Need a project - Found a project! YFZblu's OSCP Thread

NovaHax

YFZblu wrote: »

For this I like to visit RegexOne - Learn regular expressions with interactive examples

Awesome resource man. This is awesome.

KR34

Hey YFZblu , have a look at --> Bash Scripting 101 for Pen Testers by Lee Baird: Hack3rcon 3 09 Bash Scripting 101 for Pen Testers Lee Baird - YouTube
also check Mike website Offensive Security's PWB and OSCP -- My Experience | Security SiftSecurity Sift "his scripts" are rocks just focus on this section " Organize and pre-compile your exploits " THIS HELPED ME A LOT just download it and go through it .

wes allen

Couple of other links that might be worthwhile:

**** Sheets | pentestmonkey

MDwiki or http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504 is kinda the same thing.

Most of the bash I have been doing in the labs is really basic stuff to take a list of IP's generated by nmap/grep/cat/cut/sort then run some tool against it. Just one liners, really. I do wish I knew more about web stuff going in - like how php files work on a basic level would be helpful for sure. Otherwise it is all about finding a seam or weakness, then doing research to see what you can do with it. Enumeration of all the things is important!

Also, don't try to make things too complicated, esp. on the easier boxes. If a basic exploit that you think might work, doesn't, don't jump into trying to find some higher level one. Take some time to make sure you are doing things correctly and maybe ping an admin on IRC. Despite their rep, they will help you if you have already done your homework, put in time on the box, and can ask specific questions or ask for specific guidance. They might not give you an answer, but can help guide your research.

YFZblu

Ugh, things were crazy at work this week. It will be nice to deep dive this weekend... I still need to finish the bash exercise, I'll tackle that tonight.

YFZblu

Running through the netcat section - I got some good netcat exposure last year during my GCIH track, so this is good review.

Also, I had my first technical issue. The Windows 7 lab machine died when I attempted to close my netcat connection....then my VPN went down. Now I'm trying to re-connect, but the negotiation is failing. Going to wait about 15 minutes and try again. 1337 troubleshooting skills at play here.

YFZblu

Note for those in the future - Download the 32-bit Kali image; it's important for the buffer overflow labs later on. I originally installed 64-bit, and I'm having to re-download everything today.

YFZblu

So I reinstalled Kali, and my VPN is working properly...back to netcat

Master Of Puppets

Ha, interesting. I had no idea about the 32-bit image.

BlackBeret

That's why we said to make sure and check the forums. There's a sticky in the forums with this information and the image that was used when creating the course, so everything should work 100% with it.

YFZblu

BlackBeret wrote: »

That's why we said to make sure and check the forums.

Actually, I was the only one to bring up the forums in this thread - if you re-read it, I stated that I browsed the forums early on; at that point I had already downloaded my 64-bit image and it wouldn't have mattered.

In any event, it only cost me an hour and wasn't really an issue.

NovaHax

YFZblu wrote: »

In any event, it only cost me an hour and wasn't really an issue.

Better now than during the exam. I lost about an hour on the exam because I had been using Kali during the course, but the PWB exam required that I used Backtrack (this was during the time period after the release of Kali, but before the release of PWK). I didn't know this until I got my exam details, once the exam had already started. I spent the first hour spinning up a new VM with BTK and migrating my stuff to it from my Kali box

YFZblu

Good point!

Going back in time today to refine document some exercises I completed. I've been putting it off a bit, but I need to get into the documentation mindset for the certification challenge.

Then it's on to active recon..

ramrunner800

Hey YFZblu,
I'm going through the labs right now too. I highly recommend using a program called Shutter for taking screenshots of your progress while you go. I'd never used it before the course, but it has some pretty neat features that have saved me some time in my documentation. It's in the Kali repositories, so you can just 'apt-get install shutter' from your shell.

YFZblu

Downloaded - Looks great, thank you

Nyblizzard

Love the thread so far

YFZblu

So, I've been wrestling with my 'ping sweep' Bash script on and off, for a couple days now. Initially, this was it:

prefix="192.168.13" && for ip in {200..254}; do ping -c 1 -W 1 $prefix.$ip |grep 'from' > pingsweep.txt; done

The problem was, every time I would check the pingsweep.txt file, it would be empty. I was literally driving myself insane trying to figure this out...I finally discovered the proper way to Google this problem, and found my answer; the redirect isn't part of the script logic, it takes place afterwards (after the 'done' statement). I slowly backed the razor blade away from my wrist and continued on...Ultimately the proper way to do this one is with multithreading for speed and regex matching to create a cleaner txt file. Unfortunately I'll have to get to that later.

So yeah - I've had some growing pains scripting in bash. It's super useful (obviously), I'll definitely dive deeper after the course.

Here's the correct version:

prefix="192.168.13" && for ip in {200..254}; do ping -c 1  -W 1 $prefix.$ip |grep 'from'; done > pingsweep.txt

YFZblu

For those interested, here is my Python source for the same script:

#!/usr/bin/bash

import subprocess

hosts = []
prefix = "192.168.13."

for ip in range(200,255):
    hosts.append(prefix + str(ip))

for item in hosts:
    try:
        print subprocess.check_output('ping -c 1 -W 1 ' + item + ' |grep "from"; done', shell=True)
    except:
        pass

**Note: Like the previous example, it's important not to include any redirection in the script itself. The redirection takes place at the CLI. Example: python script.py > pingsweep.txt

Once again, since I'm not using nmap, I would want this multithreaded for speed, with regex matching to make the txt file clean. I'll likely go back and tighten all of these projects up at the end.

NovaHax

While Bash and Python can be extremely useful in your pentesting career...you aren't going to use many (probably not any) homegrown scripts for the exam. If you are giving yourself 30 days...do not dwell there too long. Take good notes and take time after the exam to improve your scripting Kung Fu. If you want to meet your deadline...focus the bulk of your time on Nmap, Metasploit, exploit script modification (from existing exploit-db scripts), and exploit development (ONLY to the extent covered in the course material......this is a deep rabbit hole that you can easily get lost in).

Hope all is going well...and hope the sleepless nights are not becoming too much... I'm cheering for you man.

**Side Note** - I know that you have your sights set on completion within thirty days. This is indeed an admirable goal and I truly hope you make it. But just so you know...there is not a one of us on here (who is familiar with the course/exam) that will judge you if you decide to extend. An OSCP who took 90 days has the same title as one who took 30 days. Most importantly, don't forget to have fun. I would imagine that you might get easily stressed with that kind of deadline. Hell, I got stressed in my 90 day subscription. Remember, you are taking this cert to embark on a career path that is a hell of a lot of fun. But only as long as you allow it to be that. Work hard, but don't forget to crack open a beer every once in a while. Cheers

YFZblu

Thanks for the encouragement NovaHax, and I complete agree with you; I spent far too much time on the scripting.

I pushed ahead through passive recon to active recon, dns enumeration, and NMAP scanning. Really great material so far, I'll post a better update when I have more to report! Just grinding through it right now

cisco_trooper

I'll be following along. I start May 3rd and have never been more excited about starting some cert studies. Seriously. Never more excited.

JoJoCal19

Hey YFZBlu, do you know offhand if you get lifetime access to the course/materials for PWK? I read the site and it doesn't state anything about that.

NovaHax

You probably have lifetime access to the materials. I still have my materials (both PDFs and Videos) from when I did PWB.

As blu had mentioned earlier though...your materials are watermarked with your student ID. So unless you plan to do some serious photoshop on every single page...don't think about redistributing if you want to keep your cert.

JoJoCal19

NovaHax wrote: »

You probably have lifetime access to the materials. I still have my materials (both PDFs and Videos) from when I did PWB.As blu had mentioned earlier though...your materials are watermarked with your student ID. So unless you plan to do some serious photoshop on every single page...don't think about redistributing if you want to keep your cert.

Good to know you keep access to the materials. I wouldn't share my material. But there's just so much info I would want to go back and refresh myself as I don't do PT for a living. I find I lose technical skills rather easy if I don't use or think about them for a while.

JoJoCal19

Oh, and I'd hate to drop $1200 to learn and go through it once and that's it.

NovaHax

JoJoCal19 wrote: »

I don't do PT for a living.

I didn't when I took this test either. I was a blue team guy (security analyst - vulnerability management and intrusion detection mostly). I got my first PT job 2 months after getting the OSCP title. This cert will help you get there if that's the direction you are trying to move.

YFZblu

This day marks 1/3 of my lab time, and I can confirm this has been extremely difficult time-wise. I have a bunch of automation projects going on at work that consume my time (and my thoughts even after work, if my code isn't working). Finding a decent amount of time to sit down and really focus has been rough.

I actually think I may have had a mild panic attack last night. I couldn't sit still, my mind was racing, and I was unable to control those feelings. Obviously that can't continue, so I'm going to take it slow and steady, one thing at a time, and if I need to purchase an extension I will.

On a lighter note, I have gotten deep into the recon portion of the coursework, and the 'poking' has begun. I hope to finish this portion today, and get started on the buffer overflow goodness - specifically, I've been looking forward to the buffer overflow module since I decided to purchase the course.

mumair

YFZblu wrote: »

I have a bunch of automation projects going on at work that consume my time (and my thoughts even after work, if my code isn't working). Finding a decent amount of time to sit down and really focus has been rough.

Man, can't explain how much this has rung true for me also. Thats been the toughest for me as well, letting go of my work related thoughts after work. My 30 days will be completed by this Sunday, and I haven't even finished the manual yet (though I'll try to by this Sunday).

Fortunately, I already bought more than 30 days lab time, so I am hoping to get more aggressive once I am done with the exercises, as it'll be more hands on from there on.

YFZblu

OK, so six days with no updates. I'm juggling about 15 things at the moment, and I'm feeling serious burnout for the first time in my career. I'm probably going to take today and tomorrow off, and I'll get back to it.

JoJoCal19

YFZblu, how's the OSCP studying/labbing coming along?

MSP-IT

It's all about accountability.