DAY 28

Rooted 2 more servers. But the big news is, I got the network key for the IT Department !!! There it was... I grabbed it and inserted it !!!

SERVERS ROUTED : 21

Got to say that this is one of the best threads about the OSCP on this forum. The blow by blow account is great!!!! As soon as I have finished moving house I plan on doing the PWB training!

Not sure I have the brains to do the cert but the training sounds great!

I try to read as much as I can to know about tunneling now.

The OSCP is extremely frustrating in not guiding you where you should learn what. They only show you what you 'can' do and then it's up to you.

Ok, thanks OSCP, you showed me this now, and I understand what you're doing, but I have to learn more about it. Where and what should I learn exactly ? Oh.. try harder. There you go. Well I got some reply to you: fuck you too.
 


That sucks. Bigtime.

If I had knew, I would not started the lab before I would have read other books and done more experience. I would like to know if real newbies unexpierenced hackers really succeed in the test on the first try.

It's frustrating. While I am hacking myself true the lab succesfully, I'm frustrated in the pain it needs to figure things out myself without having some guidelines that are more than 'showing you what can be done'

Hacking is every time different, and how can you learn it by only seeing 1 example and then basically they tell you to go fuck yourself ?

As you can read from my post. I'm kind off sick of googling around and reading stupid blogs to try to learn something more in depth.

The course gives you the fundamentals. It's up to you to take it to the next level.

You're right, you can't learn or master anything from just one example. That's what the lab is for. Practice on it, make mistakes, learn from your mistakes. More importantly, expect to spend a lot of time doing research outside of the course material if you intend to hack into all the machines in the lab and pass the exam challenge.

That puts the servers rooted on 22

Not sure what blogs you're reading. There are blogs geared towards penetration testing written by professionals. You can always just read RFCs and white papers.

You're killing me, dude. If you just want walk-throughs of how to exploit systems, hop on SecurityTube and watch the videos. There is no shortage of that type of instruction available, and that is not remotely the purpose of this course.

What do you think a real pen test is like? Do you expect to be able to walk into an organization and completely understand how everything is configured, how their custom in-house applications work, etc., right off the bat?

You're currently working on what, 40-50 systems over 90 days? Try hundreds or thousands of systems over five days. There's always going to be weird stuff you've never encountered before, and you need to be able to adapt and get acclimated to that environment quickly. That gets stressful while dealing with fast-approaching deadlines. You can't just stop when you're burned out and return to a troublesome system after taking a weekend off.

While some of the non-standard configurations in this course are frustrating, there's probably more of that in the real world. Try dealing with NAC or other controls that'll shutdown or temporarily disable your switchport if triggered, or users (surprisingly) taking their system to IS when an exploit unexpectedly triggers an AV alert. Try adding the complexity of things that break after being subjected to a basic nmap scan; I've yet to visit a client that provides "revert" functionality (unless you count rebooting the system after yelling at the tester).

This type of work is rarely easy, things rarely go as expected, and you're never going to master everything. You can view this as challenging or frustrating, and I think your perspective will really determine how far you'll go professionally.