Skyyyyy2001 wrote: » thank you for the post, very motivating. do you have any specific guidance for each topic? any blind spot we need to be aware of?
Moldygr33nb3an wrote: » You should be well equipped for the OSCP then, friend!
chrisone wrote: » I have 28 hours left of lab time on the PTP course. I wonder if they can transfer them to other courses? If not I will just practice the labs here and there until the time runs out.
Naruto985 wrote: » Congrats Chrisone on completing PTP. Good luck with oscp
Naruto985 wrote: » @Chrisone, Just started PTP study material. And first module is assembly level programming many things are going above my head. Did you refer any other source for assembly level or buffer over flow. This is important as it will appear in OSCP and i guess more in OSCE so i want to study it properly. I dont mind studying 100 times but i want to be confident about this part. I have absolute no skills on c programming and C++ Hope your OSCP study i going well Regards
humanbean wrote: » Congratulations. I am utterly stuck on the exam at the moment. I set up a separate windows XP vm but cant crash the application. Script and everything else is fine and have all the necessary information. I looked over all the material + online resources and I cant understand what is wrong. I am thinking the exam itself is bugged.
chrisone wrote: » In all honesty the system "exploit development" portion of the course WILL take awhile. Especially if PTP is your first pentesting course as it was for me. I want to say it took me like 3-4 reviews of that entire module, some youtube videos, website tutorials, and practice to finally start to get it. Granted I was busy with some linux LFCS studies, mixed in with the security onion development project I had going on at work, but it took me several months to really understand the system module. The idea with the system module that was a little hard for me was that there was no step by step lab manual. It is basically just the system course module and then VPN access to a windows XP host with the materials you need to practice. It isn't a structured step by step lab manual like the other labs. Therefore, since I was babied and reliant on the step by step lab manual approach, when it came to the system exploit development practicing, I just didn't want to go through it, I wasn't even motivated, it wasn't handed to me on a platter. I actually had to do some research! What finally pushed me over the hump was, I finally set up my own windows XP vm and followed the systems course module and setup my own environment. Then I followed all the examples and tried to replicate them on my windows XP. After doing this 3-4 times, the picture started to become clearer. It took me a few tries and attempts trying to understand the python scripts that help send the shellcode or payloads to bof the apps. They provide you with the code but you will need to adjust the python scripts to your bof and that wasn't really being clear to me. It took me a while practicing and trying to understand that portion. But after some time of practicing and seeing other online tutorials, I started to see similar patterns and I started to understand little by little what the python scripts were doing, how they are sending your payload, and how to manipulate the python code. Its bad enough one needs to understand how BOF, stacks, assembly lang (architecture), all come in to play here, but now I was stuck trying to figure out how the python code/script works in order to send my payload / shellcode. So it was like, ok I just figured something out. I just learned the concept. Let me go to my VM , load up the app, and send my bof. Oh wait, how do I send this again? oh wait, where do I put this in that one python script again? ah damn it....this isn't working, my python script is not right. It takes practice, practice, practice and yes its good to see others online show you (tutorials, youtube videos) etc. Here are some tutorials in order to follow along. "Do yourself a favor, get a windows XP vm and practice locally on your desktop, without wasting your lab hours"Mad Irish :: Writing Windows Buffer Overflows0x0 Exploit Tutorial: Buffer Overflow – Vanilla EIP Overwritehttps://www.exploit-db.com/papers/13147/https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ I leave it up to you in order to find the youtube videos, there are plenty. Just watch them, you will start to see a pattern. Part of this journey is learning how to do a little research. -Chris Edit: Regarding OSCP. Its been two weeks and I have gone over all the PWK PDF. Because of my eCPPT journey and spending over a year on and off finally truly being able to dedicate time to eCPPT, I understood everything in the PWK course. Yes the PWK leaves a lot out, and I get where you have to try harder and part of that is your own research however a lot of that was done during the eCPPT studies. I still have to go over some stuff and sharpen the edges but I was not shocked or baffled at certain topics. I was introduced to some new creative ways of pentesting but I was able to understand and comprehend what PWK was attempting to do. I will need to practice it and apply it but I am not breaking my head trying to figure out why or what they are doing. I am hoping by mid august I pass the OSCP. Take the entire month of September off from studying and jump into CTP OSCE in October.
johndoee wrote: » :)That was funny
chrisone wrote: » @humanbean The exam works fine. Hopefully before taking the exam you had a working WINXP enviornment you were using to successfully BOF'ing similar scenarios from the course materials. Doing a remote BOF is difficult if you do not have access to the application in order to load it into a debugger to analyze. My first step would be to locate that app somewhere in order to analyze it with a debugger.
