Need a project - Found a project! YFZblu's OSCP Thread

Muhammad Abaid

Just Read all post............................... Ahhhhh I am dam exited to take this in OCT 2014.. Please do send your experience YFZblu

YFZblu

All, I sincerely apologize for dropping off the face of the map - Besides the stress I documented in this thread, I ended up getting swamped with travel requirements and had large unplanned projects dumped on me at work. I have never flubbed on a certification track like this, so I'm a little embarrassed. I'm typically much more focused.

Anyway, I'm in the process of finding a seam in my schedule to extend my lab time out. Again, I apologize to those who subscribed to this one. I'll keep you all posted.

NovaHax

Its a tough course man. Don't get discouraged. Its not about finishing the fastest...just finishing. You'll get there.

YFZblu

So last night I extended my lab time for 15 days and I'm feeling motivated. I'm going to spend today and tomorrow reviewing the beginning of the course to where I left off - After that I will start posting more updates on the content of the course.

YFZblu

I almost forgot to mention - it is possible to extend lab time after the initial lab time ends, which is what I did. It cost $150 to extend for another 15 days.

YFZblu

On the 19th I restarted all of my material - I'm going to need another day or two before I get back to where I was (buffer overflows). I have added the videos to my studying this time around, and it helps greatly. I didn't watch any videos previously.

yzT

I got a question about the OSCP. Do they really teach you everything from the basics? Or is it more a run this and this tool to achieve this and that?

Master Of Puppets

From what I know, they only push you in the right direction. They explain some stuff but it is nowhere near "run this tool using these steps to achieve this result".

Also, you are taught to not rely on tools. You learn to do things the real way - manually. This is why you are not allowed to use tools on the exam and the ones you are allowed to work with are very limited.

I think they start from the basics but they don't hang on every detail. Things move fast. It is probably best to be familiar with some of the material before you start(for maximum results).

And now it is time for someone who actually has experience to confirm/deny my assumptions

tprice5

Subscribed .. keep it coming.

wes allen

yzT wrote: »

I got a question about the OSCP. Do they really teach you everything from the basics? Or is it more a run this and this tool to achieve this and that?

The materials provide a framework for you to explore and learn about Pen Testing, from initial enumeration through to report writing. They give you some basic exercises to help you understand a topic, but you will need to do a lot of research on your own once you hit the labs. You will use windows GUI and CLI, Linux CLI, some bash/python/ruby/C, many different tools, and a lot of time with Google. There are some great reviews on this site and the web that will give you more details. Just be ready to commit a significant amount of time.

NovaHax

Master Of Puppets wrote: »

And now it is time for someone who actually has experience to confirm/deny my assumptions

Couldn't have said it better myself. What Master o' Puppets said

YFZblu

yzT wrote: »

I got a question about the OSCP. Do they really teach you everything from the basics? Or is it more a run this and this tool to achieve this and that?

It sort of depends on what you believe 'the basics' are - If I wasn't already familiar with navigating/using Linux, scripting, and TCP/IP, it would be extremely difficult to digest the course material. Additionally one of the first things OffSec communicates to the Student is that LOTS of study time will be done outside of the official course materials. It strikes a really nice balance between providing the necessary information, while pushing the Student to 'try harder' and fend for themselves.

But to be sure, a certain baseline (Linux, scripting, TCP/IP) should be in place in order to get maximum benefit.

YFZblu

Update - I'm just about caught up to where I left off before. I'm planning a legitimate 'update' post tomorrow.

JoJoCal19

YFZblu wrote: »

But to be sure, a certain baseline (Linux, scripting, TCP/IP) should be in place in order to get maximum benefit.

I've seen this called out a lot on these forums and elsewhere. It would be awesome if someone were to do a quick list of the topics and level of knowledge with each that someone should have before going for OSCP. I have the eLearnSecurity Student v2 course and was wondering if that would be good enough of an intro. It's got a good networking section and a C++/Python section. As well I have pretty basic Linux knowledge.

YFZblu

^ I'd be willing to do that, but I need to get through the coursework first.

That said, it sounds like you have solid coverage that would allow you to take the course and do well. The course teaches core concepts, without wasting much time on the very basics; it's not expected that the Student knows the basics for every topic, but it is expected that the Student is willing to bust their butt getting up to speed by using resources not included in the class.

EngRob

Update??

JoJoCal19

Bueller?

LionelTeo

Hi everyone,

I had been download VMs and start playing around my personal lab, ideally in 3 months time going for my OSCP course. Here is what I had to share.

1) MagicTree
This is really much useful than metasploit db nmap. First being GUI, and next being able to generate a report out. To use it, simply open the xml file generated by nmap and it will display all the information you require in clear manner

2) Banner Plus and Super Nmap Script
While reading the hackers playbook by peter kim, he had a really awesome nmap command inside that allow you to map the entire range of ports in less than 15 mins.

To use this, you would need to download banner plus by HD moore

The nmap command as follows
nmap --script /usr/share/nmap/scripts/banner-plus.nse --min-rate=400 --min-paralleism=512 -p1-65535 -n -Pn -PS -sV -O -oA /opt/report <IP CIDR>

3) Auxiliary Scanner and specific banner grabbing tools are your friends

Sometimes, nmap cannot get you the exact version of the service and ports. Therefore, you would require more information form this ports. As such, you can enumerate more using metasploit auxiliary scanner and specific banner grabbing tools like smbliclient to find the exact version of the service, so you can map the exact exploit to them

4) Differentiate between OS related vulnerability and application related vulnerability


For application related vulnerability, pay attention to the banner return by banner plus. For OS related vulnerability, pay attention to port 0-1023.
I will update if I find anything more.

Have yet to cover web application enumerations and privilege escalation.

YFZblu

Purchased another 15-day extension tonight.

I really had a difficult time grasping the technical details behind buffer overflow exploitation; partially because before I started this track I was completely unfamiliar with C programming and had no working knowledge of CPU registers or assembly. To make things worse, when one researches for information on CPU registers, assembly, and opcodes, typically the educational resources for those topics are within the context of C programming. So a lot of time time in recent weeks has been dedicated to getting up to speed with C programming, and general-purpose CPU registers / CPU architecture.

So I thought I'd put something together to help others who may be tackling this course, or are thinking about it.

To be clear, C programming is not required for this course - but if you want deeper understanding going forward, it would be an amazing resource to have in your toolkit. I started with a book which acts as an extremely gentle introduction to C, and it worked well to break the ice:

Amazon.com: C Programming Absolute Beginner's Guide (3rd Edition) (9780789751980): Greg Perry, Dean Miller: Books

Once I finished, I moved on to a new project for C that I found online. It is genuinely one of the most interesting things I have seen on the internet, and I learn a ton as a I progress through it:

Build Your Own Lisp

As far as lower-level computing is concerned, understanding the very basics of virtual memory and assembly can give you a huge leg up. For that, I found a pretty great video series by Vivek Ramachandran and SecurityTube. I'll link you to video number 1, and the others are linked on the side panel:

Assembly Primer For Hackers (Part 1) System Organization - YouTube

And a resource on the general-purpose x86 CPU registers:

https://wiki.skullsecurity.org/index.php?title=Registers

YFZblu

As a follow-up for those who have no programming experience of any kind - If you're going to spend time getting familiar with a language before the course, look at Bash scripting and/or Python first as they are referenced pretty consistently in the material.

I have a solid foundation with those two, which is why I was able to focus on C instead.

JoJoCal19

Awesome info YFZblu! That's great info for those of us considering the OSCP that don't have that background.

MSP-IT

Thanks for the resource recommendations, YFZblu. C is the one thing I was/am worried about in taking the OSCP. Hopefully I can get a decent grasp on it in the next 2 months before I start the training.

Blade3D

YFZblu wrote: »

As a follow-up for those who have no programming experience of any kind - If you're going to spend time getting familiar with a language before the course, look at Bash scripting and/or Python first as they are referenced pretty consistently in the material.

I have a solid foundation with those two, which is why I was able to focus on C instead.

So if I have some programming experience (Java, C++, Assembly, Ada) from college I'll be ok? I was never very good but got the overall concepts. I figured I'd just concentrate on Python when I got around to this cert.

YFZblu

^ Considering you have experience with object-oriented languages like Java and C++, you'll probably find Python to be pretty straight-forward. You'll also want to get very comfortable working with Bash and navigating the Linux file system.

BlackBeret

For those that were looking for a syllabus to the course and want to know what's in it, http://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

The buffer overflow/exploit development section is where I spent the most time as well, and when I have free time I go back to. One day I'll pay for the lab extension and attempt the test, but with so little free time it would just be throwing money at the company. For buffer overflows, exploit, memory I found the security tube video series, specifically Assembly for Linux, Assembly for Windows, Buffer Overflows, and Exploit Research. This is well beyond the material in OSCP so if you can review it before hand, you'll be good to go when it comes up in the course. Welcome to SecurityTube.net

YFZblu

I bought a 30-day extension last night. Because of how erratic my dedication has been to the OSCP, I thought about just abandoning this thread. After more thought I have decided that while I have been unable to dedicate the time I originally planned to, this thread still documents my experience genuinely and I'm going to keep it going. Perhaps some of my roadblocks time-wise can serve as a warning shot to those thinking about running through the material without planning accordingly (like I did).

I have a few days off, and I'm going to dig in again - I'm actually going to get to it right now, so I'll post some notes and thoughts in a bit.

cgrimaldo

Keep plugging away!

YFZblu

Tonight I ran through the first post exploitation module - Really cool to see the different ways to transfer files to a compromised host - specifically when you have a non-interactive environment as is the case when using a remote shell via netcat to FTP files to the owned machine.

Specifically, using the Windows echo command to append FTP/Powershell/VBScript commands to a file, and then invoking the service to run the script. More interesting, is to use the Windows "exe2bat" utility to convert binary executables to their hexadecimal equivalent, 'echo' the hex to a file on the remote server, and re-assemble it into binary on the destination host to be run as an executable.

JoJoCal19

YFZblu wrote: »

Specifically, using the Windows echo command to append FTP/Powershell/VBScript commands to a file, and then invoking the service to run the script. More interesting, is to use the Windows "exe2bat" utility to convert binary executables to their hexadecimal equivalent, 'echo' the hex to a file on the remote server, and re-assemble it into binary on the destination host to be run as an executable.

That just blew my mind. Even though I have no desire to be a straight pentester, that's the kind of stuff that intrigues me and makes me want to pursue the OSCP. Partly for self gratification and partly because I'd like to at least have some job duties to take advantage of doing that sort of thing. Thanks for the update.

Blade3D

YFZblu wrote: »

^ Considering you have experience with object-oriented languages like Java and C++, you'll probably find Python to be pretty straight-forward. You'll also want to get very comfortable working with Bash and navigating the Linux file system.

Thanks for the advice, I planned on doing Linux+ beforehand. I'll look into the Bash scripting. It will be awhile till I get to this cert hopefully early next year. I am getting a few intro certs first.