EH-Net

Hello Everyone!

I have a question regarding the Offensive Security Wireless Test. You are supposed to connect remotely to the test site and use a terminal to attack the routers. I've never done anything like this before (used to the multiple selection tests) and I wanted to see if anyone that has taken the test can clear some doubts:

When you log in do you actually open a terminal and see a BT machine and work from that or do you log in and open a putty terminal and work from that?

Any help will be appreciated

Thanks in advance!

You will receive an email from offsec with instructions on how to connect to the exam machine through SSH, which will be your attacking machine.

Thanks for the response. So it will be correct to assume that I will connect to an instance of the BT machine with GUI and from then open a konsole and fire away???

No GUI, just console sessions. You can open more than one, I think I had 4 going during my test.

 esojzuir, I used 'screen' in my exam and I would recommend it :)

Good advice; I love screen. There's also the added benefit of being able to retrieve your session if you get disconnected.

Thanks for the help everyone! How can I get screen??? Is there a link you can post???

I believe it's installed by default in BT5, which is what you'll be connecting to.

Otherwise, apt-get install screen (or whatever the equivalent is on non-Debian systems)

It's pretty simple, but you should still experiment with it a bit in advance to get used to the key commands, etc. Just check out the man page.

Well I'm glad these guys remembered because I sure didn't. :P I just remember it being very quick.

Good luck on your test!

I passed the OSWP!!!!! It's a really cool and fun way to get introduced to the world of practical examinations, as I was used to the typical questions type exam.

The next project is elearnsecurity pro and then PWB!!!!

Congrats! What version did you take, 3.0? If v3, how did you like the Rogue Access Points and coWPAtty modules?

Congrats esojzuir!

I passed mine a couple weeks ago as well. I've been meaning to write a review.

Agoonie, the v3 additions were a nice improvement. v2 was always good for WEP, but it has felt dated for a long time. I thought the GPU RT generation with Pyrit was pretty slick. I have a decent GPU because I'm a bit of gamer, and it was interesting to see how that fared against the i7.

The actual exam is still v2, and I think there is still room for growth there (i.e. client attacks with karmetasploit, etc.).

Thanks for the heads up.  I figured I would take it later this year to see what they improved on.  It sounds cool so I am sure I will find the time at some point.  Did they have anything on attacking WPA2 Enterprise?  I found some people talking about it but I do not remember if the OffSec guys had anything. Meh, either way, I am going to take the new course.   ;D

Thanks everyone!!!! I took version 3 and both the cowpatty and rogue access point modules were really good, both on video and the text. You can set up and use both topics really fast. Unfortunately none were used on the test.

I tried cowpatty for the WPA but it wasn't even installed on the attack machine, so yes it's still a v2 exam, but lots of fun. I started the exam and for those weird reasons after 1/2 hour I was no able to crack my first target!!!!!!!!!!

I decided to move to the other 2 and I was done with those in about 25 minutes with all the documentation and everything. Then I took a breather and cracked the first one in 15 minutes, so in all I spent 1 hour and 40 minutes cracking, writing and getting screenshots and 2 hours setting the report.

I agree that later on they should add rogue access point and karmetasploit attacks to the exam. Maybe have 5 targets to attack and make it 6-8 hours to do the test. I really recommend this class to anyone!!!!!

No, just PSK.

I thought the upgrade was worth it. I found the rainbow tables generation, airserv/airtun, and GPS portions to be particularly interesting.

They have the v3 Syllabus online if you haven't reviewed it yet: http://www.offensive-security.com/documentation/wifu-syllabus.pdf

When I did the OSWP exam some years back my SSH sessions kept dropping, but perhaps because I had a two or more concurrent sessions and I think there was some latency in my connection.  I think "doing" the attacks isn't what consumes time, but rather the documentation.  One of the most fun exams I've ever taken though with that thrill-of-the-hunt.

I got a copy of the updated course when it was released, but I haven't gone through it yet.  That said, I'm of the impression there's no coverage on 802.1X attacks.  I would really welcome that since it'd make the course much more applicable to enterprise networks.