Wow that looks like a pretty sweet setup.

Funny, I have it, but it's not connected, I needed it for another PC :-)

I have 2x NVIDIA Quadro NVS450 and on the other PC it's a ATI 2640

REPORT DAY 12

So I finished doing the buffer overflow stuff twice. I feel like it's kind off important and I tried different payloads and stuff. I want to know it good both for linux and windows. Damn linux has some cool debugging tools I had no idea off, why would somebody ever pay for a program when we have anno 2012 such an amazing open source library ? ;-) Support ? Bah, if you're IT minded you shouldn't have any problems these days. I do understand for small non IT minded companies. But for the big corporations, I know how they work, and have worked with them myself for many years, they can put the right people on it and fix the problems themselves. I guess they still think : "Nobody got fired by buying IBM..."

Ok guys... back to OSCP !

This is it, I'm 2/3rd into the course and this is basically the first time I explicitly read in the manual : (not exact words, but it's how I interpret them)

"Go scan ip's in your range in the lab and try to hack them using exploits you just learned to find and use"

!!!!!!!

Let's gooooo!!! Who needs sleep ? I SLEEP WHEN I'M DEAD!!!

(probably will have to use their 'TRY HARDER' mantra from now on in the coming 9000 days or so :-)

ARE YOU KIDDING ME !!!!


2:09 AM

I JUST HACKED MY FIRST SERVER IN THE LAB GOT ROOT !!! YIHAAA

<and it's with a fun one -> a full buffer overflow with reverse bind shell!!!>

Was it one of the "low hanging fruit" or did you use a buffer overflow?

Buffer overflow with reverse bind shell.

I'm kinda happy that I used that as my first rooted box :-)

I tried first a server but I gave up after getting halfway on it. Only did a little, then I just said, let me try some other servers. then the second one I buffer overflowed it. I LOVE BUFFER OVERFLOWS!!! They are freaking cool.

I can't say if it was low hanging fruit since I only rooted 1 yet.

Played on that server for 2 hours now going to take a quick nap :-)

You guys using Metasploit for buffer over flow or manually process? I am interested in manual process.

Manual

You can't use Metasploit on the exam.