OSCP - aka: Running head first into a brick wall - a journey

TLDR: I will post updates on my progress. Each update will include a section of "quicktips" to help other students. Also, I will include progress updates as well -- This is all so that I can help pass along information.

I will be starting my OSCP journey in mid October.

I am very excited as this has been a goal of mine for many years now. I have been following the offsec guys for a long time as I have used Kali quite a bit! I remember when Kali was sort of an obscure distro ....

To add to the pressure: I am also actively enrolled in the Cisco CyberOps course in cohort 4 ..... You know because I love running head first into a brick wall ...

I plan on posting my progress, resources, and frustration here. I know there are quite a few people that follow these threads to help them prepare. I did a CEH post as well, and I like that I can help people even if in a small way. - although I am enrolled in both the Cisco course and the OSCP, this thread will be focused on OSCP.

Some background:
I have quite a few years in "IT" (10+) in many areas. Currently I am the equivalent of a solutions architect. Security is not new to me, however it is not my primary job role. I really started cramming it in when I took my CEH last year, but I am a bit rusty ... Time to shake that rust off.

I am self taught in most everything I know as I did not go to school. I learn best by jumping in ... I don't scare away easily

Motivation:
This is mostly a personal goal as I don't have a strong desire to jump into a strict red team role right away. This to me is one of the crowning achievements in my certification path. Even though I am not going to immediately shift to pentesting, my current position will benefit greatly from the knowledge I'll gain which is why they are sponsoring me. Many of our customers rely on us for security recommendations

Personal Challenges:
Even though my employer is sponsoring me, this in no way makes the my day job any easier or time consuming. So I will be cramming this in along with my day job, with the Cisco Cyber course, family time (I have children). 2 up coming vacations, and just general life stuff. I am confident I can do it. And I want to do it to prove it to those on here that it can be done even with a busy schedule.

Stay tuned for updates. I plan on posting some "prep" material

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

BuzzSaw

Redacted
ROOTED: 12

CyberCop123

BuzzSaw wrote: »

Popped "Oracle"

It was far too easy which makes me think I need to go back and do it the hard way ...

ROOTED: 12

Yea i did I the same as you I think using metasploit.

There is a python script that does the same thing with minor changes.

I may go back but for now ive just carried on

BuzzSaw

Redacted
ROOTED: 13

CyberCop123

BuzzSaw wrote: »

Quick tips: you will slowly build up a good enumeration workflow

Yea that's very true.

At first I was really beating myself up about not having any methodology but slowly it's come just naturally. I'm still very disorganised at times but generally I'm following the same process each time.

My note taking starts off good with each box, but I then start just throwing different exploits and don't note which I've tried.

Additionally, as I've enumerated more and more lab machines, I've seen the same things each time, e.g. some ports come up a lot but aren't valuable, you quickly can identify when a port is not really going to go anywhere.

So I think in that respect you start to get an instinct and an idea early on about which direction things are going in

Good work for only 3 weeks in! Keep it up

BuzzSaw

Redacted

BuzzSaw

Oh, something else fun I did ...

I took over a big white board at work that is in a common area. I'm writing my hit list on it and crossing out names! It looks cool, and is good motivation to be able to cross off names on a board the next morning after my exploits at night

CyberCop123

Hey,

As you've seen on my blog I've also had 1-2 weeks of not doing much due to general life being in the way, so I know exactly how you're feeling.

I'm similar to you, I don't mind repeating some steps. It's funny as the further I get into this, the more I look back on earlier boxes and see how poor my appraoch was, and how all over the place my notes are. So I fully expect and I'm happy to go back to some of them - especially for post exploitation, and have a better look at IP configurations, network layouts, etc...

I'm really keen to try to break out of the public network if I can.

Haha, that's funny about the white board, do your colleagues know what you're up to? I hope so or they'll start worrying about you just writing "SUFFERENCE" in massive letters and GH0ST

Keep up the good work!

Redacted

Redacted

Redacted

Keep up the great work!!!

hal9k2

@BuzzSaw My I ask you about you about your technical background and experience in pen test?

BuzzSaw

Redacted

CyberCop123

Buzz saw - was the new machine you hacked with Metasploit ORACLE?

BuzzSaw

CyberCop123 wrote: »

Buzz saw - was the new machine you hacked with Metasploit ORACLE?

I'll PM you

BuzzSaw

Redacted

CyberCop123

BuzzSaw wrote: »

ROOTED PAIN!

I dug in and rooted PAIN tonight. It was a great learning experience and probably more closely resembles a real world example.

Some Tips for PAIN:
- As with all servers, you should have write access to atleast one place in the file system
- Make sure when you are trying your exploit you know what it is actually doing ... I had to stare at C code for awhile before it clicked with me!

Updated hit list:

ROOTED 16

ALICE | MIKE | BOB | BOB2 | BARRY | PAYDAY | RALPH | PAIN | TOPHAT | DJ | ORACLE | KRAKEN | MASTER | CORE | JD | NINA

Hi Buzz,

I logged on to respond to your PM and then saw this post - well done!

This is exactly like me... I think I actually posted on my thread that it taught me to at least have a flick through the code and just see roughly how it's laid out. It's also made me want to start properly learning C as it's coming up so frequently.

Good progress, you've overtaken me though - I will have to try to overtake you or at least catch you up!

BuzzSaw

Redacted

CyberCop123

BuzzSaw wrote: »

This was the first machine I ran linuxprivchecker against.

Weirdly... me too! I'd heard about it, but I ran it.

I even stumbled through a few of the results and then sort of felt I was losing my way.

A bit like you I went back and it jumped off the page when I actually looked at the code and comments! Lesson learned

McxRisley

Just a fair warning, you are revealing a little too much about some of the lab systems in these posts. Please delete this info so that it doesnt spoil it for others and to not draw the attention of offsec, they have admins who lurk here.

BuzzSaw

McxRisley wrote: »

Just a fair warning, you are revealing a little too much about some of the lab systems in these posts. Please delete this info so that it doesnt spoil it for others and to not draw the attention of offsec, they have admins who lurk here.

there ya go ......

Might want to go chase down the 965 blog posts on the interwebs too and let them know ........

McxRisley

Just saying, you should respect the rules of this forum and Offsec. You devalue thier training by giving up too much about the lab systems.

BuzzSaw

McxRisley wrote: »

Just saying, you should respect the rules of this forum and Offsec. You devalue their training by giving up too much about the lab systems.

Sure thing -- Didnt mean to reveal too much

McxRisley

Thank you, it's ok to talk about rooting the box, you just have to avoid being too specific like not mentioning the language the exploit is in or certain tools that you used. Because a lot of times, these can be dead giveaways for those who are in the labs and scouring for hints. I know I spent countless hours searching the web for even the smallest of clues sometimes lol

BuzzSaw

** no more updates to follow **

CyberCop123

McxRisley wrote: »

Just a fair warning, you are revealing a little too much about some of the lab systems in these posts. Please delete this info so that it doesnt spoil it for others and to not draw the attention of offsec, they have admins who lurk here.

im a bit confused tbh as what has been discussed is on the OSCP forums themselves. I also feel that Buzz has been very diplomatic with his posts

Thats just my take on it

I'm pretty eagle eyed about giving too much away and only 2 days ago I emailed OFFSEC about a GitHub account which had a walkthrough for some of the lab machines