Calling all Penetration Testing with BackTrack (PWB)/OSCP students!

ipchain

@r0ckm4n - I'd have to agree with your source and Killj0y. Time is certainly easier to manage in OSCE, so you will not find yourself purchasing as many extensions as you may have purchased during PWB.

r0ckm4n

Killj0y wrote: »

I cannot speak for other OSCEs, but for me, lab time was easier to manage with the OSCE. I think for two reasons. One, I had already been through an OffSec course before (OSCP) so I knew what to expect, how to manage my time and how to study/test. Secondly, you can test more on your own time with the OSCE. I could start up my own VMs and download vulnerable software to research/test/exploit. In other words, in the OSCE course, I could study even if my lab time was over. You cannot do much of that with the OSCP course.

Now, there are certain sections of the OSCE that you will need lab time on but you will know which ones once you take the course. Again, I suggest to everyone that they should take both courses if they can. Also, don't be afraid to take either course. They are both great courses.

My 2cents.

Thanks for your response, Killj0y! I passed my OSCP exam on the 11th. It's good to hear that a lot of lab time is not needed for the OSCE. Now I just have to save up the money. I spent a lot on lab extensions and recently purchased the eLearnSecurity Web App Pen Testing course.

ipchain wrote: »

@r0ckm4n - I'd have to agree with your source and Killj0y. Time is certainly easier to manage in OSCE, so you will not find yourself purchasing as many extensions as you may have purchased during PWB.

Thanks for your response, ipchain! This is good to know and will impact how soon I could start the course.

Kylie87

[FONT=&amp]nmap is not very good for discovering the Operating System of a host when going over a VPN. Does anyone know of an alternative way to find the Operation system of a host when accessing the host over a VPN?[/FONT]

r0ckm4n

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

Did you use -O? I had decent luck with nmap identifying operating systems. You could try xprobe2.

Kylie87

I've tried -A and -O but Im not getting an exact match. I may have to go with best guess with xprobe2

Killj0y

r0ckm4n wrote: »

Thanks for your response, Killj0y! I passed my OSCP exam on the 11th. It's good to hear that a lot of lab time is not needed for the OSCE. Now I just have to save up the money. I spent a lot on lab extensions and recently purchased the eLearnSecurity Web App Pen Testing course.

No problem. Yeah I would love to hear about the eLeanSecurity web app course when you finish it. I tried to sign up in time but I missed the deal. I will probably wait till later this year to take it.

Kylie87 wrote: »

I've tried -A and -O but Im not getting an exact match. I may have to go with best guess with xprobe2

Nmap is pretty good. You may have to play with the parameters. xprobe2/P0f is ok too.

TCP/IP stack fingerprinting - Wikipedia, the free encyclopedia has a list of tools. Don't forget other TCP or UDP services that may expose information like the operating system.

r0ckm4n

Killj0y wrote: »

No problem. Yeah I would love to hear about the eLeanSecurity web app course when you finish it. I tried to sign up in time but I missed the deal. I will probably wait till later this year to take it.

I really like the course so far. I finished the slides, videos, and the guided labs. I have the challenges left and then I will take the exam. This eLearnSecurity course doesn't require the work/research outside of the course material and labs like PWB. They do provide some links to other sites for reference and more information. The way this course is, makes it easier and faster to get through.

Killj0y

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

Are the challenges/labs on virtual machines like the OffSec courses?

r0ckm4n

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

It is hard to tell. You connect to the labs through a web interface and you don't use a VPN connection. Once you click a button to enter the lab, it opens up a new browser window with the web app.

Bernkastel

Been 30 days pass on my OSCP now.

Was back and forth on the modules and the lab boxes .
Well ... i am focusing on the module now might as well clear it at one shot and focus on the lab.

Broke into a few boxes. And learning some very hard mistakes. ( dont trust everything you see )

Might go into lab extensions now i am in the IRC most of the time when i am on the weekends.

Just would like to know how have you guys been managing the time for it?

z3mms

I've registered for the OSCP course and took an initial 30-day lab access (will extend as needed). I currently have 7 years of pentesting experience and really looking forward to see if that experience have much effect on going through this course and taking the exam challenge (probably not much!). Another thing I'd like to see is how OSCP compares with CREST (another hands-on pentesting qualification I've taken last year, quite big in the UK). I should receive my PWB lab materials tomorrow and get stuck in. Wish me luck!

r0ckm4n

Bernkastel and z3mms, good luck and enjoy the course. It's an awesome course and the exam is tough.

Kylie87

Hey guys, hoping someone can help me out. One of the questions in the lab exercises ask "Are there any restricted bytes in the buffer?". I'm guessing they are referring to null bytes 0x00 ? Are there any other kinds of restricted bytes? I don't know what to look for. There are no null bytes, thats for sure.

jm0202

You will now then answer doing the first extra mile exercise.. trust me!

cym

Hi folks, anyone still doing OSCP labs? and is there any study group around for discussion on the lab machines? My current nick at #offsec is eipebpesp. Feel free to discuss.

itsgonnahappen

Another great resource post. Thanks for putting this together!

jm0202

cym wrote: »

Hi folks, anyone still doing OSCP labs? and is there any study group around for discussion on the lab machines? My current nick at #offsec is eipebpesp. Feel free to discuss.

I am interested. My nick is OS-11317.

Whook

same here nick in irc Whook

Whook

keep us posted...

KR34

Hi jm0202 & whook

My lab will start next Sunday 10-6-2013 . Any recommendation before starting

jm0202

well u will need to spend a lot of time in the labs...

wes allen

I am finishing up my first month on the course. Have to take a couple week break to move and hopefully find a new job, but will be back at it as soon as I can.

I would give a couple bits of advice, along with all the great reading on here.

Just start with Kali, not backtrack. The manual and videos are a little bit dated, so many of the commands won't work exactly as they are in the course, so might as will start working with the current versions. I started with a bt5r3 vm that I installed from the iso, and ended up having to start over due to an update the broke something with metaspolit / pearl - wasted half a day trying to fix it, before giving up and downloading the prebuilt vm. Then had a bit of trouble getting tftp or ftp or something to work right, and decided to switch to Kali. You can use kali on the test as well, so no issue there.

Keep in mind this is not a step by step course where the teacher walks around the room, shows you where to click and pats you on the back for a job well done. It is however, a great framework for you to teach yourself pen testing. The videos and lab book will get you started, but it will be up to you to actually modify and apply that content. As the material is a little bit dated, I would recommend doing the labs, then exploring that area for other tools as well. So, while the course might go over pwdump and fgdump, you might want to use wce or even powershell in the labs. Again, don't get too caught up or attached to what is shown in the courseware, and be ready to do your own research on the finer points of each section.

As for prep - I would go ahead and get your vm setup - apache, ftp, tftp, ssh, etc and know where stuff is located, like the windows binaries. Get a system down for recording your activities in the lab - you need to keep track of a lot of bits of info for each machine. I use evernote on my host laptop, and just copy and paste. Plus use windows snipping tool. Dual screens is a big help here. Also, brush up on your general linux skills.

Going from knowing that x can be done, to actually doing x in a real environment is a great learning experience for sure. Like "just pop a shell, **** the hash, break the hash, and you are good" sounds a whole lot easier then actually going through the steps without metasploit.

Even if you never want to be a pen tester, this class will teach you a lot about security - so far, it has been way more informative then all the study I did for CISSP.

KR34

@Wes allen .

Thank you , this what i was thinking about "Kali" switching to Kali when i downloaded BT5r3 and i tried to update it many errors comes up . I did the "Attack-Secure Penteration Testing " and got the certificate , the developer of the course used BT5r1 and many tools was not working specially webapp tool " W3af " so i completed the course using Kali , also i purchased " Justin Hutchens " Kali Linux - Backtrack Evolved course for quick switch from BT to Kali .Do u advice me to use the VM or Hard disk installation . So thank you again .



@jm0202

Thanks for reply back , i took 60 day's lab time and i can manage about 3 to 4 hours per day ,,,what scar me really the module 6 " Exp Dev " .

wes allen

I use a vm, so that I can use two monitors - I wasn't able to get both working under mint, so didn't try to do it with Kali, though it might be more about my crappy video card then anything else. Two monitors really helps my workflow - one external with full screen vmware player running kali, and the win7 laptop lcd with evernote, firefox and the lab guide pdf.

KR34

@wes allen

Many Thanks , already managed 2 monitors with my ATI card

jm0202

Yeah me too. So far i am ready to go the dev network