the last one kills.
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users
    the_Grinch wrote: »
    Python is fairly big as you will find that a lot of tools are written in it (FastTrack is a big one that comes to mind)....

    pytbull is another one.


    Good luck you guys. I am going to have to gather some funds up before I can take this one (maybe in the early summer I'll have it). It is on my to do list. I think all security folks need to have knowledge of both sides of the force (like darth plagrius)
  • the_Grinchthe_Grinch Posts: 4,123Member ■■■■■■■■■■
    I definitely would like to do this at some point, but this year coming up is not going to be the year that's for sure. I think I am going to take the next year to get a firm base in the various things you should know before taking this course. If I am going to shell out that amount of money, I want to know I did everything I needed to prior to get the most from the course and to pass the first time ;)
    WIP:
    Python
    Java
  • phoeneousphoeneous Go ping yourself... Posts: 2,330Member ■■■■■■■□□□
    Is there an oscp equivalent to network pen testing?
  • ipchainipchain Posts: 297Member
    REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

    OSCP is a network pen testing course. Alternatives are SANS 560 (GPEN) and CPT.
    Every day hurts, the last one kills.
  • phoeneousphoeneous Go ping yourself... Posts: 2,330Member ■■■■■■■□□□
    ipchain wrote: »
    OSCP is a network pen testing course. Alternatives are SANS 560 (GPEN) and CPT.
    JDMurray wrote: »
    Yes. I did not finish all the labs, and I won't be taking the cert exam unless I get more lab time to complete the material and do a lot of extra studying. Unfortunately, I don't see that happening anytime in my near future.

    I should mention that the Offensive Security Penetration Testing with BackTrack (PWB) class is about application and operating system pen testing and not network pen testing. You will therefore be working with buffer overflows, shellcode exploits, fuzzing, debuggers, and generally learning how to own "root." There is very little in the way of network pen testing, and much of what there is isn't useful for, or can't be used on, the OSCP cert exam itself.

    Just something to be aware of if your interests are more in network pen testing rater than app and OS pen testing.

    http://www.techexams.net/forums/security-certifications/50001-oscp.html#post373317

    If the class is more so towards os pen testing, I assume the test is as well?
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users
    It isn't a class that's focused on breaking cisco gear and stuff. I think what ipchain means is that the class isn't focused on web application pen testing (CSRF and the like) and is more focused on things on the network (windows boxes, linux boxes, etc).
  • ipchainipchain Posts: 297Member
    phoeneous wrote: »
    http://www.techexams.net/forums/security-certifications/50001-oscp.html#post373317

    If the class is more so towards os pen testing, I assume the test is as well?

    The course deals with OS / application pen testing for the most part; however, it is still considered a 'network pen testing' course. From what I have been able to see 'network pen testing' is a broad term used to define the act of assessing and penetrating an organization's network with the ultimate goal of demonstrating risk. Attackers are ultimately after data, so finding a course solely on the 'network stuff (Routers, Switches, Firewalls, etc)' will be challenging, to say the least. OSCP/PWB covers network-based attacks such as ARP cache poisoning, although the exam is geared towards the OS / web application pen testing side of things.
    It isn't a class that's focused on breaking cisco gear and stuff. I think what ipchain means is that the class isn't focused on web application pen testing (CSRF and the like) and is more focused on things on the network (windows boxes, linux boxes, etc).

    Thanks for clearing that up - that is exactly what I meant. The PWB course does touch on two major web application vulnerabilities: SQL Injection and Cross-Site Scripting (XSS), but it isn't focused on those two exclusively. Did I mention client-side attacks are included? Yes, even though you may have your routers and switches locked down, users normally represent the biggest risk!
    Every day hurts, the last one kills.
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users
    ipchain wrote: »
    Thanks for clearing that up - that is exactly what I meant. The PWB course does touch on two major web application vulnerabilities: SQL Injection and Cross-Site Scripting (XSS), but it isn't focused on those two exclusively. Did I mention client-side attacks are included? Yes, even though you may have your routers and switches locked down, users normally represent the biggest risk!

    There are a few router auditing tools in backtrack as well as packet crafting tools and and firewall/ids testing tools. It would be cool if those are hit on but it doesn't seem to be (according to the syllabus). Still I think that (as a network guy) it will be worthwhile to see how attacks on the network look. Do they allow you to do packet captures in the test lab?
  • ipchainipchain Posts: 297Member
    Still I think that (as a network guy) it will be worthwhile to see how attacks on the network look. Do they allow you to do packet captures in the test lab?

    I agree. They allow you to do packet captures but no network-level attacks are permitted in the labs. If they were to allow you to do so, you may inadvertently break the network for all students. You are free to do those type of attacks in a controlled environment such as your home lab.
    Every day hurts, the last one kills.
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users
    REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST


    Booo!!!! Lol. Well I just repurposed my home server to be a ESXi box so I guess I will be doing those types of attacks on my own.
  • phoeneousphoeneous Go ping yourself... Posts: 2,330Member ■■■■■■■□□□
    Thanks for clearing that up guys. I wish I had time to get into pentesting at this level but my job seems to be following the voice path more each day. Maybe when these projects are done I can start doing some of my own auditing internally. Ive always wanted to learn python too! Best of luck to you guy in Jan!
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,126Admin Admin
    FYI: OSCP is for application pen testing, not network pen testing. You will be hacking into network-aware software running on end-hosts, and not into the mid-point devices controlling a network.

    And Python is very big in the hacking community that shows up at Defcon. Check out the Defcon Media Archives for presentations on all sort of hacking tools and techniques.
  • l!ghtl!ght Posts: 48Member ■■□□□□□□□□
    I am little bit confused by what I saw on the website. They say after registration you will get to download all course materials and videos, get access to labs. Then they say that class meets every Sunday. So, do we actually have to go to a class? Connect to to some virtual class? Can we study on our own with course materials? Can anyone clarify that?
    Jesus saves!
  • rogue2shadowrogue2shadow Cyber Ninja III Posts: 1,501Member ■■■■■■■■□□
    REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

    I think what they mean is each "session" (30,60,90) starts on a Sunday. Post registration you will get to choose from several start times based on your region and availability.

    Good books! I'd also throw this one in the mix:
    http://www.amazon.com/Coding-Penetration-Testers-Building-Better/dp/1597497290

    Not being a programmer by any means, this book is quickly proving to be a great supplement to this course.

  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,126Admin Admin
  • OSCP_in_TrainingOSCP_in_Training Posts: 1Registered Users ■□□□□□□□□□
    Thanks everyone for posting so much reference material and insight! I'll be starting on February 5th with 60 days and can't wait to begin. Asides from being a bit intimidated and nervous about python and custom scripts, I'm very much looking forward to the challenge.
  • NS21NS21 Posts: 7Member ■□□□□□□□□□
    I just took the OSCP exam on Thursday (the 29th - 30th) and I got word on Saturday that I passed!

    To sum it up.... Going in I had my A+, Net+, Security+, and an MCP in WIn XP. I also hold a BIT in Computer Forensics. Now that being said I had little to no knowledge of Buffer Overflows or really pentesting of any kind. I know how to write VBS scripts and a little VB .NET and batch files of course, No ruby, perl, python, or anything else. I knew how to use linux (install packages, sh script, common commands) but I would not say I was proficient in it. My experience with Backtrack has just been minor. I have looked it over and even used some youtube videos to walk me through cracking my own wifi network but never really got in-depth with it.

    That being said I pretty much learned everything I needed to pass the course from the course itself. I originally signed up for the 30 day package but it took me that long to step through the videos and the lab guide. I ended up extending it twice to a total of 90 days, I recommend doing the 90 if you can, at the very least 60. I also recommend learning to do and completing the extra mile tasks as you go. I did them my last week of time and realized that they would have helped me a lot if I did them in the first place.

    The lab itself is wondrous. I personally want more time in it even after I passed just to go through and practice more on the more advanced machines. The lab ranges from machines that you could launch canned exploits on to ones that I don't think you could get into if you had a year, and all kinds in between.

    I learned some basic perl and python as I went, piecing together examples and using the almighty Google. You will learn enough to do what you need to in the course, programming is not the main focus of the course but being able to look at a script, get a basic understanding, and change what you need to is a necessity. You will need to mind slight differences in the videos and the lab documentation between the version of backtrack they are using... I used 5 r1 but I think the videos used ver 4. If you can't find something the "locate" and "find" commands are your friend.

    Oh, Use the IRC channel #offsec, its good not only to ***** and hope someone slips a juicy tidbit or two but you may meet others that may offer a kind word or at least someone that will let you bonce your ideas off of them.

    Another tip, you get an exam try with the package, you have to take it within 30 days of the end of your lab time. TAKE IT!!! Whether you think you will pass or not!! I have read a few posts on the interwebs about people not taking it out of fear or lack of confidence. This is silly, you already paid for it you might as well take it and give it a shot, you never know!

    Oh and document EVERYTHING, your successes, your failures, your thoughts on what you see. Take screenshots of your successes as proof, take them if you see anything interesting you may want to reference later, copy and paste the terminal output for later review or when a screenshot just wont fully explain what is going on. I used KeepNote, its a wonderful little app in backtrack that lets you take notes in tree form. Remeber this course is about pentesting, and part of a pen test is providing some serious documentation, enough so that even a non-technical CEO could reproduce your work.



    If your looking into taking the course I recommend a few sites to familiarize yourself with:

    1. Online Information Security Training - BackTrack - search though this site and read everything you can on it, watch all the example videos and get an overall feel for what they do. On this note there is a public video

    2. https://www.corelan.be/ - This site has a good buffer overflow series, not really necessary for the course but may help.

    3. g0tmi1k - I referenced this blog more than a handful of times, there are some practical examples to that may help you out in your travels.

    4. http://carnal0wnage.attackresearch.com - I also ended up here a few times looking for alternative ideas.

    5. Offensive Security Forums - once you have access to the forum I recommend reading every post, but as a place to start... I suggest you look at this topic first.


    Keep in mind this course is not as much about teaching you EXACTLY how to pentest as much as it is about teaching you to learn how to. There are many times where I felt overwhelmed at scenarios not covered, you will get frustrated, you may even go insane for a bit, and you will have times where all the confidence you built up will be ripped from you and you will feel like a USER. My advice, push though it, and if all else fails TRY HARDER!
  • ipchainipchain Posts: 297Member
    Thanks everyone for posting so much reference material and insight! I'll be starting on February 5th with 60 days and can't wait to begin. Asides from being a bit intimidated and nervous about python and custom scripts, I'm very much looking forward to the challenge.

    Best of luck. Please keep us updated on your progress.

    New year, new challenge. I just extended my lab time for (15) days, so I will be getting back into action starting today. Anyone else playing around in the labs?

    rogue2shadow - What is your nick or handle on IRC? Are you in the offsec channel? Good luck everyone!
    Every day hurts, the last one kills.
  • YuckTheFankeesYuckTheFankees Posts: 1,280Member ■■■■■□□□□□
    Thanks for the helpful links!
«134567
Sign In or Register to comment.