LOL good one!

Nice and easy to follow tutorial. Looking forward to the next one about firewall evasion.

Exam was way different, as expected. Though, I didn't expect it was much harder then the previous attempt. I only got 2 shells now, and some vulnerabilities that didn't turn into shells. I skipped one of the machines on purpose and saved it for last. Figured I was going to fail anyway if I didn't get some of the others first.

I'm afraid that as this point, I just don't have what it takes to become an OSCP. On several machines everything checked out, the right kernel version, installed services. It sucks because I thought I was much better prepared this time, bought the labtime after all. Rooted almost the whole student network and some boxes on the other networks.

On my previous attempt, I even hardly practised beforehand and did better. I guess at this point for me it really depends on the machines. I had a shell on a high point machine, but couldn't get a shell on a machine that had the lowest points. I didn't sleep again, but I took some breaks. I had enough energy, and could think straight most of the time.

Now I'll be having a go at this again in maybe a month or so. I'm not sure what to learn or to practice on, considering my labtime ends tomorrow. I've learned some cool tricks today, and I could say that's what counts, but I'm just not feeling that right now. I really thought I would pass this time. Better luck next time I hope. I'll get different machines and different chances.

I respect those who passed the exam in one attempt Or actually everyone that passed it lol. I'll just accept that I still have a lot to learn, and a lot of experience to gain.

Still trying.. But it's all just dead ends so it seems. Guess I'll be failing this for the third time >_>

Thought I'd give you guys an update. Even though things are going kinda bad now, I just did my most epic privilege escalation ever Rooted one box just now, I'm saving another easier one for later. Slowly getting some points..

5:43 AM now. I guess I won't be sleeping tonight 

Got one shell. Few passwords and some interesting things on other boxes. It's not going well I'm afraid. Though during my previous attempt it took about this long to root the first box. Doing my best at the moment..

Thanks guys! Waiting for the e-mail now. Got my command shells with nmap, nikto and dirbuster ready

Hey guys,

My labtime expires coming Tuesday. But I found out that the 16th is the last day I can schedule my exam, because the Offsec guys will be having vacation starting next week. So I decided to just schedule it and suffer once again. I could have waited another 2 weeks, but it will be right before I start my new job. Also, I don't like doing it during the weekends.

So I'll just give it my best shot tomorrow. I penetrated almost the entire student network and some hosts on the other subnets, so I think I'm ready. Unfortunately I lost the notes from about 15-20 machines I rooted during my lab extension. I was stupid enough to not read the exploit code, and it wiped almost all of my files from my virtual machine >_<

But that's ok, now for sure I'll never EVER skip reading exploit code. Yeah 91 bytes for a bind shell seems small And calling a function pointer that points to the shellcode also doesn't seem harmless Though, now I can laugh about it.

Anyway, tomorrow at 4pm my exam will start. I couldn't schedule it to be sooner, but oh well. I expect things to go a lot smoother/faster, but who knows. I'll try to keep you guys up to date during the exam, if time allows it.

A lot of routers take a blank password as the default setting I think every password is successful because it doesn't need a password at all. I could be wrong though, just try to manually log in with any password, starting with a blank one first.

I thought SQL injection was becoming rare lol.

Ahh one of those true lurkers? lol


Just install backtrack and take a look at some of the enumeration tools for SNMP, SMB and SMTP. Maybe get familiar with a little bit of bash and python scripting. Though, most will be explained during the course. I should be on IRC most of the time. Good luck!

I never see any of you guys on IRC. Different nicks perhaps?

EH-Net always seems to have great prices! Good luck all 

Hey guys.

I'm wondering if anyone is currently doing the PWB course. I'm frequently on the Offsec IRC channel. So maybe we can share experiences there and learn from each other.

I bought the 15 days of lab time, and I have like 7 days left. I must say its going a lot better than the first time. I'm like hacking 3 or 4 machines each day. Starting to feel more ready for the OSCP certification retake  Man, there really is no other place like the Offsec labs!

Hi.

Just wanted to say that The Art of Exploitation is a great book! I just recently bought the Web Application Hackers Handbook, and I love reading it It's like a bible about all sorts of web vulnerabilities. Hmm I need some new books lol