Finally starting the OSCP!

Maximlocke · January 2017

Good luck on the job bro. Id love to know how easily people pass OSCP who have worked in the field a little while

McxRisley · January 2017

So Last night I managed to root PAIN!!!!! I spent probably close to 6 hours on it, an hour of which I probably could have saved since I thought my exploit wasn't working when it really was. When I noticed that the exploit had worked, I jumped up and did a celebration and then cooked some steaks (yes I really did this lol). This was a really fun box but not the most satisfying one that I have completed. So far I would rank BOB as the most rewarding box for me personally.

As for the box I mentioned yesterday that I couldn't remember the name of, it was RALPH. RALPH was another great learning experience as well, while there is more than one way or even 3 ways in some cases to exploit these boxes, the way I exploited RALPH was very interesting to me. Something I have realized throughout the course is, you can have all of the scripting and coding experience in the world but that is not enough for this course nor is it necessary. So many people get caught up in this aspect of it and I feel like its a very deep rabbit hole that should be visited after the course. This knowledge will help BUT the big thing about this course is knowing what to look for and trust me, you will have many moments where you spend hours on a box and then something pops out at you that you never even thought of looking at or trying. If you don't know to look for it, you will never see it. But the lesson here is that once you do notice these things and figure them out, you will never forget to check for it again (hopefully lol).

Pwnd Box Names
Alice
Mike
JD
Barry
Phoenix
Bob
Payday
RALPH
PAIN

JohnnyBg · January 2017

Thank you for sharing your experience!

I'm starting with OSCP this weekend, I'm excited about it

McxRisley · January 2017

Well I'm back with another update and I don't have a whole lot to report on today but here it goes. I spent many hours enumerating a certain box that I have previously pwnd and have found may way into another box (I am not listing those names here so that it does not spoil it for those who have not yet noticed this connection in the labs). I'm hoping to get this exploit going and pwn the box I have discovered today after work.

UPDATE ON RED TEAM POSITION
So I finally got a call back today and although I didn't get the job (yet), I did get what I consider to be somewhat good news. They said that lots of people in enroll in the PWK course but very few actually achieve the OSCP cert. They also said that IF I earn the cert then they would definitely be interested in speaking to me further about the position. So needless to say this has further stoked the fire under my ass and changes my plans for the course up a bit. My new plan as of right now is to pwn 30+ boxes in the labs ( these 30 boxes will include all of the boxes that are considered to be the most difficult) and take my first crack at the exam with hopes of passing. If I don't pass, at least I will have an idea of where I stand and what I need to work on. I'm switching gears and cranking up my effort from 100% to 200% from now on. I've been in this exact same situation before when I was trying to get my first job in infosec. I was told "You don't have your security+? Come back and talk to us when you do." I WILL earn this cert and I WILL get this job, mark my words...

p@r0tuXus · January 2017

I'm really "rooting" for you, mainly because I plan to follow your approach with the certs and hope to be on a red-team one-day soon also. I'm hoping the "who you know" will compensate for a lack of a degree. Congratulations on your successes so far, your thread has been fun to read!

josephandre · January 2017

This has been my favorite OSCP thread outside of jolly frogs.

Very fun and encouraging read. Good luck. In the course, the exam and the job

Dr. Fluxx · January 2017

McxRisley,

Can you post the link to the hacking udemy courses because I have two of them that are in my baskets to purchase I just want to make sure they're the right ones.

I'm just as determined As You Are the right now I'm doing a ton of preparation beforehand

McxRisley · January 2017

So I'm back and its been a looooooooong weekend. I spent all weekend in the labs and managed to take down 5 more boxes. I have noticed that they are starting to become increasingly difficult for me. Now for those wondering how I go about selecting my targets, I had the whole initial lab scan plan and all that but I have just been going down the list IPs that I discovered in order. I know everyone has their own methodology on this such as picking out the low hanging fruit first, but this is how I decided to do things. I did have a slight issue over the weekend though, I installed veil-evasion on my student VM and this pretty much broke certain features of metasploit that were needed for the course. After spending over an hour talking to an admin, we decided that the best thing for me to do was just re-download the student VM and use that. This is where KeepNote really shines, you can attach files within KeepNote. So I attached the necessary files to folders in KeepNote, threw the backup on dropbox and pulled it down onto my fresh new VM and I was good to go. Needless to say, I have been learning A TON in throughout my time in the labs. I have decided to spend a little bit of each time reviewing my notes from the lab machines just to keep the methods and processes fresh in my head. I will say that of all the things I have done in the labs so far, a technique that I learned last night from a fellow student was probably the most interesting and coolest thing I have done yet. We have dubbed this technique "The Inception Shell". If you are curious as to what this is or how it is performed, I cannot disclose that as it is needed for one of the lab machines. If you're a current student, when you get to this box in the labs and go to the forums, you will notice other students talking about a similar method. I wish I could say more as this is an awesome technique but unfortunately I can't

I also scheduled my first exam attempt for 8:00 am on March 5th so the pressure is on! LOL In all honesty I have done my best to remain positive throughout my time in the labs but sometimes it's hard to fight off that voice in the back of your head that's telling you that you may not be able to do this. Make no mistake, the test has me worried, but I will do my best. If I don't pass on the first attempt, at least I will be able to gauge where I am at and what I need to work on.

About the two Udemy courses I took, unfortunately I am at work at the moment and cannot access Udemy for some reason but the two courses I took were by Zaid Sabih. They were "Learn Ethical Hacking From Scratch" and his web app pen testing one which I can't remember the name of at the moment.

Pwnd Box Names
Alice
Mike
JD
Barry
Phoenix
Bob
Payday
RALPH
PAIN
Alpha
Pedro
Beta
Bethany
Mail
Left Turn

tedjames · January 2017

Dr. Fluxx wrote: »

Can you post the link to the hacking udemy courses because I have two of them that are in my baskets to purchase I just want to make sure they're the right ones.

Just do a search in Udemy for "Zaid Sabih." You'll find all of his courses.

You'll probably want "Learn Ethical Hacking from Scratch." He has a few others.

Dr. Fluxx · January 2017

Thanks guys.

These are the 2 that I have on tap:

Learn Website Hacking / Penetration Testing From Scratch
Learn Ethical Hacking From Scratch

McxRisley · January 2017

So it's been a few day and the PwnFest continues! I've managed to pwn 4 more boxes so far this week, three of which were GREAT challenges and I learned a lot from. The three that I thought were really are Gamma, Dotty and Sherlock. The 4th machine was Tophat and it literally took me five minutes to root that system. i have been getting better and better at privilege escalation throughout this course and I would to mention to tools that have proved invaluable to me during time in the labs: linuxprivchecker.py and windows-priv-checker. These 2 tools automate all of the checks for and spit it out into your terminal, VERY VERY handy. Of course don't get the impressions that these tools escalate privileges for you because they don't, they merely do all of the recon for you. You still need to know what to look for such as: misconfigured services, weak folder permissions ,etc.

I have set a goal for myself to try and get at least 1 system a day and so far I have managed to do this. On work days I'm usually able to finish one box and get started on another. On the weekends I'm averaging two boxes a day, sometimes three. Hopefully I can keep up this pace and hit my goal of at least 30 boxes pwnd before my exam on March 5th.

Pwnd Box Names
Alice, Mike, JD, Barry,Phoenix
Bob, Payday, RALPH, PAIN, Alpha
Pedro, Beta, Bethany, Mail, Left Turn,
Gamma, Tophat, Dotty, Sherlock

McxRisley · January 2017

The weekend has passed and once again I'm back with another update. This weekend was a VERY productive weekend for me in the labs. I managed to pwn 7 boxes this weekend, 5 of which I took down on Sunday. The most challenging of these 7 boxes was easily gh0st. gh0st is a very unique system because it is not really a technical challenge, it is more of a mind game/trolling challenge. Although this box probably has no application in the real world, it still teaches some valuable lessons. The other 6 boxes that I took down really weren't that much of a challenge for me, but then again what is easy for me may prove to be quite difficult for others and vice versa. My efforts this weekend has put me up to a grand total of 26 boxes pwnd. At this point I am WAY ahead of schedule and should easily achieve my goal of at least 30+ boxes before taking the exam. I am actually planning to make it to the mid 30s by the end of this coming weekend.

Pwnd Box Names
Alice, Mike, JD, Barry,Phoenix
Bob, Payday, RALPH, PAIN, Alpha
Pedro, Beta, Bethany, Mail, Left Turn,
Gamma, Tophat, Dotty, Sherlock, DJ
gh0st, Susie, ORACLE, Help Desk, Kraken
Hotline

JohnnyBg · January 2017

Thank you for sharing the experience, incredible OSCP thread.

I started the course last week and feel a little overwhelmed... any advice from your experience?

McxRisley · January 2017

Join the TechExams discord channel at https://discord.gg/AQwaeGf

The channel is growing nicely and there are lots of good resources listed along with current students who can help nudge you in the right direction if you need it.

Dr. Fluxx · February 2017

Is this exclusive to OSCP students only?
What about those who are in pre exam prep stage?

luger · February 2017

Dr. Fluxx wrote: »

Is this exclusive to OSCP students only?
What about those who are in pre exam prep stage?

You're more than welcome to join.

Dr. Fluxx · February 2017

luger wrote: »

You're more than welcome to join.

Thanks!
I will definitely be there.

McxRisley · February 2017

It has been over a week since my last update and I am happy to announce that I have reached my goal of at least 35 hosts including the 4 hardest ones(pain,gh0st,sufferance,humble). As of last night I took down my 35th host which leaves just a couple of hosts left in the public network. Although I hit my goal last night, that is not what I am most proud of at this moment. What I consider my greatest achievement in the labs so far is taking down humble. Humble is a BEAST and has numerous hurdles within it, just when you think you are finished.....nope, still another step left. Humble taught me a lot and one of the things that made it so difficult was the nature of the privilege escalation and the fact that no other host in the labs will prepare you for it.

Another really good system that I would like to mention is the exploit database system or also known as punchout(for this current version).
For those of you who don't know, the exploit database machine is the only system in the labs that is not static. Meaning that every few months offsec completely changes the system. This one was even more of a puzzle than ghost and one that I thoroughly enjoyed. I am hoping that thi host changes before my lab time is up so that I can take a crack at the new one. I have also discovered the other networks recently and have begun poking around and messing with port forwarding and tunneling, which is my weak spot.

One very important lesson that I have been learning as of lately is the need to thoroughly read through any exploit that you use. This is something that offsec tries to teach during the course but you will hit a wall very quickly if you don't actually do it. Now I am now programmer and my scripting skills are almost non-existent but I am able to read through exploits and find things that may not work or need changed at this point.

At this point I'm hoping that I can push my hosts numbers into the mid 40s before my exam. I am also going to be focusing on writing buffer overflows for a couple of the machines in the labs just to get some more practice in before the exam.

Pwnd Box Names
Alice, Mike, JD, Barry,Phoenix
Bob, Payday, RALPH, PAIN, Alpha
Pedro, Beta, Bethany, Mail, Left Turn,
Gamma, Tophat, Dotty, Sherlock, DJ
gh0st, Susie, ORACLE, Help Desk, Kraken
Hotline, Sufferance, Joe, Punchout(EDB), Humble
Timeclock, Sean, FC4, Core, Kevin

p@r0tuXus · February 2017

McxRisley wrote: »

I am hoping that this host changes before my lab time is up so that I can take a crack at the new one.

And this is why I love your thread!
Congrats on your success and I hope it continues.

JoJoCal19 · February 2017

Awesome!

Dr. Fluxx · February 2017

Its really fun following the journey.

hopes · February 2017

McxRisley wrote: »

Join the TechExams discord channel at https://discord.gg/AQwaeGf

The channel is growing nicely and there are lots of good resources listed along with current students who can help nudge you in the right direction if you need it.

Hi, you're doing a great job there. Congrats.

If allowed, I'd like to join the channel (I'm currently doing some pre-course training but I plan to start PWK within a couple of months).
Clicking on the above link I get an invite not valid/expired message.
Thanks

McxRisley · February 2017

Hey guys, It's been awhile but I am back with another update! at This point I am sitting on 44 hosts, inlcuding all but one from the pub network and the entire admin network. This is what my new goal was and I am happy to have made it this far. I havent been doing much attacking this last week as I have been writting my report and getting it all ready to turn in after my exam. I have also moved my exam date up to this Sunday and will begin at 11 am my time. Also I took and passed the CEH yesterday, what a joke..... anyways back to things that are relevant. This will most likely be my last update until after my exam. After my exam I will come back and give additional insight and info about my progress in the labs and on the exam.

supasecuritybro · February 2017

McxRisley wrote: »

Hey guys, It's been awhile but I am back with another update! at This point I am sitting on 44 hosts, inlcuding all but one from the pub network and the entire admin network. This is what my new goal was and I am happy to have made it this far. I havent been doing much attacking this last week as I have been writting my report and getting it all ready to turn in after my exam. I have also moved my exam date up to this Sunday and will begin at 11 am my time. Also I took and passed the CEH yesterday, what a joke..... anyways back to things that are relevant. This will most likely be my last update until after my exam. After my exam I will come back and give additional insight and info about my progress in the labs and on the exam.

YEah that C|EH is a joke. Way to GO! Best wishes and get it done!

p@r0tuXus · February 2017

I've enjoyed your thread, I wish you success and can't wait to see that "Passed!" post coming up.

JoJoCal19 · February 2017

Good luck on the exam!

Boy_Wonder · February 2017

McxRisley wrote: »

Hey guys, It's been awhile but I am back with another update! at This point I am sitting on 44 hosts, inlcuding all but one from the pub network and the entire admin network. This is what my new goal was and I am happy to have made it this far. I havent been doing much attacking this last week as I have been writting my report and getting it all ready to turn in after my exam. I have also moved my exam date up to this Sunday and will begin at 11 am my time. Also I took and passed the CEH yesterday, what a joke..... anyways back to things that are relevant. This will most likely be my last update until after my exam. After my exam I will come back and give additional insight and info about my progress in the labs and on the exam.

McxRisley, Thank you for all the updates on this. You have no idea how much this helps me. I feel more confident now.

Thank you!

Dr. Fluxx · February 2017

Good luck!
So motivated and looking forward to taking the course!

Mooseboost · February 2017

Looking forward to reading about your pass soon.

McxRisley · February 2017

Well......... I've been up for a day and a half. I sat through the whole exam with minimal breaks and no sleep. It took me 22 and a half hours to finally reach the 75 point mark not including the points for my lab report and exercises. All in all that was one tough exam. I spent the better part of 12 hours completely stumped but in my final hours I pulled through. I will elaborate more when I have had some sleep. It feels good to be at the end of this journey.....for now.

Finally starting the OSCP!

Comments