OSCP – Two weeks in.

This topic contains 36 replies, has 17 voices, and was last updated by  Darktaurus 7 years, 1 month ago.

  • Author
    Posts
  • #7755
     Catalyst256 
    Participant

    Hi guys, I started my OSCP journey a couple of weeks ago. I’m really enjoying it and still working out the best way to approach it. I’ve watched some of the videos and read a lot of the PDF but spent more time working on the lab machines.

    I’ve managed to “pop” a few of the student lab boxes but struggle with privilege escalation and re-compiling the exploits.

    Nothing worth getting stressed about, it all’s part of the learning curve and I’m having an awesome time..  ;D

  • #48550
     Jamie.R 
    Participant

    It sounds like you doing fine there are a few good blogs on privilege escalation.

    Might want look at
    g0tmi1k blog
    pentestermonkey

  • #48551
     Catalyst256 
    Participant

    Cool thanks I will check them out..

  • #48552
     dynamik 
    Participant

    You’ll often need to look at the exploit and try to figure out what it’s specifically trying to do. You may find your kernel version falls within the range of a lot of public exploits, but there may be other conditions or subtleties that need to be analyzed in order to determine if a given exploit will compile and execute successfully.

    Be sure to review other privilege services and pillage the system to the extent you’re able to as well.

  • #48553
     Catalyst256 
    Participant

    Rather than posting on here all the time (yes I know its a forum and that’s the point), I’ve been updating my blog on my progress.

    Check it out if you are interested:

    http://itgeekchronicles.co.uk

  • #48554
     hayabusa 
    Participant

    Looks good, and I’m sure others will benefit from reading your experiences.  Thanks for the share.

  • #48555
     tturner 
    Participant

    @catalyst256 wrote:

    Rather than posting on here all the time (yes I know its a forum and that’s the point), I’ve been updating my blog on my progress.

    Check it out if you are interested:

    http://itgeekchronicles.co.uk

    I checked out your blog and found your Scapy guide. I haven’t read the whole thing yet but so far I like! Great resource for folks trying to learn Scapy.

  • #48556
     Catalyst256 
    Participant

    Glad you like it (so far) tturner. There will be more content added after my OSCP course is done and a special B-Sides London 2013 edition is in the works as well.

  • #48557
     superkojiman 
    Participant

    @catalyst256 wrote:

    Rather than posting on here all the time (yes I know its a forum and that’s the point), I’ve been updating my blog on my progress.

    Check it out if you are interested:

    http://itgeekchronicles.co.uk

    Looks good. I like reading about others’ experiences in the course. You’re correct about time flying by really quickly. I also took 90 days and finished with two weeks to spare for finishing up the report.

    Good luck!

  • #48558
     m0wgli 
    Participant

    I’ve been following your blog for a while, and have been enjoying your OSCP updates. I’ve also read your Scapy guide and found it really useful, looking forward to the special B-Sides London 2013 edition.

    Good luck!

    @catalyst256 & @superkojiman: I’d be interested to hear a guestimate as to how many hours you invested over the 90 day’s (@catalyst256 I appreciate you still have 30 to go) and a rough idea of how this broke down.

    @superkojiman: I took a look at your blog too, you should update your profile to include it. Some good posts on there!

  • #48559
     S3curityM0nkey 
    Participant

    Awesome blog dude! Love your work.

    Keep it up and good luck with the exam!

  • #48560
     superkojiman 
    Participant

    @m0wgli wrote:

    @superkojiman: I took a look at your blog too, you should update your profile to include it. Some good posts on there!

    Thanks 🙂

    Regarding the number of hours I spent over the 90 day period, I would say about 8 hours on weekdays, and more on weekends. I work full time so I couldn’t devote as much time as I wanted to the course. I took notes as I went through, and finished everything with two weeks to spare. Spent that time finalizing the report and going back to take screenshots or any other info that I may have missed. Overall, I still managed to have a bit of a life while taking the course.

  • #48561
     Catalyst256 
    Participant

    Hey m0wgli,

    I spend on average between 2-4 hours a day in the labs during the week and probably about 6-7 at the weekend. I will probably be pulling a few late nights during the last few weeks.

    I have taken a few days off work and spent 12 hours each day in the lab which helped.

    I tend to do research and mess around with VM’s at work (just don’t tell my boss). It’s not as much time as I would like but that’s life.

  • #48562
     Jamie.R 
    Participant

    Cool sounds like you are having a lot of fun. This course is on my list to do so any tips or feedback from you would be nice.

  • #48563
     m0wgli 
    Participant

    @catalyst256 & @superkojiman: Thanks for the replies.

  • #48564
     Darktaurus 
    Participant

    Good work Catalyst256! I have to agree with superkojiman, it is very cool reading other people’s experiences in the offsec courses. Everyone usually has a very fun and challenging time with them.  Good luck on the exam too!

  • #48565
     zenlakin 
    Participant

    I just registered for 90 days so I will be starting this Saturday Oct. 6th. Looking forward to it and I will also be reading through your blog to get an idea of your experiences along the way.

  • #48566
     Catalyst256 
    Participant

    I posted this last night on my blog.. some of you may find it useful (or not)..

    OSCP – Useful resources

  • #48567
     hayabusa 
    Participant

    Catalyst256. Congrats on nailing all the OSCP lab boxes!

    What’s next on your agenda?

  • #48568
     Catalyst256 
    Participant

    I’ve got my exam booked for the end of October, then I’m thinking of doing the SecurityTube python scripting course, then I fancy spending some time on exploit development… but then I might change my mind.. 🙂

  • #48569
     zenlakin 
    Participant

    I just started my course last Saturday so I am in the thick of things. Definitely an awesome course for sure!!

    @catalyst256 congrats on getting into all of the lab boxes!!

  • #48570
     hayabusa 
    Participant

      After I finish up my OSCE exam retake (hopefully shortly – time and money being the keys), I’m going to take a little down time, then get back into some ruby and python stuff, myself.  Need to break up the certification monotony for a bit.

    Well, good luck on the exam, and let us know how you do!

  • #48571
     m0wgli 
    Participant

    Thanks for sharing. I found it particulary useful as a reassurance of the things I’ve been researching in preparation for the OSCP, many of the links are ones I’ve looked at.

    I’m unfamiliar with 8. Pivoting into a network using PLINK and FPipe though, so this will be getting some attention this weekend.

    By the way your link for 6. SSH gymnastics with proxychains is broken. It’s missing ml on the end.

    Congratulations on getting all the boxes!  🙂

  • #48572
     SephStorm 
    Participant

    @m0wgli wrote:

    I’m unfamiliar with 8. Pivoting into a network using PLINK and FPipe though, so this will be getting some attention this weekend.

    By the way your link for 6. SSH gymnastics with proxychains is broken. It’s missing ml on the end.

    ? where did you see this info? on the blog?

    EDIT: Ah, yes, I see. Thank you to the OP for the info.

  • #48573
     Catalyst256 
    Participant

    Hi SephStorm,

    This is the link m0wgli was talking about http://exploit.co.il/hacking/pivoting-into-a-network-using-plink-and-fpipe/

    I did a blog post a few days ago with some of the useful links I found handy during my OSCP lab time.

  • #48574
     Catalyst256 
    Participant

    Hello, just an quick update (blog posts to follow), I sat the OSCP exam on Monday and just received notification that I passed..

  • #48575
     UNIX 
    Participant

    Congrats! What’s next?

  • #48576
     Catalyst256 
    Participant

    Well to be honest UNIX I’m not sure, need to work on my web application security, learn python or ruby (leaning more to python at the moment), then learn more about exploit writing, malware analysis and carry on popping boxes (in a lab environment)..

    Would like to “specialize” in an area but not sure what yet.

  • #48577
     lorddicranius 
    Participant

    Congrats, Catalyst256!

  • #48578
     zenlakin 
    Participant

    Congrats Catalyst256!!

  • #48579
     dynamik 
    Participant

    Nice job, congrats!

  • #48580
     digitalvampire 
    Participant

    Congratulations! Catalyst256! =)

  • #48581
     hayabusa 
    Participant

    Congrats on the pass!

  • #48582
     Palor 
    Participant

    @catalyst256 wrote:

    Hello, just an quick update (blog posts to follow), I sat the OSCP exam on Monday and just received notification that I passed..

    Congrats Catalyst256 on passing.  Probably why I haven’t seen you in IRC the past week.

    I plan on doing my exam in 4-6 weeks.  Still got a view machines to go before doing the report.  I’ll check out your blog.

    Palor

  • #48583
     satish.lx 
    Participant

    Big big Congr8s!!! You just nailed everything.

  • #48584
     Phillip Wylie 
    Participant

    Catalyst256, congrats again! I follow you on Twitter. Awesome blog by the way.

  • #48585
     Darktaurus 
    Participant

    I know I am late, but I did want to say congrats  Catalyst256. Good work.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?