My OSCP journey...

[sternone]

thanks for the advice, I finished these books :

Metasploit - the penetration tester's guide
Practical Packet analysys

I'm currently reading :

The Web Applicatino Hacker's handbook

I'm also extending the lab for 90 days.

This trip is going to take much longer than I anticipated, mostly because of the huge workload of learning stuff on your own, you guys have to admit, the OSCP is all about the lab, it has less to do with learning from the videos and the pdf's. I see them more as a 'practical example' of theoretical stuff you have to learn on yourself. I wish I knew it before so I could have digged the books before I took the OSCP plunge. For that I would say their text what you should know before the OSCP is kind off misleading.

That might explain why almost nobody passes the test the first time.

[cd1zz]

Almost nobody passes the OSCE the first time. OSCP has a higher success rate the first time around.

[azmatt]

thanks for the advice, I finished these books :

Metasploit - the penetration tester's guide
Practical Packet analysys

I'm currently reading :

The Web Applicatino Hacker's handbook

I'm also extending the lab for 90 days.

This trip is going to take much longer than I anticipated, mostly because of the huge workload of learning stuff on your own, you guys have to admit, the OSCP is all about the lab, it has less to do with learning from the videos and the pdf's. I see them more as a 'practical example' of theoretical stuff you have to learn on yourself. I wish I knew it before so I could have digged the books before I took the OSCP plunge. For that I would say their text what you should know before the OSCP is kind off misleading.

That might explain why almost nobody passes the test the first time.

It sounds like you're being very smart about this.

Thanks for sharing these books, please post any more that you really wish you had read first.

I want to make sure I'm ready to get the most from the course and I'm planning on just extending 90 days right at the start to make it a non issue.

[sternone]

DAY 20

Okay okay OKAY again ;-)

I listened and read more in the books but meanwhile took 1 server out with many ports opened and worked on it.

Found one way to enter it, so I rooted it, that puts the number on 4.

Not a lot. Step by step... but happy I rooted another one.

[sternone]

DAY 21

Another day, another server ? I rooted another one. And this time, I have to say it was really really cool meaning -without spoiling it for the others- that I came across something that I said: Hey I might use this on server X, I tried it, and it worked.

Puts the counter on 5 servers rooted so far. Let's do some more reading further on the day and try another one tomorrow.

Instead of trying several servers at once, I now try to take 1 server out per day and try to hack it. Focused on only 1 server. It seems to be a little less frustrated and let me go deeper on the server but it makes me need to read more and more :-)

Let's see if I can hack another one tomorrow!

[jjwinter]

Do the servers contain any data that assists you exploiting other systems? Lists of usernames, fake company info, docs, browser history, cookies, etc.. or are just a clean image a server OS with patches missing or hackable services running? Does a hashdump on one help you on others?

[sternone]

I can just say: They look just like a real server.

They are not like a clean image with patches missing, that's for sure.

[jjwinter]

That is good to know, I was concerned that their lab environment would like something I could setup at home, just with more VM's running on better hardware or something.

Is getting through firewalls, managed switches, VLANS, IDS's and the like included? How realistic is this environment?

[sternone]

Check out their pdf on their site, they address your questions.

Every server I came across has specific applications running.

[sternone]

DAY 22

Started with SQL Injection and managed to bypass one web authenticate login to the admin console on a server I didn't rooted yet. So I guess that's a half server hacked today :-)

I must say, Hacking Web Applications is a BIG subject, and the PDF and the Videos cover it only on the surface, back to reading books now !!!!

I'm also planning to re-read the PDF and review all the videos starting from tomorrow.

[ajohnson]

Most servers can be compromised directly, but you will occasionally require information or functionality from another system. You should investigate each application, service, and system thoroughly as you go. Don't assume each system exists in a bubble.

[sternone]

Thanks, just rooted another one and finished the half one too ;-)

That puts the number on 7 boxes rooted.

 

[Jamie.R]

Cool sounds like its going well

[sternone]

Just rooted another one.

I was trying different stuff on that server and in my notes I wrote about a vuln: NOT WORKING - TRIED

But I said, really, and I tried it again, a little more deeper this time, and it worked!

Meaning... I can be wrong too, it's not because I say it's not working that it's not working :-)

Counter is now on 8 rooted boxes.

[shadowzero]

Just rooted another one.

I was trying different stuff on that server and in my notes I wrote about a vuln: NOT WORKING - TRIED

But I said, really, and I tried it again, a little more deeper this time, and it worked!

Meaning... I can be wrong too, it's not because I say it's not working that it's not working :-)

Counter is now on 8 rooted boxes.

Try harder, try different.