Calling all Penetration Testing with BackTrack (PWB)/OSCP students!

Judging from recent comments made by some of us here at TE, it appears that some of us will be either starting or resuming our OSCP studies in January, 2012. This thread is being created as a placeholder so that we can bounce ideas off each other, motivate one another, and share our experience as we go through this painful, yet fascinating course.

A few words of advice from someone who has already started the course:

1-) Familiarize yourself with Metasploit here.
2-) Familiarize yourself with bash scripting here.
3-) Familiarize yourself with python here.
4-) Familiarize yourself with the exploit development process by going over some of these tutorials, courtesy of the Corelan Team.
5-) DO all lab exercises, even the extra miles.
6-) Divorce vulnerability scanners. You will NOT be allowed to use them in the exam, so they will be of no use to you.
7-) The use of the Metasploit Framework (MSF) is limited in the exam, so ensure you are NOT dependent on it for exploitation of different targets.

Reset lab machines prior to running a port scan on them. Run different port scans TCP / UDP, and do not rely on the standard ports used by tools such as NMAP.
9-) Lab machines exist for a reason, so do not be afraid to attack them in any way, shape or form.
10-) Think outside of the box and do additional research when necessary.
11-) Spend as much time as you can in the labs and try to pivot to other networks.
12-) When in doubt, Google is your best friend.
13-) Persistence is the key. Do not get discouraged if something does not work as expected. Also look for different avenues to attack certain targets.
14-) Document EVERYTHING. Documentation CAN provide you with the few extra points needed to pass the certification exam.
15-) Last, but not least…HAVE FUN!

Please be mindful of the NDA when positing comments in this thread. It’s OK to be helpful, but let’s be ethical and professional about it. Let the PAIN…error…FUN begin!!!

Find more posts tagged with

Comments

ibcritn

I will be registering for January 2012 time frame. I appreciate you posting some links and advice, I will check that out when I get home tonight.

I am ready for the challenge!

chrisone

I might look into this after i finish my CCNP Security in late 2012. Defenitely have to get some PEN testing experience/studies under my belt for security purposes. Thanks for the information and guidance.

rogue2shadow

Already started as of 12/10/11 (going for 90 days). This is going to be a painful one

chrisone

Dont make it out to be painful, that means you dont like it and there for you shouldn't even waist your time my friend. You should enjoy and love every minute you spend learning the material you are interested in. Unless you are forced to study it i guess.

rogue2shadow

chrisone wrote: »

Dont make it out to be painful, that means you dont like it and there for you shouldn't even waist your time my friend. You should enjoy and love every minute you spend learning the material you are interested in. Unless you are forced to study it i guess.

I think you are misconstruing my intent with that statement; I've been looking forward to this experience since I started in information/cybersecurity. "Painful" references the "mind-wracking" to come. People who know me personally understand how driven I am to succeed and how ready I am to engage in courses of this magnitude.

the_Grinch

phoeneous wrote: »

Is python big in the pentest scene?

Python is fairly big as you will find that a lot of tools are written in it (FastTrack is a big one that comes to mind)....

chrisone

ah i gotcha!

it just seemed like you were depressed or sadden to crunch those hours out lol. Anyways Goodluck! should be a fun ride!

ipchain

phoeneous wrote: »

Is python big in the pentest scene?

It is pretty big. Do a 'find / | grep *.py' in BackTrack and look at the output.

chrisone wrote: »

I might look into this after i finish my CCNP Security in late 2012. Defenitely have to get some PEN testing experience/studies under my belt for security purposes. Thanks for the information and guidance.

Good luck with CCNP:Security and I hope you do decide to take this course, for it's just phenomenal!

Bl8ckr0uter

the_Grinch wrote: »

Python is fairly big as you will find that a lot of tools are written in it (FastTrack is a big one that comes to mind)....

pytbull is another one.

Good luck you guys. I am going to have to gather some funds up before I can take this one (maybe in the early summer I'll have it). It is on my to do list. I think all security folks need to have knowledge of both sides of the force (like darth plagrius)

the_Grinch

I definitely would like to do this at some point, but this year coming up is not going to be the year that's for sure. I think I am going to take the next year to get a firm base in the various things you should know before taking this course. If I am going to shell out that amount of money, I want to know I did everything I needed to prior to get the most from the course and to pass the first time

ipchain

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

OSCP is a network pen testing course. Alternatives are SANS 560 (GPEN) and CPT.

Bl8ckr0uter

It isn't a class that's focused on breaking cisco gear and stuff. I think what ipchain means is that the class isn't focused on web application pen testing (CSRF and the like) and is more focused on things on the network (windows boxes, linux boxes, etc).

ipchain

phoeneous wrote: »

http://www.techexams.net/forums/security-certifications/50001-oscp.html#post373317

If the class is more so towards os pen testing, I assume the test is as well?

The course deals with OS / application pen testing for the most part; however, it is still considered a 'network pen testing' course. From what I have been able to see 'network pen testing' is a broad term used to define the act of assessing and penetrating an organization's network with the ultimate goal of demonstrating risk. Attackers are ultimately after data, so finding a course solely on the 'network stuff (Routers, Switches, Firewalls, etc)' will be challenging, to say the least. OSCP/PWB covers network-based attacks such as ARP cache poisoning, although the exam is geared towards the OS / web application pen testing side of things.

Bl8ckr0uter wrote: »

It isn't a class that's focused on breaking cisco gear and stuff. I think what ipchain means is that the class isn't focused on web application pen testing (CSRF and the like) and is more focused on things on the network (windows boxes, linux boxes, etc).

Thanks for clearing that up - that is exactly what I meant. The PWB course does touch on two major web application vulnerabilities: SQL Injection and Cross-Site Scripting (XSS), but it isn't focused on those two exclusively. Did I mention client-side attacks are included? Yes, even though you may have your routers and switches locked down, users normally represent the biggest risk!

Bl8ckr0uter

ipchain wrote: »

Thanks for clearing that up - that is exactly what I meant. The PWB course does touch on two major web application vulnerabilities: SQL Injection and Cross-Site Scripting (XSS), but it isn't focused on those two exclusively. Did I mention client-side attacks are included? Yes, even though you may have your routers and switches locked down, users normally represent the biggest risk!

There are a few router auditing tools in backtrack as well as packet crafting tools and and firewall/ids testing tools. It would be cool if those are hit on but it doesn't seem to be (according to the syllabus). Still I think that (as a network guy) it will be worthwhile to see how attacks on the network look. Do they allow you to do packet captures in the test lab?

ipchain

Bl8ckr0uter wrote: »

Still I think that (as a network guy) it will be worthwhile to see how attacks on the network look. Do they allow you to do packet captures in the test lab?

I agree. They allow you to do packet captures but no network-level attacks are permitted in the labs. If they were to allow you to do so, you may inadvertently break the network for all students. You are free to do those type of attacks in a controlled environment such as your home lab.

Bl8ckr0uter

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

Booo!!!! Lol. Well I just repurposed my home server to be a ESXi box so I guess I will be doing those types of attacks on my own.

Bl8ckr0uter

I've been going through this site.

Learn Python The Hard Way, 2nd Edition — Learn Python The Hard Way, 2nd Edition

Then I'll start reading my python book:
http://www.amazon.com/Learning-Python-Powerful-Object-Oriented-Programming/dp/0596158068/ref=pd_bxgy_b_text_b

Then hopefully this will make more sense:
Amazon.com: Programming Python (9780596158101): Mark Lutz: Books

JDMurray

FYI: OSCP is for application pen testing, not network pen testing. You will be hacking into network-aware software running on end-hosts, and not into the mid-point devices controlling a network.

And Python is very big in the hacking community that shows up at Defcon. Check out the Defcon Media Archives for presentations on all sort of hacking tools and techniques.

l!ght

I am little bit confused by what I saw on the website. They say after registration you will get to download all course materials and videos, get access to labs. Then they say that class meets every Sunday. So, do we actually have to go to a class? Connect to to some virtual class? Can we study on our own with course materials? Can anyone clarify that?

rogue2shadow

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

I think what they mean is each "session" (30,60,90) starts on a Sunday. Post registration you will get to choose from several start times based on your region and availability.

Bl8ckr0uter wrote: »

I've been going through this site.

Learn Python The Hard Way, 2nd Edition — Learn Python The Hard Way, 2nd Edition

Then I'll start reading my python book:
http://www.amazon.com/Learning-Python-Powerful-Object-Oriented-Programming/dp/0596158068/ref=pd_bxgy_b_text_b

Then hopefully this will make more sense:
Amazon.com: Programming Python (9780596158101): Mark Lutz: Books

Good books! I'd also throw this one in the mix:
http://www.amazon.com/Coding-Penetration-Testers-Building-Better/dp/1597497290

Not being a programmer by any means, this book is quickly proving to be a great supplement to this course.

JDMurray

Beginning Python class at Google Code University

alxx

Don't forget scapy
Scapy

https://www.sans.org/security-training/power-packet-crafting-scapy-1382-mid
Special Request: Wireless Client Sniffing with Scapy
Beginner's Guide to Wireless Auditing | Symantec Connect Community

OSCP_in_Training

Thanks everyone for posting so much reference material and insight! I'll be starting on February 5th with 60 days and can't wait to begin. Asides from being a bit intimidated and nervous about python and custom scripts, I'm very much looking forward to the challenge.

NS21

I just took the OSCP exam on Thursday (the 29th - 30th) and I got word on Saturday that I passed!

To sum it up.... Going in I had my A+, Net+, Security+, and an MCP in WIn XP. I also hold a BIT in Computer Forensics. Now that being said I had little to no knowledge of Buffer Overflows or really pentesting of any kind. I know how to write VBS scripts and a little VB .NET and batch files of course, No ruby, perl, python, or anything else. I knew how to use linux (install packages, sh script, common commands) but I would not say I was proficient in it. My experience with Backtrack has just been minor. I have looked it over and even used some youtube videos to walk me through cracking my own wifi network but never really got in-depth with it.

That being said I pretty much learned everything I needed to pass the course from the course itself. I originally signed up for the 30 day package but it took me that long to step through the videos and the lab guide. I ended up extending it twice to a total of 90 days, I recommend doing the 90 if you can, at the very least 60. I also recommend learning to do and completing the extra mile tasks as you go. I did them my last week of time and realized that they would have helped me a lot if I did them in the first place.

The lab itself is wondrous. I personally want more time in it even after I passed just to go through and practice more on the more advanced machines. The lab ranges from machines that you could launch canned exploits on to ones that I don't think you could get into if you had a year, and all kinds in between.

I learned some basic perl and python as I went, piecing together examples and using the almighty Google. You will learn enough to do what you need to in the course, programming is not the main focus of the course but being able to look at a script, get a basic understanding, and change what you need to is a necessity. You will need to mind slight differences in the videos and the lab documentation between the version of backtrack they are using... I used 5 r1 but I think the videos used ver 4. If you can't find something the "locate" and "find" commands are your friend.

Oh, Use the IRC channel #offsec, its good not only to ***** and hope someone slips a juicy tidbit or two but you may meet others that may offer a kind word or at least someone that will let you bonce your ideas off of them.

Another tip, you get an exam try with the package, you have to take it within 30 days of the end of your lab time. TAKE IT!!! Whether you think you will pass or not!! I have read a few posts on the interwebs about people not taking it out of fear or lack of confidence. This is silly, you already paid for it you might as well take it and give it a shot, you never know!

Oh and document EVERYTHING, your successes, your failures, your thoughts on what you see. Take screenshots of your successes as proof, take them if you see anything interesting you may want to reference later, copy and paste the terminal output for later review or when a screenshot just wont fully explain what is going on. I used KeepNote, its a wonderful little app in backtrack that lets you take notes in tree form. Remeber this course is about pentesting, and part of a pen test is providing some serious documentation, enough so that even a non-technical CEO could reproduce your work.

If your looking into taking the course I recommend a few sites to familiarize yourself with:

1. Online Information Security Training - BackTrack - search though this site and read everything you can on it, watch all the example videos and get an overall feel for what they do. On this note there is a public video

2. https://www.corelan.be/ - This site has a good buffer overflow series, not really necessary for the course but may help.

3. g0tmi1k - I referenced this blog more than a handful of times, there are some practical examples to that may help you out in your travels.

4. http://carnal0wnage.attackresearch.com - I also ended up here a few times looking for alternative ideas.

5. Offensive Security Forums - once you have access to the forum I recommend reading every post, but as a place to start... I suggest you look at this topic first.

Keep in mind this course is not as much about teaching you EXACTLY how to pentest as much as it is about teaching you to learn how to. There are many times where I felt overwhelmed at scenarios not covered, you will get frustrated, you may even go insane for a bit, and you will have times where all the confidence you built up will be ripped from you and you will feel like a USER. My advice, push though it, and if all else fails TRY HARDER!

ipchain

OSCP_in_Training wrote: »

Thanks everyone for posting so much reference material and insight! I'll be starting on February 5th with 60 days and can't wait to begin. Asides from being a bit intimidated and nervous about python and custom scripts, I'm very much looking forward to the challenge.

Best of luck. Please keep us updated on your progress.

New year, new challenge. I just extended my lab time for (15) days, so I will be getting back into action starting today. Anyone else playing around in the labs?

rogue2shadow - What is your nick or handle on IRC? Are you in the offsec channel? Good luck everyone!

YuckTheFankees

Thanks for the helpful links!

ipchain

NS21 wrote: »

I just took the OSCP exam on Thursday (the 29th - 30th) and I got word on Saturday that I passed!

We must have been typing at the same time as I don't know how I could have missed your post. Anyways, congratulations on the pass and thanks for sharing your experience. I will certainly check some of the links you provided.

Great job!

chrisone

NS21 wrote: »

I just took the OSCP exam on Thursday (the 29th - 30th) and I got word on Saturday that I passed!

To sum it up.... snip.....
....

Thanks! this was pretty much the area (Programming) where this exam was sort of turning me off. I totally 100% understand the programming part of this course and I am willing to study for it. However it was getting a little frustrating with all the sites and books people on here were reference as a necessity to study for this exam. I am glad to know the course covers enough for one to understand the programming concepts. I am somewhat familiar with programing myself only from writing small code on course projects when i was in college, however it was never my passion so i never went hardcore study sessions on programming, however i can understand more or less what its doing if i buckle down and trace it out.

Thanks for the review, i wil be looking further into this towards the end of 2012, but i will be picking at the topics throughout the year , learning little by little as i go.

SephStorm

I am severely tempted to try this, and sooner rather than later. I could take the time off work but obviously not enough to get through a full 30 day attempt... And the price is restrictive, since I am trying to save this year...

YuckTheFankees

How is everyone doing with the OSCP so far? I'm starting in about 2 weeks!