OSCP (starting 13/12/2015)

Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
I guess I'll start my own thread on the OSCP, because there's not much information about what you're really getting into with the OSCP on their website, YouTube, Google, etc. There's written reviews, but even then it's in vague terms. I think it's useful to know what you actually do in the course and what sort of experience different people have.

My background:
  • 5 years as a Security Analyst (policy, compliance)
  • <6 months as a Vulnerability Analyst
  • SSCP, CISSP
Coming into the course my TCP/IP and networking knowledge is good but non-technical, or hands on. Linux command skills are minimal. Bash scripting, Perl, Python, C, etc. is almost zero.


I'm honestly in over my head and one week in already disappointed with the lack of actual education in the videos and manual. The majority of the exercises for the first half of the book are effectively repeating the example they just demonstrated, i.e. "if we do ABC we'll get XYZ - now you try ABC and see if you get XYZ", so you're on your own educating yourself further about most topics. I'm very lucky I have a friend and colleague who've both passed the OSCP, and a penetration tester as my manager.

I'm very interested in getting involved in a study group with anyone doing the OSCP starting now for the next 3 months, an IRC channel, Skype, whatever, the knowledge acquisition would be exponential with a team based approach to this material.
«13456

Comments

  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    I've spent about 10-12 hours on a simple buffer overflow exercise in the manual and it's completely defeated me. I have absolutely no idea what I'm doing. I've read the section of the book and watched the videos half a dozen times. I've read every single thread about the exercise in the forums. I've spoken to the admins who are deliberately obtuse and told me I "lack a fair amount of background", though none of what I'm lacking is mentioned anywhere as a requirement for the course. I'm not even two weeks in and can't see a way forward.
  • coty24coty24 Member Posts: 263 ■□□□□□□□□□
    Hey man, I hope it gets better for you; I do a lot of lurking in OSCP posts and i'm going to do the course when funds materialize.

    Have you tried grey hat hacking 3rd or 4th edition? -- They have good primers on C, x86 Assembly, Python and bash.

    If that is not in depth enough try the art of exploitation. I thumbed through it and it seems like a good read.

    Resources list:

    http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Fourth/dp/0071832386/ref=sr_1_1?ie=UTF8&qid=1450964901&sr=8-1&keywords=grey+hat+hacking

    https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1450964966&sr=8-1&keywords=the+art+of+exploitation

    http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_6?ie=UTF8&qid=1450964966&sr=8-6&keywords=the+art+of+exploitation

    I don't know when I will start but if you need to bounce some ideas around in PM or IRC let me know.
    Passed LOT2 :)Working on FMV2(CHFI v8 ) Done!
  • mabraFoomabraFoo Member Posts: 23 ■□□□□□□□□□
    Sheiko37
    There are 100s of things you will learn during the OSCP course. If you are stuck on something, just move on to something else. I find the videos and pdf boring, but the Lab is a lot of fun. If I were you, I would jump into the lab and learn everything you can about all of the servers. start with nmap -p- -sV -A 192.168.x.201-254. Stay positive. Constantly being frustrated will ensure you fail.
  • leugenelleugenel Member Posts: 27 ■□□□□□□□□□
    I'm doing OSCP for 2 month now and find it to be very hard. Things moving but veeery slow. A lot of research and a lot of times I get stuck without any idea what to do next. Trying not to give up, but at times feel like give up on the whole thing. So far the hardest cert for me.
    I hope it will get better...
  • adrenaline19adrenaline19 Member Posts: 251
    Succeed or quit. Those are the only two options.

    Navy Seals are given basics requirements that are almost a joke once they start BUD/s. Eventually, it all comes down to will power for them. Same thing for you. Some people have the heart to do what it takes, no matter what, and some people look for excuses. Which end of the bell curve are you on?

    Guess you'll find out, won't you?

    Kinda awesome if you think about it. You actually get the chance to look into your very being and see what you are made of. Hopefully you don't fail, hopefully you can be proud of who you truly are. :)

    Try Harder.
  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    My issue with that attitude and the "try harder" mantra is that it entirely exempts the certification from any sort of criticism. If there's any real shortcoming of the course it's immediately denied and the criticism shifted to the effort of the student.

    It's a balance between a challenge and an education. The OSCP is comparatively light on education and more of a challenge, which is fine, it's just important to be aware of that when considering the certification.

    In terms of my progress, I've skipped the buffer overflow exercise that I was stuck on, after spending nearly a week on it. I managed to work with an admin and another student for a while on it, but ultimately their suggestions were things I'd already tried dozens of times. I did learn a few things, but can't justify the time I'm spending on it so I'm moving on.
  • adrenaline19adrenaline19 Member Posts: 251
    Everything I posted before is still quite relevant.

    Either you'll overcome or you'll quit. Pick one.
  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    Well everything I posted about that binary attitude is still quite relevant.
  • adrenaline19adrenaline19 Member Posts: 251
    Okay, explain a third option.

    You are complaining because a hard course is actually hard.

    People like you are why older generations call younger generations pussies. You thought you could just pay the money and the skills would be handed to you on a silver platter. You aren't willing to work for it. You aren't willing to lose sleep or sacrifice things you enjoy.

    You've made it clear what kind of person you are, just quit now. You can blame it on the program all you want, that's what people do when they can't make it in show business, sports, or the military. On the bright side, you'll have more time for your vidya games and Mr. Robot reruns.

    I won't waste my time reading whatever BS reply you make, because I know it'll just be some stupid justification for your lazy attitude. If you truly wanted you prove me wrong, you'd stop complaining and earn the OSCP like a champ.
  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    You are complaining because a hard course is actually hard.

    That's what you probably wanted to hear, but not what I said at all.

    The rest of your post is really presumptive and not in line with anything I've said or what I've done with the course so far. I've spent 4-6 hours a day for the past week on just one chapter of the material. You're "lazy" and "pussy" comments are childish and uncalled for. If you look to the left you'll see I already have two certifications which I think is a good start for someone with no formal InfoSec education.

    I haven't blamed the course for anything. The purpose of the thread is for anyone considering the OSCP to see a log of another experience with the course, what it covers, what you learn, what you need to know, and what the course material is like. If my experience is finding the course material thin, I consider that useful information for a potential student.
  • shednikshednik Member Posts: 2,005
    adrenaline I think you're overreacting just a tad here people are allowed to ask for clarification and vent about their struggles/frustrations while working towards a goal. I think you have joined the wrong community if you are going to carry that elitist attitude because while I understand the point you are trying to make your delivery of said point is awful at best. Just because you have dealt with some younger people who are like you describe doesn't mean everyone is like that, I don't know how old you are but it's not a good attitude to have.

    Don't you think it'd be more beneficial to give someone a small nudge in the right direction and allow them to find the answer on their own would be a better way to go about it?

    Sheiko I myself haven't taken the course or exam but I know a number of people who have one of them being sexion8 who used to frequent this forum. His post below is focused around the CEH but is completely relevant to the base knowledge of the OSCP and would be a great starting point for you. I also provided some links to the ethical hacker forum as well, this forum is a goldmine for some technical discussions but is unfortunately no where near as active as it was a few years ago. Sexion also has a number of good posts over there as well, but I can't seem to find them since he used a different name over there.

    http://www.techexams.net/forums/ec-council-ceh-chfi/35544-so-you-want-take-ceh-read.html

    https://www.ethicalhacker.net/forums/viewforum.php?f=58
    https://www.ethicalhacker.net/forums/viewtopic.php?f=58&t=9115
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Sheiko, one thing I have to ask, are you using the official Offensive Security Kali vm that comes with the course? Reason I ask is because apparently the buffer overflow stuff does not work with the 64-bit Kali images, and that's why the OffSec image that comes with the course is 32-bit.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    Just to add about the 32bit VM. If you're using the 64bit VM, you'll find yourself running into issues when you go to compile exploits to be used on the targets. I would highly recommend the 32bit VM as well.
  • JebjebJebjeb Member Posts: 83 ■■■□□□□□□□
    Mabra got a chuckle when I saw you post, I reconized your name from a User created on Brett I found yesterday or so.Were in the same lab space. I'm not too consistent at creating a dedicated account, but I use Joe alot.
  • leugenelleugenel Member Posts: 27 ■□□□□□□□□□
    adrenaline, you didn't even start yours at all but you sound like your are THE expert on OSCP. Why don't you give your opinion on "pussy" and "lazy" after you "earn the OSCP like a champ"?
    We all have jobs and families and sometimes spending days and days on a something that could've been resolved within a few minutes with a little hint from admins makes people a bit upset.
  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    JoJoCal19 wrote: »
    Sheiko, one thing I have to ask, are you using the official Offensive Security Kali vm that comes with the course? Reason I ask is because apparently the buffer overflow stuff does not work with the 64-bit Kali images, and that's why the OffSec image that comes with the course is 32-bit.



    I checked with uname -a and figured i686 is 32-bit, however it looks like I've chosen Debian 64-bit when manually setting up the VM. I've used a VMware program not listed in their welcome manual too, so now I have to copy everything from one image to the new one, what a mess, my fault though.


    To anyone starting the course who's new to virtual machines, don't use VirtualBox.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Mistakes happen to everyone. Always good to do a double (an maybe triple) check just to be sure. Let us know if switching images fixes the issues you've been having with the buffer overflow stuff.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    I've moved on from the buffer overflow, I was just spending too much time on it. I got two of the three buffer overflow scripts working so that's enough for several days on one chapter.

    ...now to be negative again. There's an exercise where they give you the code for a medium sized script, the problem is that whatever font or text they have in the manual has a different character set that breaks the exploit, what should be a "-" is actually a "–" (notice how they're slightly different). There's a thread on the official forum where people have spent days trying to get it working only to be finally told it's this one unrecognised character...

    I get when they have you re-write scripts or alter exploits, there's an educational component to that, but this feels like it's just there to **** with you and waste lab time. They give you a special Kali Linux image specific to the course, why aren't the larger scripts included in the image?
  • djctwodjctwo Member Posts: 10 ■□□□□□□□□□
    I setup the image that came with the course on VMware Fusion and it installed as what I believe is the 64 bit version (i686). I didn't manually setup the image, I just opened the "executable" and it set itself up. How would I switch to the 32 bit version if I'm using the one that came with the course?
  • djctwodjctwo Member Posts: 10 ■□□□□□□□□□
    JoJoCal19 wrote: »
    Sheiko, one thing I have to ask, are you using the official Offensive Security Kali vm that comes with the course? Reason I ask is because apparently the buffer overflow stuff does not work with the 64-bit Kali images, and that's why the OffSec image that comes with the course is 32-bit.

    I setup the image that came with the course on VMware Fusion and it installed as what I believe is the 64 bit version (i686). I didn't manually setup the image, I just opened the "executable" and it set itself up. How would I switch to the 32 bit version if I'm using the one that came with the course?
  • JebjebJebjeb Member Posts: 83 ■■■□□□□□□□
    You should be able to download the presetup Vmware image from your class info

    http://downloads.kali.org/kali-486-vm.rar

    Thats the cleaned up url from mine emails. or go direct and pick the last one https://www.offensive-security.com/kali-linux-vmware-arm-image-download/
  • djctwodjctwo Member Posts: 10 ■□□□□□□□□□
    Jebjeb wrote: »
    You should be able to download the presetup Vmware image from your class info

    http://downloads.kali.org/kali-486-vm.rar

    Thats the cleaned up url from mine emails. or go direct and pick the last one https://www.offensive-security.com/kali-linux-vmware-arm-image-download/

    The class image version installs as 64 bit, so I'm confused.
  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    I'll put it out there again, if anyone wants to start a study group on IRC let me know.
  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    Day 23 and finally something positive to report. I had three chapters of the manual and videos to complete so I decided to go back and try some enumeration on the lab devices and ended up floundering hopelessly, a lot of ports and services I'd never even heard of, searching for vulnerabilities yielded either zero results or gigantic lists of which most was probably not relevant.

    I went to a friend who's already completed the OSCP years ago and he stepped me through a simple exploit and it was immensely helpful. I'll likely be using him as a mentor for the next two months, I doubt I can do this on my own. In the "pwned" machine though I managed to copy across fgdump (after about two hours of troubleshooting FTP, not considering interactive commands and the binary option), and then managed to enumerate some password hashes, and from that successfully use John the Ripper, and given the account names I suspect they'll be of use on other machines. The first instance of momentum since starting the course.

    It's disheartening when I read people getting root access on multiple machines within the first week of the course, where I have just one (with help) nearly a month in, and I've not been light on study either, hours every night. I guess the certification attracts the kind of student who already has knowledge in this domain. I'm either well behind the average student, or maybe the certification has a very high failure rate.
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Sheiko37 wrote: »
    It's disheartening when I read people getting root access on multiple machines within the first week of the course, where I have just one (with help) nearly a month in, and I've not been light on study either, hours every night. I guess the certification attracts the kind of student who already has knowledge in this domain. I'm either well behind the average student, or maybe the certification has a very high failure rate.

    A lot of those users got some experience and they have some good programming skills others are using metasploit, etc, etc and the last part is do not believe everything you read!!!!
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • leugenelleugenel Member Posts: 27 ■□□□□□□□□□
    Same here. I pwned 2 machines in 2 weeks. Its incredibly slow for me. Hope it will get better. I avoid using metasploit or vulnerability scanner and try to do everything manually, just to get a better feel of what I doing. I feel like I'm learning a lot though... Sometimes I tried to ask admin for advice, but the answer I get most of the time is that I missed something and need to enumerate more. Now I just pick 1 machine at a time and work on it till the end - even if I have no idea what I'm looking for, I feel its better than jump from machine to machine looking for easy ones.
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    I stopped my lab, begin again next month, I will follow one suggestion I got in another thread, attack only the Windows machines because I have more knowledge of that OS and then attack only the Linux.

    Lets see if my speed increase.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    Update: I've finished the course material but left the last chapter that steps through a full penetration test, I'll come back to it. I'm spending about 4-6 hours each day studying.

    I have root/administrator privileges on four boxes and a low privilege shell on a 5th, which I'm 95% sure I'm using the right exploit and the issue is on my end with my Kali Linux or Metasploit installation, so I moved on. I'm still working with two friends who've passed the OSCP, they're not giving me answers but just helping with resources, general knowledge, syntax issues, etc. I know that will result in accusations of "spoon feeding" and "hand holding"...

    If knowledge acquisition is your goal then I highly recommend working with others through your study, there's no reason to limit yourself.

    I still have disagreements with the way the course is delivered, but whatever, it's their product they can do whatever they want with it. To quote my friend who passed the OSCP - "I knew nothing coming into the OSCP, and that's why I still know nothing now".

    If I get some time tonight I'll put together a list of some useful resources and topics I've been going through.
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Good, keep going
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • adrenaline19adrenaline19 Member Posts: 251
    If you really study the course material, you are given 5 boxes for free. I don't know where you are going wrong. I'm 3 days in and it's the most fun I've ever had of any game. I treat it like WoW or any other game and I'm loving it! Last August, I couldn't have explained I.P.'s to you, but now I'm putting boxes in the OSCP. I couldn't be happier!
Sign In or Register to comment.