OSCP - JollyFrogs' tale

124

Comments

  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    Hi Kane,

    didn't realize it had a password on it, I usually password protect my files to prevent AV from reading them and deleting them.

    The password is "infected". (the file is not infected, it's just my standard password for anything OSCP related which could potentially be picked up (now or in future) as malware, so I don't accidentally copy or use it on production PCs).
  • kanecainkanecain Member Posts: 186 ■■■□□□□□□□
    Thanks!
    WGU - Bachelors of Science - Information Security
    Start Date: Jan. 1st, 2012
    Courses:
    Done!!!
  • MuggieMuggie Member Posts: 6 ■□□□□□□□□□
    Hi Jolly, congratulations on your pass. Would you happen to have an elegant SMTP VRFY python script that can run across an ip range that you can share?
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    Hi Muggie,

    I wrote such a script but if you follow the course, you will be able to write one yourself. You will learn more if you write these scripts yourself and once you have written one, and understand how it works (start small, like this script) you can reuse code for other scripts. If you are totally lost on where to start, check out the patator python script as a start, it's a pretty large script but you can butcher it and tailor to your needs.
  • MuggieMuggie Member Posts: 6 ■□□□□□□□□□
    Thanks for the response. I understand completely what you mean about being able to take more away from it by composing it yourself. I have a hacked together script right now that gets the job done, but unfortunately takes a while as well.

    I'll take a look into the Patator script.

    Thanks!
  • gui4lifegui4life Member Posts: 40 ■■□□□□□□□□
    JollyFrogs,

    Great write up. You look to be a natural!

    Question 1) Did you have any "root and loot" scripts for Linux? Your windows one looks pretty cool.

    Question 2) Your JollyFrogs Mimikatz download isn't working anymore.

    Question 3) Do you REALLY have to use the 32bit version of Kali and downgrade to non-pae for exploiting lab machines and OSCP test? What prevents me from using Kali 64?
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    gui4life wrote: »
    Question 3) Do you REALLY have to use the 32bit version of Kali and downgrade to non-pae for exploiting lab machines and OSCP test? What prevents me from using Kali 64?

    From what I remember from previous threads, there is an issue with buffer flow exploitation exercises in the 64-bit version.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • gui4lifegui4life Member Posts: 40 ■■□□□□□□□□
    If i'm done with that module exercise - I should be okay to use 64bit Kali 2.0?
  • mokazmokaz Member Posts: 172
    gui4life wrote: »
    If i'm done with that module exercise - I should be okay to use 64bit Kali 2.0?

    well the thing is that you should expect Buffer Overflow in your exam, that is clearly why Offsec is providing a PWK dedicated Kali VM.. I'd say if you're using an hypervisor just install both so you're safe.. Though i'd follow the OffSec rules..
  • SweetBabyMosezSweetBabyMosez Registered Users Posts: 2 ■□□□□□□□□□
    Gracias for the thread, JF. Excellent read.
  • OpenFerretOpenFerret Registered Users Posts: 1 ■□□□□□□□□□
    Really great thread Jolly!

    Did you do full UDP scans (ports 0-65535) on every box you could in the lab environment with nmap, and what sort of speeds to you get over the VPN connection?
  • detroitwillfalldetroitwillfall Member Posts: 85 ■■■□□□□□□□
    Pm'd you Jollyfrogs! Great thread!
  • mabraFoomabraFoo Member Posts: 23 ■□□□□□□□□□
    I don't think there is any need to do anything more than nmap --top-ports for UDP. As a test, try installing nmap on your windows vm so that you can run nmap locally, inside the lab. Some of the linux boxes in the lab already have nmap. As far as I know doing a UDP scan of all ports is always going to take FOREVER.
  • DavidEthingtonDavidEthington Member Posts: 22 ■□□□□□□□□□
  • mongrelmongrel Member Posts: 7 ■□□□□□□□□□
    Hi Jollyfrogs,

    Would you mind if I request for the Jollykatz? Seems like the link to it is not working.

    Cheers!
  • mongrelmongrel Member Posts: 7 ■□□□□□□□□□
    Like all of you guys, I finally saved for the OSCP course and I really want to pass it.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    CONGRATS JOLLY!!!! Im going to use this thread when im ready for the OSCP!
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    You know, I have not seen Jolly around in some time. I wonder what they moved on to after owning the OSCP?
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    Mooseboost wrote: »
    You know, I have not seen Jolly around in some time. I wonder what they moved on to after owning the OSCP?

    I'm still around but haven't had much time due to work commitments. I'm doing SLAE now, in preparation of OSCE. I posted a new post today on my progress with SLAE :)
  • aderonaderon Member Posts: 404 ■■■■□□□□□□
    This is such a great thread. I'm in the pre-lab prep stage at the moment and have been using this to guide my studies. Thanks for all the useful info! icon_thumright.gif
    2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Agreed. I think this thread should be individually sticky'd.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • avalon111avalon111 Member Posts: 8 ■□□□□□□□□□
    This is a terrific thread. Fantastic contributions from Jolly and everyone!

    I'm awaiting an exam result for an exam sat in early June and then, if I don't need to re-sit it, I'll be prepping for the OSCP with a view to having a first crack at the online exam next June. Work commitments this year mean I'm not getting any holiday time in 2016, but I'm likely to get some quieter time between Xmas/New Year, so I'll be able to ramp the learning up then.

    I'll be seeking to set-up my lab following Jolly's instructions.

    I'm pretty confident with the Linux side. I still have my Perl exploit scripts from pen-testing work performed in the past, but I'll likely convert them to Python. Where I know I am weak is on the Windows stuff, so I'm reading-up on that subject right now.
  • fabiothebestfabiothebest Registered Users Posts: 1 ■□□□□□□□□□
    Great job JollyFrogs. You are truly amazing. I studied a lot too and I hope I'll become OSCP certified as well. I'm currently preparing for ecppt and then after some time I'll try OSCP. Apart from your knowledge and intelligence, what I really liked is your methodology. I can study a lot in short time and I'm very multitasking although I may lose focus quickly, be less organised and more lazy than you. They are some areas I should work on. Indeed sharpening the axe before signing up for the course is a great move. ecppt will give me a good foundation, it's also highly practical and reporting is taken in great consideration as well. After that I plan to do a number of VulnHub machines, especially some of them were recommended because a bit similar to OSCP labs. I read about this in this website I think. I'll also try to make some scripts. ( I already have a couple of them I made in the past). I have a general understanding of networking, but I'm not an expert in this unlike you. I hope it will be enough, as I probably don't have a lot of time to dedicate to this. I already know the theory behind exploit development although I need more practical experience. Then finally I'll sign up for the course.
  • winona_ryderwinona_ryder Member Posts: 42 ■□□□□□□□□□
    This has been a very helpful thread
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    Every once in a while someone emails me, they typically ask if I'm still alive (I am!). After OSCP I've been busy with SLAE and OSCE, and I'm currently studying the SecurityTube Forensics course and the SANS course GXPN, as well as doing research on two (red team) topics.

    I saw the jollykatz files timed out on the original upload location, and TE doesn't allow uploading the zip file (probably because it contains .exe files), so I've uploaded them to this permanent location. The jollykatz_xp is compiled slightly differently, so if the other version doesn't work, the XP version might (specifically on Windows XP service pack 0 machines. The zip file has no password, and I've just scanned all 4 files with Avast and all files are still FUD.

    https://www.jollyfrogs.com/tools/jollykatz.zip

    Please note: jollykatz is just a simple recompilation of the mimikatz tool with the aim to make it FUD. All credit goes to the creator of Mimikatz.
  • adrenaline19adrenaline19 Member Posts: 251
    Jolly, you are good people. Keep fighting the good fight.
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Impressive to say the least Jolly.
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    Securitytube seems to be a foundation for success with regard to Offensive Security. Definitely will put it apart of my deep study in preparation.
  • liz4rdliz4rd Member Posts: 51 ■■□□□□□□□□
    Great thread. I started my 90 days last week. Currently working through the exercises first before attacking the lab.
  • khaledit2015khaledit2015 Member Posts: 42 ■■■□□□□□□□
    good luck did you passed
Sign In or Register to comment.