OSCP – Two weeks in.

Viewing 36 reply threads
  • Author
    Posts
    • #7755
      Catalyst256
      Participant

      Hi guys, I started my OSCP journey a couple of weeks ago. I’m really enjoying it and still working out the best way to approach it. I’ve watched some of the videos and read a lot of the PDF but spent more time working on the lab machines.

      I’ve managed to “pop” a few of the student lab boxes but struggle with privilege escalation and re-compiling the exploits.

      Nothing worth getting stressed about, it all’s part of the learning curve and I’m having an awesome time..  ;D

    • #48550
      Jamie.R
      Participant

      It sounds like you doing fine there are a few good blogs on privilege escalation.

      Might want look at
      g0tmi1k blog
      pentestermonkey

    • #48551
      Catalyst256
      Participant

      Cool thanks I will check them out..

    • #48552
      dynamik
      Participant

      You’ll often need to look at the exploit and try to figure out what it’s specifically trying to do. You may find your kernel version falls within the range of a lot of public exploits, but there may be other conditions or subtleties that need to be analyzed in order to determine if a given exploit will compile and execute successfully.

      Be sure to review other privilege services and pillage the system to the extent you’re able to as well.

    • #48553
      Catalyst256
      Participant

      Rather than posting on here all the time (yes I know its a forum and that’s the point), I’ve been updating my blog on my progress.

      Check it out if you are interested:

      http://itgeekchronicles.co.uk

    • #48554
      hayabusa
      Participant

      Looks good, and I’m sure others will benefit from reading your experiences.  Thanks for the share.

    • #48555
      tturner
      Participant

      @Catalyst256 wrote:

      Rather than posting on here all the time (yes I know its a forum and that’s the point), I’ve been updating my blog on my progress.

      Check it out if you are interested:

      http://itgeekchronicles.co.uk

      I checked out your blog and found your Scapy guide. I haven’t read the whole thing yet but so far I like! Great resource for folks trying to learn Scapy.

    • #48556
      Catalyst256
      Participant

      Glad you like it (so far) tturner. There will be more content added after my OSCP course is done and a special B-Sides London 2013 edition is in the works as well.

    • #48557
      superkojiman
      Participant

      @Catalyst256 wrote:

      Rather than posting on here all the time (yes I know its a forum and that’s the point), I’ve been updating my blog on my progress.

      Check it out if you are interested:

      http://itgeekchronicles.co.uk

      Looks good. I like reading about others’ experiences in the course. You’re correct about time flying by really quickly. I also took 90 days and finished with two weeks to spare for finishing up the report.

      Good luck!

    • #48558
      m0wgli
      Participant

      I’ve been following your blog for a while, and have been enjoying your OSCP updates. I’ve also read your Scapy guide and found it really useful, looking forward to the special B-Sides London 2013 edition.

      Good luck!

      @catalyst256 & @superkojiman: I’d be interested to hear a guestimate as to how many hours you invested over the 90 day’s (@catalyst256 I appreciate you still have 30 to go) and a rough idea of how this broke down.

      @superkojiman: I took a look at your blog too, you should update your profile to include it. Some good posts on there!

    • #48559
      S3curityM0nkey
      Participant

      Awesome blog dude! Love your work.

      Keep it up and good luck with the exam!

    • #48560
      superkojiman
      Participant

      @m0wgli wrote:

      @superkojiman: I took a look at your blog too, you should update your profile to include it. Some good posts on there!

      Thanks 🙂

      Regarding the number of hours I spent over the 90 day period, I would say about 8 hours on weekdays, and more on weekends. I work full time so I couldn’t devote as much time as I wanted to the course. I took notes as I went through, and finished everything with two weeks to spare. Spent that time finalizing the report and going back to take screenshots or any other info that I may have missed. Overall, I still managed to have a bit of a life while taking the course.

    • #48561
      Catalyst256
      Participant

      Hey m0wgli,

      I spend on average between 2-4 hours a day in the labs during the week and probably about 6-7 at the weekend. I will probably be pulling a few late nights during the last few weeks.

      I have taken a few days off work and spent 12 hours each day in the lab which helped.

      I tend to do research and mess around with VM’s at work (just don’t tell my boss). It’s not as much time as I would like but that’s life.

    • #48562
      Jamie.R
      Participant

      Cool sounds like you are having a lot of fun. This course is on my list to do so any tips or feedback from you would be nice.

    • #48563
      m0wgli
      Participant

      @catalyst256 & @superkojiman: Thanks for the replies.

    • #48564
      Darktaurus
      Participant

      Good work Catalyst256! I have to agree with superkojiman, it is very cool reading other people’s experiences in the offsec courses. Everyone usually has a very fun and challenging time with them.  Good luck on the exam too!

    • #48565
      zenlakin
      Participant

      I just registered for 90 days so I will be starting this Saturday Oct. 6th. Looking forward to it and I will also be reading through your blog to get an idea of your experiences along the way.

    • #48566
      Catalyst256
      Participant

      I posted this last night on my blog.. some of you may find it useful (or not)..

      OSCP – Useful resources

    • #48567
      hayabusa
      Participant

      Catalyst256. Congrats on nailing all the OSCP lab boxes!

      What’s next on your agenda?

    • #48568
      Catalyst256
      Participant

      I’ve got my exam booked for the end of October, then I’m thinking of doing the SecurityTube python scripting course, then I fancy spending some time on exploit development… but then I might change my mind.. 🙂

    • #48569
      zenlakin
      Participant

      I just started my course last Saturday so I am in the thick of things. Definitely an awesome course for sure!!

      @Catalyst256 congrats on getting into all of the lab boxes!!

    • #48570
      hayabusa
      Participant

        After I finish up my OSCE exam retake (hopefully shortly – time and money being the keys), I’m going to take a little down time, then get back into some ruby and python stuff, myself.  Need to break up the certification monotony for a bit.

      Well, good luck on the exam, and let us know how you do!

    • #48571
      m0wgli
      Participant

      Thanks for sharing. I found it particulary useful as a reassurance of the things I’ve been researching in preparation for the OSCP, many of the links are ones I’ve looked at.

      I’m unfamiliar with 8. Pivoting into a network using PLINK and FPipe though, so this will be getting some attention this weekend.

      By the way your link for 6. SSH gymnastics with proxychains is broken. It’s missing ml on the end.

      Congratulations on getting all the boxes!  🙂

    • #48572
      SephStorm
      Participant

      @m0wgli wrote:

      I’m unfamiliar with 8. Pivoting into a network using PLINK and FPipe though, so this will be getting some attention this weekend.

      By the way your link for 6. SSH gymnastics with proxychains is broken. It’s missing ml on the end.

      ? where did you see this info? on the blog?

      EDIT: Ah, yes, I see. Thank you to the OP for the info.

    • #48573
      Catalyst256
      Participant

      Hi SephStorm,

      This is the link m0wgli was talking about http://exploit.co.il/hacking/pivoting-into-a-network-using-plink-and-fpipe/

      I did a blog post a few days ago with some of the useful links I found handy during my OSCP lab time.

    • #48574
      Catalyst256
      Participant

      Hello, just an quick update (blog posts to follow), I sat the OSCP exam on Monday and just received notification that I passed..

    • #48575
      UNIX
      Participant

      Congrats! What’s next?

    • #48576
      Catalyst256
      Participant

      Well to be honest UNIX I’m not sure, need to work on my web application security, learn python or ruby (leaning more to python at the moment), then learn more about exploit writing, malware analysis and carry on popping boxes (in a lab environment)..

      Would like to “specialize” in an area but not sure what yet.

    • #48577
      lorddicranius
      Participant

      Congrats, Catalyst256!

    • #48578
      zenlakin
      Participant

      Congrats Catalyst256!!

    • #48579
      dynamik
      Participant

      Nice job, congrats!

    • #48580
      digitalvampire
      Participant

      Congratulations! Catalyst256! =)

    • #48581
      hayabusa
      Participant

      Congrats on the pass!

    • #48582
      Palor
      Participant

      @Catalyst256 wrote:

      Hello, just an quick update (blog posts to follow), I sat the OSCP exam on Monday and just received notification that I passed..

      Congrats Catalyst256 on passing.  Probably why I haven’t seen you in IRC the past week.

      I plan on doing my exam in 4-6 weeks.  Still got a view machines to go before doing the report.  I’ll check out your blog.

      Palor

    • #48583
      satish.lx
      Participant

      Big big Congr8s!!! You just nailed everything.

    • #48584
      Phillip Wylie
      Participant

      Catalyst256, congrats again! I follow you on Twitter. Awesome blog by the way.

    • #48585
      Darktaurus
      Participant

      I know I am late, but I did want to say congrats  Catalyst256. Good work.

Viewing 36 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?