OSCP Walkthrough

  • This topic is empty.
Viewing 136 reply threads
  • Author
    Posts
    • #5227
      j0rDy
      Participant

      OK, here goes nothing…

      When i became one of the lucky winners of the EH.net Offensive Security prize giveaway i got the feeling i had to do something in return. Lets start with a big thank you to Donald who made all this possible: Thank you.

      When i decided to write down my experiences with this course i created a new file on my desktop and paused to think of an appropriate name. Since i did not wanted to write just another review, but provide something extra, i hesitated after i typed PWB REVIEW. Due to the fact that i want it to be more then a review, i had to come up with a different name. The first option that came to mind was PWB blog, cause i tend to write short pieces throughout the course to take you all in on the journey that lays ahead of me, but i did not find it the right term to use. It came to mind when i thought of my earlier days when i had the time to play video games (all good things come to an end). I remember playing games like Resident Evil with a stack of printed papers next to me, telling me what to do at a certain point in the game. These documents are called walkthroughs. Now dont get me wrong, i will not help you pass this course or tell you detailed inside information about the course/exam itself, but i will tell you how i got from the point of deciding to take the course, to the point of getting back my results from the test, which are hopefully high enough to pass ;).

      Before you continue reading, i want to state that this walkthrough is published as is. Sometimes i will look back and change a few words or so, but i hope that in the end i will have a representative version that can truly add something to the existing information that is already at hand. I also hope i will continue to have the time to update it and keep everybody interested during the process and in the final result. Please keep in mind that this is my first encounter with writing something (hopefully) worth publishing in any form, so any comment is welcome and appreciated!

      Before starting:
      First lets start with the big question if you are ready to start with this course. The course is not your average certification or exam you might have taken before. The experience i have is with both self study and courses, but i knew from the start that this will not help me with this course. My current knowledge is based on my ISC2 associate certification and my CEH certification. Since i did the “ISC2 Associate” exam by self study i can only compare it with the actual exam. This consist as you may know of 250 multiple choice questions which you have to complete within 6 hours, and score more then 70% to pass. CEH is exam wise not much different: 150 multiple choise in 4 hours and also a score of 70% or higher to pass. The 6 day course i took for CEH consisted of many theoretical information with some time to play with tools on the side to get a feeling how these techniques are applied in the real world. CEH really puts you in the ethical hacker thinking mode. Now most certificates are this way, but i knew from the start PWB is completely different. I think the PWB course is perfect if you think you have enough theoretical knowledge about ethical hacking, and want to turn this into practical experience!

      General info:
      The approach for this course used by offensive security is that learning for this certificate will be “hands on” as much as possible. This makes it perfect for people that already have some experience or obtained some sorf of certification in the penetration testing field. This also makes PWB less suitable for people that don not already have experience or some other, more theoretical certificate in this field. The study material consists of a syllabus that is used to guide you through the required learning material, which is backed up by videos that can be downloaded from their virtual lab. Yes, you also get access through a VPN to a virtual lab where you can immediately try out your freshly obtained hacking skills. There are multiple vulnerable systems with different operating systems that are hooked together within multiple infrastructures. This gives you a big playground to poke around in without doing any harm. The exam will also be held in your virtual lab. Your objective is to break in an extra secured part of the network and gain access to the main computer. After this you will, just like in real life, report your findings in a penetration report that will represent your exam. This will be scored on several points like succes, documentation and completion. There is also another factor to make it more interesting: time! The penetration test must be finished within 24 hours. After this you get another 24 hours to finish up your report instead of sending in just loose notes. If you succeed you may add the OSCP (Offensive Security Certified Professional)title to your name. This wraps up about all there is to know about the course itself. So what is the first step to become an OSCP? Thats right, registering!

      Registration:

      Registering was a little different because of the “me winning the course” element. but some parts are the same for you if you decide to start the course. First you register through the website with a valid, non free email address so the people at OffSec can validate your identity and do some background checks if needed. I received a mail that my ISP email address was not sufficient, and they needed another email address to complete my registration. If this fails, so i was told by the email, they would required a scanned copy of my ID. The second email i provided seems sufficient to prove my identity so we are ready for the next step. After this you receive an email with credentials to a test account where you can test you connectivity to the VPN server. There is a link provided to a connectivity guide if you dont know how to test it. Here you can also get a copy of backtrack that is tweaked for the course. Since i received this email fridays after worktime on my work address, i missed the 48h window where the account needs to be tested in. After sending an email explaining my situation i was supported nicely by one of the OffSec employees by extending my test credentials for another 24. I received an email back within a working day, so the help service at OffSec is good. When you tested the connection to the VPN server you can continue with registering for the course. The advice here is to have a decent computer (you will probably run the Backtrack image you downloaded in VMware or VirtualBox, so make sure you have sufficient memory and processing power) and internet connection (since you will be downloading some video’s). After supplying the neccesary details you get to choose your payment options, which consists of either paypal or master/visa. Since i had a voucher code i dont have any experience with the actual payment proces, so you are on your own on this one. After payment you receive a mail that registration was succesful and you will receive another mail with credentials when the course starts. On to the course!

      First Impressions:

      After receiving the confirmation mail on the starting day of the course, which by the way was nice on time, i logged in to the VPN with the credentials provided. The first thing i noticed was the presence of a webbased “dashboard” functionality which provides a nice overview of your personal information. It gives a heads up on the status of the systems available, and the possibility to reset any changes you made on the Host Servers if you happen to break them. It also lets you control the Windows XP rig that you may use to test things locally. Here you have the option to reset the password, or completely reset the system if you wrecked it beyond repair. Giving on the list of servers you can reset in the dashboard, there are about 20 servers that can be exploited. No additional information is displayed, but that is ofcourse the challenge of the course. Another neat function is the posibility to see how your progress is doing. The network is divided into 4 different LANs. You already have access to the first one, but the objective is ofcourse to get access to all of them. If you hack specific servers in a particular network you can download MD5 hashes which can be used to update the status in your dashboard. There is also a hash brute forcer at hand on one of the servers, so you can use that if you are in need of some computing power. After seeing the dashboard and the servers that are available my first impression was: this network is HUGE! at first it is hard to get a good overview of the entire VPN, but after a while you get a pretty clear picture of the complete network at hand. so much to play with, so little time…

      Exercises:

      After finishing the first 5 modules it is time to post my first impressions about the exercises. At this point i have not played in the lab much because of the nature of the first modules. As many of you might know, the first modules teach you some backtrack basic bash/shell scripting, information gathering techniques and port scanning. The list of modules can be downloaded from the offensive security website, so i suggest you have a look at it to see what you can expect from the topics addressed if you are interested. You can either follow the course guide provided, or let the lab videos guide you through, just remember that they complete eachother, so dont just go blind with one or the other. Another trap is wanting to go too fast. i for example thought after the first portscans it would be a walk in the park and soon found myself trying all kinds of attacks (which got me nowhere cause they were either too simple, too difficult or not in scope at all) without even looking at the course material. This might work if you are lucky, but it is not the intention of the course. The first module teaches some basic shell scripting while getting familiar with the virtual lab. From this point on i knew that my weak point (wait…lets stick with complete lack of) of programming/scripting skills would come back to haunt me. No less it took me just a little bit longer then the average person to complete the exercises (i think), but those credits go to Muts for doing a hell of a job explaining things and taking you step by step through example exercises. At some point i found myself stuck in a part i didnt have any prior knowledge about, and the help forums came up with just the right pointers to get me going again. There are tons of information there you can use with the exercises, so if you cannot make it on your own, there is enough information available to keep you going. Despite my lack of programming/scripting knowledge, i find the exercises fun to do. i cannot wait to get started with the real lab exercises and to start hacking away on all those victims just sitting there waiting for me to come along. i wonder how much knowledge and time is needed to, as i phrase from pokemon: gotta catch em all! another great part of the course is that you are forced to document your findings within the labs carefully because every piece of information is needed for your pentest report. This gives you a great overview and in depth knowledge about the network at hand. I generally like the way the course is put together and the way you are escorted through the modules. This gives you a confident feeling and makes you think you can hack the planet! (but lets stick with the lab for now).

      I finished all the modules that are covered in the videos and skipped in a fast pace through the last ones in the lab guide. Some topics were complete new for me like ARP spoofing, buffer overflows and client side attacks. Thanks to the good and simple explanation that takes you step by step through the process i managed to get through them with succes. The further i got in the course, the more i was amazed of the knowledge that the course comprehends (and i lack).ou  I want to give massive kudo’s to the Offensive Security team for this course. You know you are watching/learning from true professionals when they master the difficulty of the art, but make it look easy. This is exactly what they do.

      After finishing the modules i started to review the information gathered about the labs you collect through the exercises. The reconnaissance part gives you heaps of info about the targets in the labs, but found out quick enough that i had to start documenting properly. I started with putting all the important information i gathered in the sample test report you receive at the start of the course. This helps in getting that overview of the target and lets you set that aim for your first targets. I tried to spend a full day in the week on this course doing exercises and practicing, and an hour a day to read/watch the material. At this point i am halfway through the 60 days i have, so i recommend everybody to take the 60 day course.

      Now we got that out of the way it is time for the interesting part: The lab machines! At this point i only spend a few hours in the lab, which comes to about the 24h you need for the exam. At this point i targeted about three machines. results? Nothing! Remember that feeling i talked about earlier that you can hack the planet? This gets shot into a thousand pieces when you actually start on the lab. At first this got (and still does a little) me really frustrated and insecure about my freshly aquired knowledge, but then again, if it would be a walk in the park everybody would be OSCP certified.

      At this point i can identify most of the vulnerabilities that the machines have, and theoretically explain how to exploit them, but when i try the exploits that are discussed in the material in practice i always seem to find a little twist that makes it not work the way it supposed to. The frustration feeling i got with this experience quickly turned into motivation to try harder and get as far as possible in the labs. I got this feeling that once you have hacked your first one, the next few will come within no time, and guess what: i was right! After spending another few hours in the lab i managed to get into a few machines! I see that the difficulty of the machines varies from 1 click hacks to almost impossible. All i can think of now is that this is more challenging and most important, more fun then i could imagine! This is like playing around in the biggest playground there is, and get certified at the same time. Once you have experienced this you will never want to take a normal certification course again!

      Hacking along and preparing for certification

      Ok, my labtime is officially over. I managed to get into about 60% of the hosts which leaves me with an unsatisfying feeling. If i knew the lab was going to be this big and hard i would have stared way earlier then i did now. i spend the first half working through the material which i could combine with playing around in the lab, but didnt. i suggest to start immediately if you want to get into the other subnets and make sure you get at least the 60 day course. The skill level of the lab differs from click and hack to complete manual procedures which makes it a pleasant environment to play in for everyone. You are certain to find a challenge regarding of the skill level you have prior to the course.

      this brings me to one of the most burning questions at the moment: how hard is OSCP and is it suitable for beginners? i would say NO. If you have no prior knowledge in pentesting/ethical hacking this will knock you down and leave you in the gutter. Unless you have aquired the techniques of hacking and know how to penetrate systems you will have a very difficult time to gain the knowledge required to do well in the labs. I’m not saying its wasted time, because you will learn (a lot!) and you have sufficient time, you probably will have a decent chance to pass. i found it hard to find time because of my new job which kept me pretty busy and i guess you will have occupations too, so keep that in mind. Compared to CEH, wait…what is there to compare? i thought about this a long time but i cant seem to find any similarities between the two courses. the only way to describe it is as followed: CEH: start talking it. OSCP. start doing it!

      At this point i am working on my report that you will need to hand in once the exam is finished. I am describing all the hacks i made within the labs and the exercises i made during the course. Remember to make it as complete as possible to make it look just as a real pentest report. I planned my exam somewhere next month, this give me some time to go over the material again and to put in some work on some of the extra mile challenges to make sure i completely understand all the techniques mentioned. i have no idea what to expect, but i am preparing for hell! wish me luck!

      last update before the exam:

      This is my last update before i will take the exam this weekend. It will be less informative then the previous posts i made but i want to give you all a view on how i stand thowards the exam, mental wise. i cant stop thinking about the score hit monkey got on his first try. I believe we are skillwise pretty equal. Giving the fact i am only in security for about 1.5 years now, i almost cant believe how far i already came, but the big question is will it be enough? i really want to pass the exam just to prove i learned all these skills and that i can put them in use.

      At this moment i feel pretty confident about the knowledge i have optained. The one thing that worries me most is the time window in which i have to operate. Because i am on almost the other side of the earth, none of the starting times are great. You have the option of choosing several starting times going from 4pm to about 22pm. This means you will have to pull an all-nighter, no matter how good you are. This gives the whole experience a nice ring to it though. Pulling an all nighter just like real hackers do in movies. Can you imagine the dark room, lighted by just a computer screen, and the only sound you hear is the soft thicking of the keyboard and the brain cracking of a hacker that is working his ass off to get that root-shell? just thinking about it makes me all hyped up to get stared! Luckily i took a day off (sort off) so i can prepare myself for this. i’m planning on getting plenty of food and drinks (caffeine is your friend is such situations) so i dont have to waste any time on less important things like if i have enough to fuel my body for this experience.

      After practicing in the labs i found out that if i really put myself to it, i can hack most of the hosts without any real problem. The only thing is that when i do, i dont have a time limit in which i have to finish. Some of the hosts took me a really long time because of the extra knowledge required to make the actual hack. Luckily not everything is chewed out so you really have to think on your own to achieve the result wanted. Because of my slim pre-knowledge this takes me longer then with someone who has more experience. the best advice in these situation IS just to try harder. In the end i get there, but with significantly more time and effort. I think time will be my biggest enemy. Wish me luck and i will post my post exam experience when i’m ready to do something else besides sleeping.

      Results are in:

      I got Pwnd…

      No seriously…like a script kiddie. I cant really figure out what happened. Maybe it was the long night, the fact i was more nervous then a bouncing toothpick, or perhaps just lack of skill? Anyway the mail was right on time, i logged in, started on the first host and bam! 5 hours gone. I was almost there but decided to let it go cause time was ticking. i went for the other hosts where i pretty quickly got a shell on one of them, but spend hours to make it a root one. No luck. The other hosts were just playing with me. I found several vulnerable services, but somehow i couldnt get that shell. And then, time’s up. I got nothing! No shell, No exploit that worked for me. Perhaps this was where my lack of programming skills came in. I spend too much time figuring out how to make the exploits run, let alone if they worked. I feel defeated, almost humiliated. Even though somewhere i keep thinking wow, i cant believe how much i have learned in the past couple of months. At this point im having trouble to be entheusiastic about it, but thats just to blame on the exam results, and the 3h sleep i got.

      I expected it to be hard. Heck, i was even sure i would need all the luck in the world to pass, but this result left me bedazzled. I guess this closes the ever ongoing CEH vs OSCP debate. Even if you can pass the CEH exam with two fingers up your nose, OSCP is a whole different ballgame. this certification truely separates the men from the boys.

      the positive thing about this is that now i know where my weak points are. i will work on them first, expand my skills further, become more knowledgable and eventually i will succeed. i have never given up on anything in my life, and this will not become my first. I feel there is no point in taking the exam again any time soon, but when i feel i have progressed both skill and time wise, i will be ready for the biggest challenge of my life once more…I wish we could end this walkthrough with better news, but hey, guess i just have to: try harder…

      Exam retake time…

      Quote:
      lets cut the crap about how nervous i was and uncertain if i would finally make it: I PASSED! i cant describe how happy i am that all that hard work finally payed off. i did a lot of research on the parts i messed up the first time, and after a lot of reading, practice and hard work all my effort got me where i wanted to be, an OSCP.

      Like i said before, time was my greatest enemy. it took me a heck of a long time to get the steps that i wanted to take to the commands to get them done. when i stumbled upon a nasty twist it just took me too long to figure it out, and that is mainly to blame on the fact i’m quite new to the game. I really enjoyed every minute of it. It is a great course where you will learn more then any other certification course, for sure. The material is clear, to the point, very well understandable for all skill levels and i recommend that if you decide to only do the exam, to take the course just to get an idea of what you can expect. Besides that it is just plain fun to play around in a lab like that. The only remark i have is that the exam could be a little bit more in line with the course, cause some techniques i needed in the exam were not mentioned in the course. After all an exam is to test if you see if you master the material. However, you should be prepared to take the exam journey alone, cause no matter how hard you will try, nobody from the forums or IRC channel will help you, no matter how hard you try 😉

      I am hooked on the way offensive security makes you think and work on your own. i discovered you can talk all you want about tools, techniques and hacking in general, you will only truly master it by doing it. i hope you had as much fun reading this as i had writing it, and do not be afraid to ask any questions about the course and exam. I would like to thank the guys at offensive security for this wonderful experience that i will stay with me forever, the admins at the IRC channel for being patience with me and leaving me all by myself in that pit full of lions, snakes and other animals you do not want to be alone with, and last but certainly not least, EH.net and in particular Don, for making all this possible for people like me, and by that i mean all of us. Thank you
      [quote]

      If anybody (Don or the guys at OffSec) has any remarks about this, please contact me!

    • #33032
      rattis
      Participant

      I’m doing something similar for WiFU, but I tend to write in a note book. I prefer it for notes. I’ve also been keeping a small list of things related in my blog. Nothing juicy yet. Just the steps I’ve gone through so far finding and testing hardware.

    • #33033
      Dutchie
      Participant

      Awesome Jordy
      that you’re sharing your experiences with us as a guide through the PWB journey.  This way we can experience all what the course contains and value it for each of us for themselves based on your experiences.

      thanks for sharing!!! 
      I’m also very curious to the course, but first my CEH exam.

    • #33034
      impelse
      Participant

      Great Walkthrough, I do the smae with my notes.

    • #33035
      j0rDy
      Participant

      Part 2: Registering!

      Registration:
      Registering was a little different because of the “me winning the course” element. but some parts are the same for you if you decide to start the course. First you register through the website with a valid, non free email address so the people at OffSec can validate your identity and do some background checks if needed. I received a mail that my ISP email address was not sufficient, and they needed another email address to complete my registration. If this fails, so i was told by the email, they would required a scanned copy of my ID. The second email i provided seems sufficient to prove my identity so we are ready for the next step. After this you receive an email with credentials to a test account where you can test you connectivity to the VPN server. There is a link provided to a connectivity guide if you dont know how to test it. Here you can also get a copy of backtrack that is tweaked for the course. Since i received this email fridays after worktime on my work address, i missed the 48h window where the account needs to be tested in. After sending an email explaining my situation i was supported nicely by one of the OffSec employees by extending my test credentials for another 24. I received an email back within a working day, so the help service at OffSec is good. When you tested the connection to the VPN server you can continue with registering for the course. The advice here is to have a decent computer (you will probably run the Backtrack image you downloaded in VMware or VirtualBox, so make sure you have sufficient memory and processing power) and internet connection (since you will be downloading some video’s). After supplying the neccesary details you get to choose your payment options, which consists of either paypal or master/visa. Since i had a voucher code i dont have any experience with the actual payment proces, so you are on your own on this one. After payment you receive a mail that registration was succesful and you will receive another mail with credentials when the course starts. On to the course!

      Next up: First impressions!

    • #33036
      Anonymous
      Participant

      jOrDy, your idea is very nice and highly appreciated. Thank you.

    • #33037
      impelse
      Participant

      I liked it

    • #33038
      Don Donzal
      Keymaster

      Good stuff and way to give back.

      Might be a good idea to break it up into multiple threads.

      Don

    • #33039
      j0rDy
      Participant

      Don: What do you mean by breaking it up in multiple threads? i think for archiving purposes it is convenient to keep it all in one topic?

      Part 3: First Impressions

      After receiving the confirmation mail on the starting day of the course, which by the way was nice on time, i logged in to the VPN with the credentials provided. The first thing i noticed was the presence of a webbased “dashboard” functionality which provides a nice overview of your personal information. It gives a heads up on the status of the systems available, and the possibility to reset any changes you made on the Host Servers if you happen to break them. It also lets you control the Windows XP rig that you may use to test things locally. Here you have the option to reset the password, or completely reset the system if you wrecked it beyond repair. Giving on the list of servers you can reset in the dashboard, there are about 20 servers that can be exploited. No additional information is displayed, but that is ofcourse the challenge of the course. Another neat function is the posibility to see how your progress is doing. The network is divided into 4 different LANs. You already have access to the first one, but the objective is ofcourse to get access to all of them. If you hack specific servers in a particular network you can download MD5 hashes which can be used to update the status in your dashboard. There is also a hash brute forcer at hand on one of the servers, so you can use that if you are in need of some computing power. After seeing the dashboard and the servers that are available my first impression was: this network is HUGE! at first it is hard to get a good overview of the entire VPN, but after a while you get a pretty clear picture of the complete network at hand. so much to play with, so little time…

      next up: Time for exercises!

    • #33040
      Anonymous
      Participant

      bookmarked  😉

    • #33041
      Don Donzal
      Keymaster

      Your choice my friend.

      Keep up the good work,
      Don

    • #33042
      zeroflaw
      Participant

      Good stuff. Can’t wait to start on Sunday!

    • #33043
      j0rDy
      Participant

      i received a question through the PM about the difficulty of the OSCP course and when people should start with it. I thought it be good to share it with everybody:

      I personally think that this couse is not for beginners. i have been in security for about 2 years now, and i am having quite a bit of trouble to get through the course exercises. Although i have my CEH, i see that this is not enough to build on. I suggest to get some knowledge first, apply for CEH or similar (GPEN if my memory serves me right) and then try for OSCP. my advise is that you should definitely do this one, cause its an experience you will never forget!

      stay tuned for the next update!

    • #33044
      j0rDy
      Participant

      Part 4: Exercises:
      After finishing the first 5 modules it is time to post my first impressions about the exercises. At this point i have not played in the lab much because of the nature of the first modules. As many of you might know, the first modules teach you some backtrack basic bash/shell scripting, information gathering techniques and port scanning. The list of modules can be downloaded from the offensive security website, so i suggest you have a look at it to see what you can expect from the topics addressed if you are interested. You can either follow the course guide provided, or let the lab videos guide you through, just remember that they complete eachother, so dont just go blind with one or the other. Another trap is wanting to go too fast. i for example thought after the first portscans it would be a walk in the park and soon found myself trying all kinds of attacks (which got me nowhere cause they were either too simple, too difficult or not in scope at all) without even looking at the course material. This might work if you are lucky, but it is not the intention of the course. The first module teaches some basic shell scripting while getting familiar with the virtual lab. From this point on i knew that my weak point (wait…lets stick with complete lack of) of programming/scripting skills would come back to haunt me. No less it took me just a little bit longer then the average person to complete the exercises (i think), but those credits go to Muts for doing a hell of a job explaining things and taking you step by step through example exercises. At some point i found myself stuck in a part i didnt have any prior knowledge about, and the help forums came up with just the right pointers to get me going again. There are tons of information there you can use with the exercises, so if you cannot make it on your own, there is enough information available to keep you going. Despite my lack of programming/scripting knowledge, i find the exercises fun to do. i cannot wait to get started with the real lab exercises and to start hacking away on all those victims just sitting there waiting for me to come along. i wonder how much knowledge and time is needed to, as i phrase from pokemon: gotta catch em all! another great part of the course is that you are forced to document your findings within the labs carefully because every piece of information is needed for your pentest report. This gives you a great overview and in depth knowledge about the network at hand. I generally like the way the course is put together and the way you are escorted through the modules. This gives you a confident feeling and makes you think you can hack the planet! (but lets stick with the lab for now).

      Next up: More exercises and first hacks! (i hope)

    • #33045
      BillV
      Participant

      Good walkthrough so far, j0rDy 🙂

      One thing from your first post…

      There is also another factor to make it more interesting: time! The penetration test including the report must be finished within 24 hours.

      You actually have two 24-hour blocks, a total of 48 hours. You can dedicate the first 24 to the exam, if you’d like, but then you have an additional 24 to turn in the report.

      Also, one suggestion I would make for anyone going through the course/labs is to create and keep up with your documentation as you go. You’re provided with a template that can be used for your reporting when you’re done but, if I were to do the course again, I’d probably write the report at the beginning (the general parts) and add my details as I went along. Otherwise you may find yourself scrambling to put that information together along with your findings from the exam portion. Don’t underestimate the time it will take to write a good, solid report 😉

      BillV

    • #33046
      KrisTeason
      Participant

      I”m backing BillV on this one. When I was in the course, I scheduled my exam about a week after my lab time expired. This gave me time to go back and finish the report, take the exam then add my exam findings into the report (which is very do-able in 24 hours).

    • #33047
      zeroflaw
      Participant

      At first I was kind of confused about the documentation and reporting. Seems like we have to document everything. And put all the results relating to the network itself in our pentest report.

      Did you guys use leo or basket? I personally find basket easier. Also I’m planning to do all the extra mile exercises.

    • #33048
      caissyd
      Participant

      Speaking of scheduling the exam, I was going to register for Saturday, July 24th but all sits were taken. Having my daughters every second weekend, I tried August 7 or 8 with no chance. I finally got a slot on August 21st!

      I have to wait almost 2 months!

      So zeroflaw, book your exam way in advance, especially if you are planning on doing it on a weekend…

    • #33049
      BillV
      Participant

      Yeah, the better your documentation is during the lab, the easier it will be to put it into a report. Personally, I didn’t spend much time in the lab and only compromised about 6 or 7 systems. I just didn’t have the time to spend playing around. I didn’t use leo or basket. I used an Excel spreadsheet to keep track of what I was doing, with one sheet giving me an overview and each system having its own sheet. Just my preference of doing things I guess.

      And I agree on scheduling the exam. It’s a pretty bad interface imho. I ended up sending an email out to those guys to ask them what times were available for the next couple Fridays/Saturdays, then from there I went back and selected one of those times. Each one I had tried before that I just got the message saying it was unavailable. I think I suggested they should do something similar to Prometric, with a calendar that shows available dates/times rather than playing a guessing game with the system.

    • #33050
      j0rDy
      Participant

      thanks for the replies and i will get to the 2x24h part as soon as i get my next chapter finished! also great advice on the exam planning, i will keep it in mind when i am getting close to my last lab days.

    • #33051
      BillV
      Participant

      How’s your course going? Any updates?

    • #33052
      j0rDy
      Participant

      just hit rock bottom working on the lab machines >:(, more on this next friday!

    • #33053
      partek
      Participant

      OSCP is a tough course and really forces you to come up with some interesting and unorthodox solutions. I remember spending many a late night trying to break into the lab boxes.  It’s very frustrating, but is definitely the most rewarding course I’ve ever taken.

    • #33054
      hayabusa
      Participant

      I fully agree with partek.  Just take your time, j0rdy, and take breaks and rest, if you feel like you’re hitting a wall.  (muts and company would agree, especially when you’re taking the exam.)  Always remember, on the boxes, to look for the: who, what, where, when, why and how – as a moderator on the IRC chat reminded me during my lab time, as I hit a wall at one point on one box in particular.  I asked, not for an answer, but for some sense that I wasn’t WAY off on the machine, and he gave me that advice (and I wasn’t far off, after all, once I stepped back and rested, then reconsidered some things.)

      Keep it up.  It’s worth it !

    • #33055
      Anquilas
      Participant

      This makes for a great read Jordy, and will be most useful for other people trying their hands at the course (hopefully including me).

      As a possible suggestion: maybe you can add the newly written parts in the first post? It’s easier to then read the whole thing in one post, instead of having to scroll through, what I imagine, will become a very long thread 🙂

      Thanks a bunch for taking the effort to write it all down m8, looking forward to more of your experiences with PWB!

    • #33056
      j0rDy
      Participant

      Great idea Anquilas! let me get on it straight away! remember to stay tuned for the next update coming this Friday!

    • #33057
      j0rDy
      Participant

      as promised:

      I finished all the modules that are covered in the videos and skipped in a fast pace through the last ones in the lab guide. Some topics were complete new for me like ARP spoofing, buffer overflows and client side attacks. Thanks to the good and simple explanation that takes you step by step through the process i managed to get through them with succes. The further i got in the course, the more i was amazed of the knowledge that the course comprehends (and i lack).ou  I want to give massive kudo’s to the Offensive Security team for this course. You know you are watching/learning from true professionals when they master the difficulty of the art, but make it look easy. This is exactly what they do.

      After finishing the modules i started to review the information gathered about the labs you collect through the exercises. The reconnaissance part gives you heaps of info about the targets in the labs, but found out quick enough that i had to start documenting properly. I started with putting all the important information i gathered in the sample test report you receive at the start of the course. This helps in getting that overview of the target and lets you set that aim for your first targets. I tried to spend a full day in the week on this course doing exercises and practicing, and an hour a day to read/watch the material. At this point i am halfway through the 60 days i have, so i recommend everybody to take the 60 day course.

      Now we got that out of the way it is time for the interesting part: The lab machines! At this point i only spend a few hours in the lab, which comes to about the 24h you need for the exam. At this point i targeted about three machines. results? Nothing! Remember that feeling i talked about earlier that you can hack the planet? This gets shot into a thousand pieces when you actually start on the lab. At first this got (and still does a little) me really frustrated and insecure about my freshly aquired knowledge, but then again, if it would be a walk in the park everybody would be OSCP certified.

      At this point i can identify most of the vulnerabilities that the machines have, and theoretically explain how to exploit them, but when i try the exploits that are discussed in the material in practice i always seem to find a little twist that makes it not work the way it supposed to. The frustration feeling i got with this experience quickly turned into motivation to try harder and get as far as possible in the labs. I got this feeling that once you have hacked your first one, the next few will come within no time, and guess what: i was right! After spending another few hours in the lab i managed to get into a few machines! I see that the difficulty of the machines varies from 1 click hacks to almost impossible. All i can think of now is that this is more challenging and most important, more fun then i could imagine! This is like playing around in the biggest playground there is, and get certified at the same time. Once you have experienced this you will never want to take a normal certification course again!

    • #33058
      hayabusa
      Participant

      Great job, j0rdy, and glad you’re progressing.  You’ll continue to have even more fun in the labs.  Something to be aware of, as you progress… There are a few, whose IP’s and names I won’t disclose (both because ‘we can’t’ and because that would take the fun and learning out of it for you,) that you’ll need multiple steps / exploits to truly beat.  Your challenge will be thinking of not only how to get that first access into the box, but how to move deeper on it, and root it / get SYSTEM.

      Be patient, think things through, and when in doubt, ‘talk it out.’  Sometimes that inner monologue, in your head, if you walk away from it for a bit, is the best thing for the situation.

      What I can say it this, having already passed the course and exam, I’m enjoying reading your take on it, and your descriptions of it all make this an interesting read.  Keep it up!

    • #33059
      Xen
      Participant

      Nice post, j0rdy. Looks like you’re finally getting your rhythm.

    • #33060
      Anquilas
      Participant

      I’m following your adventures in OSCP with great interest m8, keep it up and kick ass in the next 30 days!

    • #33061
      zeroflaw
      Participant

      You’re going a lot faster than me j0rDy. I’m at module 6 now and haven’t hacked anything with 31 lab days left >_<.

      Been enumerating enumerating and enumerating..lol. And spending too much time on exercises and extra miles. At least I’m decent at buffer overflows and exploits so I hope I can hack something soon.

    • #33062
      hayabusa
      Participant

      You’ll be there soon enough, zeroflaw…  Just be patient.  You’ll start exploiting the lab machines shortly, but make sure you clear some time to work on the labs, as, once you really get going, you won’t want to stop.

      Good luck, and keep us posted on your progress, too.  If I can assist, in some way, let me know.

    • #33063
      rattis
      Participant

      @zeroflaw wrote:

      You’re going a lot faster than me j0rDy. I’m at module 6 now and haven’t hacked anything with 31 lab days left >_<.

      Been enumerating enumerating and enumerating..lol. And spending too much time on exercises and extra miles. At least I’m decent at buffer overflows and exploits so I hope I can hack something soon.

      You’re further than I am zeroflaw. I’m still trying to get my lab built. I finally have all the hardware (got the last piece 2 days ago, but can’t do anything until I finish rebuilding the laptop for a 3rd time since I signed up for the class).

    • #33064
      hayabusa
      Participant

      chrisj…  what lab are you building?  The class lab is prebuilt.  Or is it just that you’re spending so much time on your personal lab, that you haven’t put time into PWB?

    • #33065
      rattis
      Participant

      @hayabusa wrote:

      chrisj…  what lab are you building?  The class lab is prebuilt.  Or is it just that you’re spending so much time on your personal lab, that you haven’t put time into PWB?

      Billv and I got the OSWP course, when J0rDy and zeroflaw got the OSCP. I only have 4 months to register for the exam, and I’ve blown too of them trying to get the lab together (we have to build our own).

    • #33066
      UNIX
      Participant

      hayabusa probably assumed that it’s about PWB, since this thread is about OSCP too. 😉

    • #33067
      hayabusa
      Participant

      I follow you now, chrisj (thanks for the clarification.)  I forgot that you’d said you were doing the OSWP.  I knew you needed your own lab for that (although I haven’t taken that course, yet.

      And yes, as awesec noted, I did confuse it, based on the thread topic…  😉

    • #33068
      zeroflaw
      Participant

      @hayabusa wrote:

      You’ll be there soon enough, zeroflaw…  Just be patient.  You’ll start exploiting the lab machines shortly, but make sure you clear some time to work on the labs, as, once you really get going, you won’t want to stop.

      Good luck, and keep us posted on your progress, too.  If I can assist, in some way, let me know.

      Hehe thanks. I think I’m read for some exploiting now. Just picking my targets now. A couple of windows machines seem easy. I will let you guys know when I hack something!

    • #33069
      BillV
      Participant

      @chrisj wrote:

      Billv and I got the OSWP course, when J0rDy and zeroflaw got the OSCP. I only have 4 months to register for the exam, and I’ve blown too of them trying to get the lab together (we have to build our own).

      Ha! At least you’ve registered. I haven’t even gotten that far yet. Should probably get on it…

    • #33070
      yatz
      Participant

      Hey j0rdy, just wanted to say you’re doing a great job with this.  I get the feeling that this is more than just an ordinary cert exam, which others have said but I didn’t really understand until reading this.

      Different certs have different weights, and OSCP certainly seems heavy duty.  Keep up the good work!!

    • #33071
      j0rDy
      Participant

      @ZF: i know what you mean, it is definitely more material then i initially thought. do not take it too light, and spend your fair share of hours on the material and in the labs. if you have any questions or whatever just send me a PM.

      @All: thanks for the support and i am glad you all find it worth your time to read my experiences with this cert. it is definitely more fun then i could ever dream of!

    • #33072
      rattis
      Participant

      @BillV wrote:

      Ha! At least you’ve registered. I haven’t even gotten that far yet. Should probably get on it…

      Wish I hadn’t. I thought I was good hardware wise, only to find out that wasn’t the case, and it took a while to get the hardware. I’ve also been having problems with my laptop (main machine), and that usually takes days to get back to proper working order.

    • #33073
      hayabusa
      Participant

      That always makes for a rough start… sorry to hear it, chrisj.  Keep me posted on how the OSWP goes.  I’ve been considering that one, too.

    • #33074
      Dutchie
      Participant

      When do we may expect the next update, or is the walkthrough come to an end?

      I liked the feedback very much!!

    • #33075
      hayabusa
      Participant

      I think there’ll be a bit more from him… hang tight.

    • #33076
      Dutchie
      Participant

      @hayabusa wrote:

      I think there’ll be a bit more from him… hang tight.

      Is the time-slot for the lab exercises that thight that there is no time left for a interim update, as promised!

    • #33077
      hayabusa
      Participant

      It’s a rough class, and does take a lot of your time, especially if you’re doing it around a full-time job, etc.  So I’d venture he’s been plenty busy, and thus, the delay in updating his thread / walkthrough.

      It’s hard telling where j0rdy’s at (I don’t know what he does with his non-course time – re: family, work, school, etc –  and he could’ve extended his time, too, depending on what package he signed up for.)  But I’m certain he’ll be adding more, as he concludes his time and / or takes his exam (with what he can give you, within the course / exam NDA)

    • #33078
      j0rDy
      Participant

      Here i am ;D

      and hayabusa is right, this course has taken a lot of my spare time which i at the moment rarely have (new job, trying to keep my family/friends happy etc.). but here is a new update!

      Quote:
      Hacking along and preparing for certification

      Ok, my labtime is officially over. I managed to get into about 60% of the hosts which leaves me with an unsatisfying feeling. If i knew the lab was going to be this big and hard i would have stared way earlier then i did now. i spend the first half working through the material which i could combine with playing around in the lab, but didnt. i suggest to start immediately if you want to get into the other subnets and make sure you get at least the 60 day course. The skill level of the lab differs from click and hack to complete manual procedures which makes it a pleasant environment to play in for everyone. You are certain to find a challenge regarding of the skill level you have prior to the course.

      this brings me to one of the most burning questions at the moment: how hard is OSCP and is it suitable for beginners? i would say NO. If you have no prior knowledge in pentesting/ethical hacking this will knock you down and leave you in the gutter. Unless you have aquired the techniques of hacking and know how to penetrate systems you will have a very difficult time to gain the knowledge required to do well in the labs. I’m not saying its wasted time, because you will learn (a lot!) and you have sufficient time, you probably will have a decent chance to pass. i found it hard to find time because of my new job which kept me pretty busy and i guess you will have occupations too, so keep that in mind. Compared to CEH, wait…what is there to compare? i thought about this a long time but i cant seem to find any similarities between the two courses. the only way to describe it is as followed: CEH: start talking it. OSCP. start doing it!

      At this point i am working on my report that you will need to hand in once the exam is finished. I am describing all the hacks i made within the labs and the exercises i made during the course. Remember to make it as complete as possible to make it look just as a real pentest report. I planned my exam somewhere next month, this give me some time to go over the material again and to put in some work on some of the extra mile challenges to make sure i completely understand all the techniques mentioned. i have no idea what to expect, but i am preparing for hell! wish me luck!

      Next up: Exam time!
      [quote]

    • #33079
      hayabusa
      Participant

      and there he is!

      Congrats on getting through your lab time, j0rdy! 

      My advice to you, now:

      Spend the next bit of time, as you said, cleaning up and preparing the final report.  What I’d recommend (without giving any specifics) is to template the sections, like you did for each host you did in the labs, into your appendix or section you’re going to use fot the exam machines.  Then your format for those is already prepared, and you can simply add your notes, screenshots, POC code, etc, to those, one you’ve gotten done with your 24-hour exam.  (Because, you have to remember, after the exam, you only have an additional 24 hours to submit the report.)  The more you have prepared in advance, the easier it will be to organize and submit your data, after exam day.

      Then, review a little, anything you had any questions on from the labs, and then relax until exam day, focusing your time on those other things that matter (job, family, etc) and let yourself wond down a bit.  Then, when test day arrives, you’ll be refreshed, and ready to settle in for your exam.

      One more thing I can tell you.  IF you approach the exam right, you can get your ‘passing score’ pretty quickly.  I passed within about 7 hours.  However, I went after the perfect score, since Ryan Lynn set such a high target.  I didn’t get it, but afterwards, found out I was extremely close to finishing, on the LAST machine in the exam.   Oh well, considering I was in physical pain throughout, I was pleased with my result!

      Good luck, and let us know when you schedule it, etc.

    • #33080
      Anquilas
      Participant

      Thanks for taking the time to update j0rdy!
      Great read as ever.

      Good luck on the final run, kick some ass! 🙂

    • #33081
      j0rDy
      Participant

      thanks guys! i know i am not 100 points material, but i think i can give myself a fair opportunity, even with my (limited) background. i cant wait to start on the exam, but on the other hand i really want to play in the lab a little more because i have learned so much from it and i want to learn even more!

    • #33082
      j0rDy
      Participant

      Last update before the exam!

      This is my last update before i will take the exam this weekend. It will be less informative then the previous posts i made but i want to give you all a view on how i stand thowards the exam, mental wise. i cant stop thinking about the score hit monkey got on his first try. I believe we are skillwise pretty equal. Giving the fact i am only in security for about 1.5 years now, i almost cant believe how far i already came, but the big question is will it be enough? i really want to pass the exam just to prove i learned all these skills and that i can put them in use.

      At this moment i feel pretty confident about the knowledge i have optained. The one thing that worries me most is the time window in which i have to operate. Because i am on almost the other side of the earth, none of the starting times are great. You have the option of choosing several starting times going from 4pm to about 22pm. This means you will have to pull an all-nighter, no matter how good you are. This gives the whole experience a nice ring to it though. Pulling an all nighter just like real hackers do in movies. Can you imagine the dark room, lighted by just a computer screen, and the only sound you hear is the soft thicking of the keyboard and the brain cracking of a hacker that is working his ass off to get that root-shell? just thinking about it makes me all hyped up to get stared! Luckily i took a day off (sort off) so i can prepare myself for this. i’m planning on getting plenty of food and drinks (caffeine is your friend is such situations) so i dont have to waste any time on less important things like if i have enough to fuel my body for this experience.

      After practicing in the labs i found out that if i really put myself to it, i can hack most of the hosts without any real problem. The only thing is that when i do, i dont have a time limit in which i have to finish. Some of the hosts took me a really long time because of the extra knowledge required to make the actual hack. Luckily not everything is chewed out so you really have to think on your own to achieve the result wanted. Because of my slim pre-knowledge this takes me longer then with someone who has more experience. the best advice in these situation IS just to try harder. In the end i get there, but with significantly more time and effort. I think time will be my biggest enemy. Wish me luck and i will post my post exam experience when i’m ready to do something else besides sleeping.

      Next up: ???

    • #33083
      ziggy_567
      Participant

      Good luck! And keep that positive attitude. You’ve proven you can do it in the labs….

    • #33084
      caissyd
      Participant

      I wish you all the luck j0rDy!

      My background is all about developing web applications. If yours is server administrator, it should help you in the exam.

      Remember a few things. Each machine in the lab are worth different points, but for me, the “easiest” machines turn out to be the hardest… This is obviously due to a lack of experience on my part, but just don’t be afraid to tackle the “big” ones.

      That being said, you may get a totally different exam then mine was, but still…

      Also, you will have a little bit less than 5 hours per machine. So take your time (yes, you will be awake all night!) and be careful not to do stupid mistakes toward the end. I mistyped an IP address after 22 hours into the exam and it took me almost 30 minutes figure it out… (yes, I was getting really tired!).

      Finally, read your scan results properly. Something I didn’t do for 2 machines!!

      But hey, this can be done by humans!!!  😉

      Good luck, I will be looking at your result.

    • #33085
      Anquilas
      Participant

      You sound as prepared as you can be J0rdy, so just go for it 🙂
      We’ll be here cheering you on, let us know how it went afterwards!

    • #33086
      impelse
      Participant

      I like these tips. I am still studying for eLearnsecurity and sometimes I study the metasploit-unleashed from Offensiv-security to sharp my skill and when I pass those exams (yes CEH too) I will shoot OSCP

    • #33087
      MaXe
      Participant

      Don’t forget to take (short) breaks too  😉 If you don’t take a small break occasionally you will probably overheat your brain and you may end up in a deadlock. I know there is a big stress factor that you shouldn’t eat, relax, or take long breaks while you’re doing the exam because it’s running and you need to get the right amount of points.

      But if you’re going in circles and you need fresh ideas, take a short break (perhaps a walk outside to the nearest store for refreshments you want and need) and think creatively about how you can solve the problem even though it may seem impossible it is not.  😉

    • #33088
      zeroflaw
      Participant

      Good luck j0rDy! r00t those boxes!

    • #33089
      j0rDy
      Participant

      I got Pwnd…

      No seriously…like a script kiddie. I cant really figure out what happened. Maybe it was the long night, the fact i was more nervous then a bouncing toothpick, or perhaps just lack of skill? Anyway the mail was right on time, i logged in, started on the first host and bam! 5 hours gone. I was almost there but decided to let it go cause time was ticking. i went for the other hosts where i pretty quickly got a shell on one of them, but spend hours to make it a root one. No luck. The other hosts were just playing with me. I found several vulnerable services, but somehow i couldnt get that shell. And then, time’s up. I got nothing! No shell, No exploit that worked for me. Perhaps this was where my lack of programming skills came in. I spend too much time figuring out how to make the exploits run, let alone if they worked. I feel defeated, almost humiliated. Even though somewhere i keep thinking wow, i cant believe how much i have learned in the past couple of months. At this point im having trouble to be entheusiastic about it, but thats just to blame on the exam results, and the 3h sleep i got.

      I expected it to be hard. Heck, i was even sure i would need all the luck in the world to pass, but this result left me bedazzled. I guess this closes the ever ongoing CEH vs OSCP debate. Even if you can pass the CEH exam with two fingers up your nose, OSCP is a whole different ballgame. this certification truely separates the men from the boys.

      the positive thing about this is that now i know where my weak points are. i will work on them first, expand my skills further, become more knowledgable and eventually i will succeed. i have never given up on anything in my life, and this will not become my first. I feel there is no point in taking the exam again any time soon, but when i feel i have progressed both skill and time wise, i will be ready for the biggest challenge of my life once more…I wish we could end this walkthrough with better news, but hey, guess i just have to: try harder…

    • #33090
      hayabusa
      Participant

      Here’s a tip for you, j0rDy…

      If you got even semi-detailed scan results from the exam, or have versions of specific software you came across on the targets, see if you can’t setup some of those in a lab, on your own, and spend some time on them.  While you may not have found many / all, you can grow, simply by setting up what you DID see, and working to figure out how to nail those programs / services. 

      I’m sorry to hear you had a rough go of it.  I’ve been talking to several folks who didn’t pass on first attempt, and it seems this latest version of OSCP is challenging for  ‘almost’ everyone I’ve chatted with.  I’m glad, though, that you’re looking at the bright side, and realizing what you HAVE learned and taken away from it, so far.

      Remember, too, that IT security / pentesting is a never-ending learning experience.  You’ll see folks like me, sil, Ketchup, former33t, don and others regularly posting about what we’re working on or learning, currently.  It never ceases to amaze me, how much new and fun stuff there is to achieve in IT.  That’s what drew me to the field, to begin with.  And the security aspects are literally the ‘icing on the cake,’ for geeks like me.  😛

      Just keep studying, attempt some things on your own, similar to what you saw in the labs, and grow.  Either way, you take a lot from the experience.  (Although, I’m sure you’ll keep with it until you pass, and I commend you for your hard work and dedication to it, moving forward.)

      Take care, and keep us posted, as to how you proceed, and feel free to ask questions.  That’s what we’re all here for!

    • #33091
      j0rDy
      Participant

      little addition:

      I was thinking about what i have accomplished within my “career” as a security professional. Giving the results i got within the labs (got 19 out of 29), I’m quite happy with what i have accomplished and the progress i have made within the last couple of years. Come to think of it, 2 years ago i hadn’t even heard of penetration testing, vulnerability scanning. I didn’t even knew Backtrack, let alone finding vulnerabilities and compiling exploits for it. Not even within my wildest dreams i could think that at this point i would be struggling with buffer overflows and actually know what i am doing. This has been a huge eye opener for me that i have progressed a lot within these years, and that i am heading in the right direction of the skill level i want to achieve. I think it is impossible to get to a certain level within a specific amount of time, no matter how good you are or how bad you want it. This motivates me even more to become one of the few that are skillful enough to obtain the OSCP certificate. Giving this i am happy and consider myself blessed that i was able to experience this course, even with the horrible exam result.

    • #33092
      caissyd
      Participant

      Hi j0rDy,

      If someone here understand what you are going through, then I think it is me…

      The other hosts were just playing with me. I found several vulnerable services, but somehow i couldnt get that shell.

      I had the same feeling as you. I spend hours trying to exploit “big and obvious” vulnerabilities without success… At one point, I thought they were playing games with my mind by blocking these “obvious” holes somewhere else. I am sure you know what I am talking about… The exploit should have worked!!!  😛

      I’ve been talking to several folks who didn’t pass on first attempt, and it seems this latest version of OSCP is challenging for  ‘almost’ everyone I’ve chatted with.

      It also seem the OSCP v3 exam is tougher than ever…

      I, like you j0rDy, pwned many boxes in the lab. But, from my humble point of view, they were “easier” than the one in the exam. First, about ten of them related directly to an exercise from the videos or the PDF. The other ones were harder, but generaly speaking, with 2 or 3 hours of effort, you could succeed getting root/admin.

      But I painfully realized that the exam required more experience than what you could get with the course. At least, that’s my opinion. But this isn’t a bad thing, far from it! The course doesn’t teach you at all how to escalate privileges, find your way in all these OS, what tools or script we need to have and how to “put it all together”. But again, that’s a good thing! We have to take what we have learn and do the extra mile all by ourselves.

      But I would I love to have an exam simulation in the lab. For example, if machines 192.168.12.245-192.168.12.249 were representative of the exam. That would have opened my eyes wide open before the exam. But on the other, the exam retake isn’t expensive at all ($60), so it isn’t that bad I guess.

      One last thing j0rDy, it shows everyone here on this forum that we did the exam all alone and that we aren’t cheaters!  😉

    • #33093
      hayabusa
      Participant

      Interesting thoughts, H1tM0nk3y…

      I’ll lend a couple more words…

      First, as you guys are aware, the entire objective of OSCP is to throw you into uncharted waters.  The course it designed to teach you to enter unknown environments and situations, and work / adapt your skills and techniques to overcome the challenges presented.  So, to that end, it really wouldn’t be right to ‘too closely’ simulate the exam machines, in the labs.  There were machines in the labs that made you think, and a few that I never, personally, got through.  Case in point, it gave me the drive to push harder, and prove to myself that I was capable of pwning those boxes.

      Second – you’re absolutely correct.  By failing, even though that disappoints you, you’ve proven to others that you DID undertake the exam, alone, and that you haven’t cheated to pass an exam.  This exam isn’t open book / memorization for a reason.  It sorts out the ‘paper’ certifications from the ‘hands-on’ ones, and shows you’ve worked to develop yourself and your skills.

      Congrats with what you’ve accomplished, and continue to work towards the end goals.  You WILL pass the exam, if you continue to focus, study, and learn.

    • #33094
      apollo
      Participant

      I agree with hayabusa, you should feel good with what you’ve learned and how far you’ve come.  The OSCP isn’t an easy test, and the fact that you got part of the way there is def an achievement.  You should try to setup some of this stuff in your own lab, and do the bonus questions from the class.  I learned a valuable lesson while doing the bonus questions: It’s not as easy when you can’t follow along what to do.  I spent a lot of time on the extra boxes to own in the lab, which helps a lot for the exam.  These bonus boxes are especially nice as a few of them require you to figure out what to use for priv escalation etc, which is something you don’t want to spend a lot of time on once you’ve already gotten a shell.  Congrats on how far you’ve come, don’t give up 🙂  Although “Try Harder” is sort of a bitchy motto, it’s pretty applicable to this type of stuff.  There’s a whole ton of apps that you can re-create the exploit writing stuff on, and setting up redhat 9 boxes in virtualbox is cake.  This is a great community, and maybe the right place to start working on some sample configurations for ownable boxes so that people can practice this stuff in the privacy of their own PC.  Good luck on your next shot 🙂

    • #33095
      caissyd
      Participant

      @hayabusa wrote:

      There were machines in the labs that made you think, and a few that I never, personally, got through. 

      You are right hayabusa, I didn’t pwn every machines in the lab, but I succeeded with the ones I tried. I just ran out of time for the other ones. I reach the Executive Network, but just when I was running out of lab time…

      I have alreay spent way too much money on lab times (around 150 days althoughter). But I really used about 80 days, the rest was wasted because of personnal reasons (grrrrr). And since I registered just before v.3 was released, I have spent a bit more than $2000 on PWB so far… But that was well spent money!!!

      I am now focusing on my own lab, working on my weaknesses for the next OSCP attempt!

    • #33096
      hayabusa
      Participant

      Sorry for the expenses getting to high, but glad to see the emphasis and good-spirited attitude live on.  Good luck, and go get ’em!

    • #33097
      mambru
      Participant

      I wanted to share that after sitting for 2nd time for the OSCP challenge I finally beat it. Though I didn’t get a perfect score, I feel quite satisfied with the results. It was a unique experience that I enjoyed until the last minute.

      M0nk3y, I’m sure you’ll make it next time, you’ve worked very hard on it. Best of lucks!!

    • #33098
      caissyd
      Participant

      Thanks mambru!

      I wonder what is the success rate for the first time attempt of OSCP v3? Was version 2 “easier”? I guess no one can tell…

      In a way, I kind of hope it is harder now. Bring it on!

    • #33099
      Anquilas
      Participant

      It’s a pitty to hear J0rdy, just as it was with H1tM0nkey, but hell, seems like you learned huge amounts and got a lot out of he experience. Nicely done!

      Following you guys while taking the OSCP is quite inspiring, thanks for sharing all that info!

    • #33100
      zeroflaw
      Participant

      Aww that sucks j0rDy! I think this course is a bit too hardcore for the not so experienced people. And actually I’m getting a bit sick of that “Try Harder” stuff. This course would be much more valuable with a few hints here and there.

      Some machines were really difficult for me. I’ve tried harder and much harder but it just wasn’t enough. Then luckily I did get a hint for a fellow student, and I was able to hack the machine. Maybe it was a bit of a spoiler but I really learned something from it.

      My exam was supposed to be today but due to some personal and work related issues I had to re-schedule it. It’s set for the 30th of October, which gives me plenty of time to prepare. I’m pretty sure I’m not going to pass though, but hey I learned a lot, and I’m going to keep learning.

    • #33101
      caissyd
      Participant

      I’m getting a bit sick of that “Try Harder” stuff

      Man, I am with you on this!!! I am all for if I figure it all by myself, I will remember it for ever. But when you have spent 5 hours on one little thing and you still don’t have a clue what the answer is, then someone should be there to give you hints.

      The only hint I’ve got from an instructor is: “the solution is simpler than what you think it is”. This helped me a lot actually because he basicaly told me I was looking at the wrong place. To me, this fit in the “Try Harder” mentality and it still helped me. But that’s it, I haven’t got any more help…

      Maybe they should have a spoiler section in their forum with hints for each lab machine of let say, the student network (but not the dev, it and admin networks). I would have personaly love to have “incremental hints”, the first hint being very vague and the last almost giving the answer. Something like WebGoat does very well! By giving hints on the student network only, I would have learn a ton of things much faster and I could have “Tried Harder” on the other three networks.

      Also, maybe the Offensive Security team should list things that aren’t addressed in the course material but are required in order to pass the exam. It is totaly understandable that they can’t teach everything in their lab, for example what an IP packet looks like, how to create a user on Windows 7, etc. But having a list of OS that we need to be confortable with, a list of techniques we need to master, etc, would have helped me a lot. This way, before the exam, if you know that you don’t have a clue about two or three things listed, you can research them and be more prepared.

      If the goal of the OSCP certification is to demonstrate you have learned and understand the majority of the course material, then they should do that. But if they want to certify people that are already expert in this field and may or may not have taken the course, then it is a different story…

      I’m pretty sure I’m not going to pass though, but hey I learned a lot, and I’m going to keep learning.

      zeroflaw, don’t get discouraged by mine and j0rDy’s experience. I am a web developer and I almost passed! Did you hack many machines in the lab? If you are not sure, postpone the exam. And worst case scenario, a second attempt on the exam is time consuming, but cheap. And like you said, we have all learn so much so far, so it can’t be wasted time.

      Good luck zeroflaw!

    • #33102
      hayabusa
      Participant

      While I understand your logic, guys, I think of it this way…

      If they gave you tons of hints, and step-by-step or even incrementally simpler ideas to work from, they’d decrease the difficulty of things.  The idea is to make you think like a hacker, and it’s not like they’re going to give you ANY “gimme’s” on the exam.  I can tell you, for instance, that NONE of the machines I compromised in the lab were the same as the exam ones.  Similarities, maybe… but not the same.  So you’re going to be challenged on the exam, too, and there are reasons for that.

      This course and exam are NOT for folks who don’t want to work for it.  I commend you, because I know you both ARE working for it.  The simple fact is, though, that if they kept hinting, etc, that takes away from the need to find answers for yourselves, which is what you’ll need to do on the exam, and what you’ll do in a real-life pentest.  I’ve not been in many real scenarios where I had enough time built into the scope to just start asking others to help me figure it out.  (Sure, for areas I’m not as good in, and so I have a team setup, with folks who are skilled in those areas too.)

      Point is, if they had too many of the “gimme’s”, what would separate their course / exam from any of the other security certifications out there?  Yes, one difference is that their exam is a practical, hands-on exam.  But if they gave you too much help, along the way, then the course might as well be a written exam, as you’re then working from more of a ‘book knowledge’ scenario, rather than a practical thinking one.

      Like I said, I understand your thoughts, and at times, I entertained the same.  But in the end, after I achieved the goal, it was much more rewarding to me, realizing I had been the one who had to really work, study, research and push myself, to reach the goal.

      Here’s another example (true story from my life):

      I was born with physical defects in both feet, and struggled through my childhood and teen years with pain, walking, as a result.  In high school, I was fortunate enough to be chosen by the Shriner’s Hospitals, who provided me with foot surgeries on both feet, free of charge to my family, who otherwise, couldn’t have afforded them.  My senior year, I ran cross-country and track, and wrestled, and felt a feeling of accomplishment from those, under the circumstances that I’d had surgeries as little as 6 months prior, and had NEVER run any distance, before that. 

      Upon graduation, I set my sights a little higher.  6 months after graduation from high school, I ran the Chicago Marathon.  While not any sort of professional runner, my time wasn’t even ‘competetive’, but in the end, I DID complete the race, in the time allowed.  Point of the story is, if you’re willing to put the time in, and overcome obstacles in your way, you can do things that everyone else wouldn’t expect you to do, even if ‘everyone’ includes yourself.

      Overcome challenges, beat the odds, and live life to it’s fullest.  Don’t give up because things are tougher than you’d like, and give your all to achieve your goals.  Just as I’d done with the marathon, you can do the same with your OSCP.

      Good luck, and as always, keep us posted on how things progress with it, as you keep going after it!

    • #33103
      dante
      Participant

      @hayabusa wrote:

      Here’s another example (true story from my life):

      I was born with physical defects in both feet, and struggled through my childhood and teen years with pain, walking, as a result.  In high school, I was fortunate enough to be chosen by the Shriner’s Hospitals, who provided me with foot surgeries on both feet, free of charge to my family, who otherwise, couldn’t have afforded them.  My senior year, I ran cross-country and track, and wrestled, and felt a feeling of accomplishment from those, under the circumstances that I’d had surgeries as little as 6 months prior, and had NEVER run any distance, before that. 

      Upon graduation, I set my sights a little higher.  6 months after graduation from high school, I ran the Chicago Marathon.  While not any sort of professional runner, my time wasn’t even ‘competetive’, but in the end, I DID complete the race, in the time allowed.  Point of the story is, if you’re willing to put the time in, and overcome obstacles in your way, you can do things that everyone else wouldn’t expect you to do, even if ‘everyone’ includes yourself.

      Overcome challenges, beat the odds, and live life to it’s fullest.  Don’t give up because things are tougher than you’d like, and give your all to achieve your goals.  Just as I’d done with the marathon, you can do the same with your OSCP.

      Feeling deeply inspired!.. This is definitely gonna end in a shell party..

    • #33104
      caissyd
      Participant

      Thanks hayabusa, I know what you say is true. I don’t want to give up on things, far from it. I just have other things in my life and there is only so much hours in one day…

      Like the story about your feet (congratulations by the way!!!), what does not kill you, makes you stronger!

      I have to go, my two daughters are waiting for me!

    • #33105
      hayabusa
      Participant

      Yeah, H1tM0nk3y…  Family DEFINITELY always comes first!  I understand hours in a day, all too well, myself, right now.  Take care, and keep after what you want!

    • #33106
      j0rDy
      Participant

      first of all, thanks for all the replies! i am currently moving on the the same pace as i was before the exam, so still working hard to get myself prepared for a retake of the exam (which is the reason i am not that active here right now).

      i can relate to all the comments posted, especially the try harder slogan. i just want to point out one thing, and that is that the whole essence of the course is to learn. and i get the feeling that they sometime forget that people start this course to do so, and may have slim to no prior knowledge to lean on. from this point of view it would be at least “humane” to provide the knowledge needed. i understand that it should not be handed on a silver platter, but some form of help (in the form of hints/pointers, or even the complete answer for people who just want to know) would be greatly appreciated. i think it is doable to provide an exam that filter outs the “cheaters” and keep the level of quality it has now.

      Anyway like stated before, i am not even thinking about giving up. i am working as hard as possible to pass the exam, but like Hayabusa said, family comes first (and they have put up a lot since the start of the course, believe me). I have already made some pretty good progress, so i hope to finish this one before the start of 2011.

    • #33107
      apollo
      Participant

      j0rDy, I can relate to your feelings on doing the “humane” thing.  Based off of my experience, if you have gotten all of the boxes in the lab, then you probably can get a passing score on the exam.

      I figured out something interesting about offsec courses doing the “Cracking the Perimeter”/OSCE content over the past month.  While they certainly don’t hand you answers, you typically have what you need. 

      You are going to hit places where you are like “what the hell do I do with this”.  It seems that in most cases, the answer is to approach it like anything else you will find.  Go through the basic steps: scanning, enumeration, etc etc.  You will find what you’re looking for, then you just have to figure out what to do with it.  Google is your friend, I used it a bunch in both the exams I have taken.

      This may sound odd, but one thing that I figured out a bit later than I would have liked is that following along with the lab manual is not the same as understanding what happened.  I would suggest that before you take the test, try to do all of the exercises in the book without referencing back walk-through in the class.  If you can do those without looking, you are probably well on your way to being where you need to be. 

      I didn’t realize that I relied a little bit too much on the book for something until it showed up on the exam.  After about 6 hrs of grinding through something that should of taken me 2 hrs, I finally really understood what was going on.  I just wish I had tried to do that exercise without the notes once to help me know how far off my actual knowledge of it was. 

      The forums are great as well, if you haven’t checked out the OSCP forums, you should do so.  There are some great gems there from people who have had the same questions.

      As for “Try Harder”, it really isn’t about trying harder.  Stand up, take a break, walk around the block, do something else for 10 mins, whatever.  Come back, see if anything has changed.  You probably know enough to get you started on the way there, and just have to find the piece that you’re missing.  I know on both OSCP and OSCE, taking the dog for a walk when I got frustrated made a huge difference.  At one point on the OSCE I actually hit a point where I was relatively confident I wasn’t going to get the answer.  I took the dog for a half hour walk, watched tv for about 15 mins, came back again and had a plan for how to tackle it.   

      You only have 24 hrs for the exam, but don’t be afraid to take a break and do something else for a few mins. In most cases, you’ll get way more done when you  come back.  If nothing else, work on a different problem for a few mins. 

      Anyway, hope this helps some.

    • #33108
      hayabusa
      Participant

      Great advice apollo.

      Have been meaning to ping you off forum (send you a personal message).  Want to get an idea from you on how the OSCE went, etc, as it’s on my ‘to-do’ list, now.

      I’ll ping you when opportunity permits (or feel free to PM me on here, too, if you have thoughts for me, in advance.)

    • #33109
      caissyd
      Participant

      Wow, thanks Apollo (and hayabusa too)!

      You have brought some “freshness” into the discussion. In the lab, I made it to the admin network, just to run out of time hacking any of its machines. I will give myself another week of break (read: working on my roof because it’s leaking!) and I will get another month of lab.

      Hayabusa and Apollo, you are inspiring!  ;D

    • #33110
      dante
      Participant

      @apollo wrote:

      j0rDy, I can relate to your feelings on doing the “humane” thing.  Based off of my experience, if you have gotten all of the boxes in the lab, then you probably can get a passing score on the exam.

      How about perfect score ? Do you think this course needs experience in order to achieve perfect score?

      Your OSCP writeup was detailed and gave a very clear idea. Looking forward to your OSCE review, if you plan on giving one..

    • #33111
      hayabusa
      Participant

      I don’t necessarily think experience was necessary, for those whom I’ve spoken with, who passed with perfect scores (note: I was NEAR perfect, just missed my final privilege escalation attempt on the final box in the exam.  But I’m not bummed about that.  I spoke to another guy that works with me, who got all 5, literally, last night.)

      I think, as apollo noted, the Offensive guys DO give you what you need, in the course and labs, to pass, if you truly set your mind to it, and give it the time,

    • #33112
      apollo
      Participant

      I’m working on the OSCE writeup right now.  I hope to have it done within the next week or so.  It was a heck of a course.

      I got all the boxes on the OSCP.  To get a perfect score, from my experience, you need to understand everything you did from the course well enough that you are only going back to reference commands and not techniques.  I did not get all of the “extra” boxes that you discover in the lab that aren’t part of the normal IP range.  If anyone gets all those let me know the next conference we’re at together cause you deserve a frosty beverage of your choice.  The OSCP makes you think a little beyond the class, so if you just follow the steps you’ll find what you need to do, and then the extra thought comes from the actual execution.  The OSCE is the same way.  Figuring out what to do is fairly straight forward, figuring out how to do it is where you have to take what you’ve done in the labs to the next level.  

      I am not a professional pen tester.  I do some of it as part of my job, but I spend probably about 5% of my time doing pen test related things.  My background is in unix sysadmin and security, and I have taken a pen testing class before but nothing as thorough as the OSCP.  I finished the OSCP in about 8 hours with all but one box popped by hour 5.  The last 3 hours were all spent on the one box i had left with half an hour of World of Warcraft stuck in between.  The 30 mins of WoW were what made all the difference as after I took a break I figured out what to do next pretty quickly.

      So .. if I didn’t say it before.. in both the OSCP and OSCE breaks made all the difference.  I actually took a few hour nap in OSCE and it made a huge difference.    

      Ok, last tidbit of stuff that helped me.  When looking for exploits, whether remote code execution, privilege escalation, or whatever almost everything you need is going to be on the bt4 cd.  The search script through the archives is nice, but it made me spend way more time than I needed in most cases.  Frequently grep got me exactly what I needed cause some people have stuff in the code that is really helpful.  For instance, if you have shell on a RedHat 6.0 box and you are looking for privilege escalation for that, just try ‘grep -ri “Redhat 6.0” platforms | grep local’ .  From there you can figure out what each thing does.  If you’ve tried other stuff and it didn’t work, that really helped me.

      Good luck!  The fact that you have gotten this far and are still going means you will get it, it’s just a matter of a little more practice.  If you have areas where you feel you are weak, let us know and we can maybe make some more recommendations.  

      I still wanna talk with some folks to come up with some good test builds for vms to use for pen-testing practice.  If folks are interested in working on this with me, drop me an email or PM.  I typically do most of my demos with XP SP0, but am eager to add some other vms to my standard arsenal.

    • #33113
      caissyd
      Participant

      Ok, last tidbit of stuff that helped me.  When looking for exploits, whether remote code execution, privilege escalation, or whatever almost everything you need is going to be on the bt4 cd.

      Are you kidding? I spent countless hours on the internet looking for exploits!!!  :'(

      I really need to go back to the lab and search this “/pentest/exploits/exploitdb/files.csv” more…

      BTW apollo, did you do OSCP version 2 or version 3? I am curious to know the difference in difficulty between the two.

    • #33114
      apollo
      Participant

      I did v2.  I haven’t seen the content for v3 so no idea on the comparison. 

      I will look back at my leo files, but I don’t think I used any sploits off the web.  I think everything I used was milw0rm or exploitdb.

    • #33115
      UNIX
      Participant

      Already looking forward to your review on OSCE, apollo.

    • #33116
      ssherei
      Participant

      so i got my OSCP 😀 at last great course fun and the learning curve is amazing
      whats the possibility of finding pentest jobs using OSCP ?

    • #33117
      impelse
      Participant

      Where is your area?

    • #33118
      ssherei
      Participant

      middle east but i was actually wondering if i can get a job outside my area

    • #33119
      j0rDy
      Participant

      *just a post to hijack the threat back…

      Im still working on this, and i will not let it go until i pass. Currently im starting to go over the course material again and see if i can reflect it to the steps i took during the exam. I will post a real update when i find the time to do so. I will keep you guys updated!

    • #33120
      impelse
      Participant

      Good kee going.

    • #33121
      MaXe
      Participant

      @j0rDy wrote:

      *just a post to hijack the threat back…

      Im still working on this, and i will not let it go until i pass. Currently im starting to go over the course material again and see if i can reflect it to the steps i took during the exam. I will post a real update when i find the time to do so. I will keep you guys updated!

      Check out these books from Syngress too:
      – The Metasploit Toolkit (may seem a bit outdated)
      – The Penetration Testers Open Source Toolkit vol. 2 (highly recommendable)

      Also if you don’t know a scripting language, learn Python or Perl, or perhaps Ruby and then a Web Application language like PHP as well. That will help you a lot  🙂

      The most important thing you need to do, is to find out why you possibly failed if you did, and then know what you need to improve on accurately and then take your time to learn this area a lot more, even if you already know it.

      Anyway, good luck 🙂

    • #33122
      xcircusmusician
      Participant

      Does anyone have advice concerning the tools involved in the OSCP certification?? Thanks in advance!!!

    • #33123
      hayabusa
      Participant

      Not a lot we can really give, except to say, every tool needed IS in BackTrack, as well as many you wont’ need.   sorry.  NDA for the class (non-disclosure) doesn’t really let us say much more.  The only other thing I can really say is, get really comfortable with doing tasks by hand, as there are times when you’re forced to use the basic tools, rather than, say, the vulnerability scanners /  db_autopwn, etc.

      Good luck!

    • #33124
      sil
      Participant

      I always thought autopwn was a no no. Anyhow, I say, familiarize yourself with the attack vectors and canvas. Once you understand what you’re attacking, you’ll soon be able to determine which tool is suitable. Remember, if you’re without a hammer and need to drive in a nail, you could always use the opposite end of a screw driver if you have the right aim, practice.

      Don’t focus on tools too much, focus on understanding what is occuring during an exploitation. Once you get this down to a science, you’ll know which tools to use and why you may need to understand them all as well as understand the attack vector/canvas.

      Tip: Why use a webscanner like nikto all the time when you could use a combo of sleep, links and a dictionary? Most webapp scanners are brutally noisy.

      E.g.:

      cat /your/directory/of/wordlists/directorynames.txt
          while
                read word
          do
                links -dump http://target.com/$word ; sleep 30
      done

      Get the picture? Something like this is LESS likely to trigger alerts, still functions similar to something like dirbuster and accomplishes directory enumeration. Its all about what your target is, what your goal against that target is, and what is available to you to attack it.

    • #33125
      MaXe
      Participant

      Sil: Nikto does more than request website directories. It also checks the HTTP options and reports them (especially if TRACE, PUT, etc. is found), it even tries to send some custom http headers you may forget to try.

      I should however note, that I don’t use Nikto alone. It’s good as an assistant tool and there are some evasive options (and most likely timing options too) you can use, but for a primary tool it’s not good enough though as previously mentioned, as an assistant tool it’s perfect at least for me. It does however, create a lot of noise too, but not more noise than Owasp Dirbuster, that one creates a huge overhead.

      Also, the default user agent of Nikto, contains the word Nikto. So if you just fire up Nikto without altering anything, some websites will deny you access. (Based on user agent.)  🙂

      I’m glad you explained the use of bash scripting to the other viewers of this thread as well, it’s useful to know  😉

    • #33126
      sil
      Participant

      @MaXe wrote:

      Sil: Nikto does more than request website directories. It also checks the HTTP options and reports them (especially if TRACE, PUT, etc. is found), it even tries to send some custom http headers you may forget to try.

      😉 I know this. One of my friends created one of the first generation scanners of its (Nikto) kind – Whisker. I was using Nikto an example about relying and or focusing solely on tools: http://www.infiltrated.net/pentestingextended.html when it comes down to it, I prefer curl + POST/GET + shell scripts see: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5851.msg31013/topicseen,1/

    • #33127
      j0rDy
      Participant

      Time to hijack my threat back 8)

      Exam retake time…

      Quote:
      lets cut the crap about how nervous i was and uncertain if i would finally make it: I PASSED! i cant describe how happy i am that all that hard work finally payed off. i did a lot of research on the parts i messed up the first time, and after a lot of reading, practice and hard work all my effort got me where i wanted to be, an OSCP.

      Like i said before, time was my greatest enemy. it took me a heck of a long time to get the steps that i wanted to take to the commands to get them done. when i stumbled upon a nasty twist it just took me too long to figure it out, and that is mainly to blame on the fact i’m quite new to the game. I really enjoyed every minute of it. It is a great course where you will learn more then any other certification course, for sure. The material is clear, to the point, very well understandable for all skill levels and i recommend that if you decide to only do the exam, to take the course just to get an idea of what you can expect. Besides that it is just plain fun to play around in a lab like that. The only remark i have is that the exam could be a little bit more in line with the course, cause some techniques i needed in the exam were not mentioned in the course. After all an exam is to test if you see if you master the material. However, you should be prepared to take the exam journey alone, cause no matter how hard you will try, nobody from the forums or IRC channel will help you, no matter how hard you try 😉

      I am hooked on the way offensive security makes you think and work on your own. i discovered you can talk all you want about tools, techniques and hacking in general, you will only truly master it by doing it. i hope you had as much fun reading this as i had writing it, and do not be afraid to ask any questions about the course and exam. I would like to thank the guys at offensive security for this wonderful experience that i will stay with me forever, the admins at the IRC channel for being patience with me and leaving me all by myself in that pit full of lions, snakes and other animals you do not want to be alone with, and last but certainly not least, EH.net and in particular Don, for making all this possible for people like me, and by that i mean all of us. Thank you.
      [quote]

    • #33128
      caissyd
      Participant

      Congratulations j0rDy!!!

      Persistence is the key! You finally got the knowledge (and the cert). Great jobs for not letting go!

    • #33129
      ziggy_567
      Participant

      Congratulations!

      Its time to update your signature!

    • #33130
      hayabusa
      Participant

      Congrats, and welcome to the ranks!  BTW, read the internal forums on offensive, for those who are certified.  There are plenty of tips and differing ways folks accomplished the exam machines, and there’s always more to learn and discuss.

      Again, congrats!

    • #33131
      rattis
      Participant

      Congats.

    • #33132
      j0rDy
      Participant

      Thanks!

      @ziggy_567 wrote:

      Congratulations!

      Its time to update your signature!

      Woops, guess i forgot something in my over-excitement  8)

    • #33133
      UNIX
      Participant

      Congrats, j0rDy. 😉

    • #33134
      alucian
      Participant

      Congrats!

      I finally decided to fo it, too. Hope I will start in two weeks.
      My wife will kill me, my kids will hate me but… I’ll be happy  🙂

      I give myself 2 1/2 months to do it. Hope I am realistic.

    • #33135
      hayabusa
      Participant

      Assuming you have ANY comfort in Linux, at all, and are determined to succeed, 2 1/2 months should be enough time.  I can’t guarantee it, as I don’t know your ability to self-learn, etc, but if you’re comfortable self-studying, you should do alright.

      Good luck, alucian.

      PS – I sympathize on the wife and kids…  btdt htts (been there, done that, have the tee shirt)

    • #33136
      tturner
      Participant

      Which is why I haven’t done it yet myself. When I get home from work I have a limited amount of time since I work fairly long hours, have an hour-long commute one way (which is great for listening to security podcasts btw), wife and 2 small kids (infant and toddler) and am finishing up my B.S. degree this semester that I procrastinated on forever. Oh and working a 2nd job too as a consultant for a state agency doing security research but there’s no set hours (usually log 10 to 15 hours a week) and I work from home on that one.

      I can do a lot of this kind of stuff during work hours but they have not accommodated all my lab requests yet, including a dedicated cable modem, but I’m hopeful this can happen soon. Allowing me to VPN from our network to the Offsec network will not be happening, EVER. And honestly that’s how I want to keep it.

      I typically spend about 5 to 10 hours a week on developing skills in my lab. Would that be sufficient or would I likely need more time than that? I could probably shift things around and get another 10 hours in over the weekend if I had to, but probably not every weekend.

    • #33137
      cd1zz
      Participant

      tturner

      I would recommend using the offsec labs. Setting up your own labs gives you an advantage since you know what you installed etc. Using their labs, you’re exposed to things you know nothing about and which you have to figure out. This is half the battle. I blogged about my experience here if you want to know what I think in detail: http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html

    • #33138
      tturner
      Participant

      Thanks cd1zz. That’s my issue, can’t use Offsec labs at work (not until I get separate internet connection for my lab so I can connect to their VPN), and don’t have time when I get home. At least not yet. That’s why this one keeps getting delayed, which is too bad because it seems to be rising in demand quite rapidly.

    • #33139
      AndyB67
      Participant

      I’d like to thank everyone who’s posted in this thread and congratulate jOrDY and the rest who have passed the exam.  It has been a great read and an eye opener.

      This cert is definitely on my ToDo list after reading Ryan Linn’s article but after reading about your experiences j0rDy, I think I’ll wait a few months whilst I brush up on my skills and programming.

      Whilst I know i’d learn a lot on the course, the exam would be beyond me at the moment!  I’ve got some serious studying to do over the next few months (and pearl or python to learn)

    • #33140
      cd1zz
      Participant

      tturner – I see your dilemma. If you could do it while you’re at work that would be nice!! Having long blocks of solid time is the best way to to conquer the course…. best of luck.

    • #33141
      j0rDy
      Participant

      @AndyB wrote:

      I’d like to thank everyone who’s posted in this thread and congratulate jOrDY and the rest who have passed the exam.  It has been a great read and an eye opener.

      This cert is definitely on my ToDo list after reading Ryan Linn’s article but after reading about your experiences j0rDy, I think I’ll wait a few months whilst I brush up on my skills and programming.

      Whilst I know i’d learn a lot on the course, the exam would be beyond me at the moment!  I’ve got some serious studying to do over the next few months (and pearl or python to learn)

      Thank you and i’m glad you liked it. Remember that if you want to get experience the PWB course itself is great! its just the exam thats a b*tch 😛 And welcome to EH.net!

    • #33142
      alucian
      Participant

      @tturner wrote:

      I can do a lot of this kind of stuff during work hours but they have not accommodated all my lab requests yet, including a dedicated cable modem, but I’m hopeful this can happen soon. Allowing me to VPN from our network to the Offsec network will not be happening, EVER. And honestly that’s how I want to keep it.

      Why don’t you use a laptop with a wireless connection (mobile phone for example) to connect to the lab? I know that it is expensive, but if you really want to do the course this way you can attain your goal.

    • #33143
      tturner
      Participant

      I probably could, I do have a DroidX with Proxoid setup with ADB for tethering on my linux machine. http://carnal0wnage.blogspot.com/2010/11/tethering-your-droid-to-linux-system.html

      I’ve used that before for reverse connections but it’s painful sometimes since my cellular coverage is a bit spotty and I’ve noticed that some connections tend to get filtered by Vz, but then sometimes they don’t. It’s almost like some Vz nodes are filtered but if I get routed through a different Vz node it isn’t. I suppose if it’s inside the VPN tunnel that probably won’t be an issue. If I can’t get the work cable modem approved I may go that route.

      *post edited because I realized that my pondering was a really bad idea. Fun, but not smart*

    • #33144
      WCNA
      Participant

      I was in one of the first few OSCP exam groups so I don’t know how much it has changed since then. At that time, while the course starts at a basic level, muts made it clear to us that outside resources would have to be used. So to pass the exam, you needed to have expanded your knowledge in certain areas. You were expected to look at all the options/arguments/switches/etc of the tools you were using….to use your mind/think outside the box rather that a step1 do this kind of course. That’s not to say you had to become an expert in Olly or memorize all the nmap commands, you just had to know they existed or how to find them quickly. Hope this helps.

    • #33145
      j0rDy
      Participant

      Just a final post to let everyone know i received my certification in the mail the other day. The feeling i got when i received the “congratulations” mail came back once again!

    • #33146
      WCNA
      Participant

      Congrats. Hope you had as much fun as I did. I see you have listed yourself as Associate of ISC2. Is there a reason you didn’t post it as CISSP (Associate)? Is there some rule against that?

    • #33147
      jsm725
      Participant

      To answer for j0rDy, you have to have 5 years (or 4 + a degree) of work experience in the CISSP domains to have the cert. He passed the test and is just waiting to get the experience. Then they will let him have the cert. But in my humble opinion, the OSCP should be first in the signature. CONGRATS j0rDy!!! Label me jealous. I hope to give the OSCP a go this year sometime.

    • #33148
      WCNA
      Participant

      Thanks for the reply. I understand about the cert process (I’m just now starting this one) but most employers don’t know what “Associate of ISC2” is but would more likely know what CISSP (Associate) is. “Associate of ISC2” doesn’t tell anyone what exam you have passed. Let me restate the question: Is there anything wrong with using CISSP (Associate)?

    • #33149
      dynamik
      Participant

      @WCNA wrote:

      Thanks for the reply. I understand about the cert process (I’m just now starting this one) but most employers don’t know what “Associate of ISC2” is but would more likely know what CISSP (Associate) is. “Associate of ISC2” doesn’t tell anyone what exam you have passed. Let me restate the question: Is there anything wrong with using CISSP (Associate)?

      I listed mine as: Associate of (ISC)2 (CISSP Application Pending)

    • #33150
      j0rDy
      Participant

      Jsm725 is right. i am waiting to get the experience (still 2 yrs to go) to be able to apply for a full CISSP degree. It is PROHIBITED to use the CISSP tag in any form when you are an ISC2 associate. If they find out you use it, even with the associate clarification, they will either ask you to remove it with a warning, or permanently revoke your certification, so be warned!

    • #33151
      jsm725
      Participant

      Just got approval from my company to take PWB + OSCP.  ;D

      Trying to decide whether or not to sign up for one starting in early April. I have a vacation scheduled for late May / early June and I don’t know whether it would be wasting valuable lab time (got approved for 90 days) or a well needed break. Any thoughts?

    • #33152
      alucian
      Participant

      It depends, if you want to use the vacation to study  ::) , then start it, otherwise… wait until you’ll be able to devote yourself to the course.

    • #33153
      TheXero
      Participant

      Nice one jsm725, I got my approval yesterday and could be starting Sunday 🙂

      I think I’m doing the 60 day lab and my work are giving me roughly 2 days off before my exam for study leave etc.  So I will get all the time outside of work that I like, and a few hours a week in work to complete the course and mess around with the OffSec lab.

      Maybe your work has some study leave as well, if not I’m sure something can be sorted out 🙂

      Best of luck

    • #33154
      satish.lx
      Participant

      Just curious about which version of OS are available in exam? i meant linux Redhat 5/6? win2k3/8 etc. ?

    • #33155
      cd1zz
      Participant

      Are you asking what operating systems are targets on the exam?

    • #33156
      BillV
      Participant

      @satish.lx wrote:

      Just curious about which version of OS are available in exam? i meant linux Redhat 5/6? win2k3/8 etc. ?

      You can use whatever OS you want as your attacking platform – though most people stick with whichever version of BackTrack the course is currently based on.

      No one is going to tell you what OS the targets are for the exam. The lab environment has a large mix of all of the above.

    • #33157
      satish.lx
      Participant

      Thanks @BillV

      Is there anyway we can get Video tutorial first and start study and later get lab for hand-on experience?

      I meant one of OSCP can share video 😉 

    • #33158
      KrisTeason
      Participant

      Is there anyway we can get Video tutorial first and start study and later get lab for hand-on experience?

      When you sign up for a start date and your approved to take it, on the course begin date you receive an e-mail giving with links to the Lab guide and Course Video contents. Your also given credentials and instructions with how to connect to the student network. The days you pay for the course control how long you have access to the offsec lab environment to practice in.

    • #33159
      BillV
      Participant

      No one is going to share their OSCP videos as the persons full name and home address is watermarked into every video.

    • #33160
      zeroflaw
      Participant

      Wow congrats j0rDy! It’s good to see that you passed the exam! How many tries did it take you? I know we both failed it at least once lol. Hopefully I’ll feel ready for my second try soon.

      Congrats again!

    • #33161
      hayabusa
      Participant

      @satish.lx wrote:

      I meant one of OSCP can share video 😉 

      Bwahahahahaha!    Just got a kick out of that one, being that this IS ethicalhacker.net – keyword ‘ethical’    😉

      Nope.  As BillV noted, you won’t find OSCP’s sharing ths vids.  Non-disclosure is a serious thing, and the vids ARE carefully marked.

      I once saw someone else’s OLD vids (like PWB 1.0, I think) that they’d found posted somewhere.  I can tell you, by the time the person who posted them had ‘blurred’ out the watermark, the videos were pretty useless.  The person who showed them to me had already given up trying to learn from those, and paid for the class, instead (as well he should have, to begin with.)  And those old videos have changed a lot, since, so I don’t think you’d find them as useful as you’d like.  Case in point, I think if you’re looking for handouts like the OSCP vids, I wouldn’t waste my time, if I were you.  You’d be better off finding some other study materials and spending time with those (other books, paying for the course, etc)

      It’s just not worth the trouble, and besides, the value of paying for them is the ability to ask questions of the instructors, etc, anyway.

    • #33162
      j0rDy
      Participant

      @hayabusa wrote:

      @satish.lx wrote:

      I meant one of OSCP can share video 😉 

      Bwahahahahaha!    Just got a kick out of that one, being that this IS ethicalhacker.net – keyword ‘ethical’     😉

      Nope.  As BillV noted, you won’t find OSCP’s sharing ths vids.  Non-disclosure is a serious thing, and the vids ARE carefully marked.

      I once saw someone else’s OLD vids (like PWB 1.0, I think) that they’d found posted somewhere.  I can tell you, by the time the person who posted them had ‘blurred’ out the watermark, the videos were pretty useless.  The person who showed them to me had already given up trying to learn from those, and paid for the class, instead (as well he should have, to begin with.)  And those old videos have changed a lot, since, so I don’t think you’d find them as useful as you’d like.  Case in point, I think if you’re looking for handouts like the OSCP vids, I wouldn’t waste my time, if I were you.  You’d be better off finding some other study materials and spending time with those (other books, paying for the course, etc)

      It’s just not worth the trouble, and besides, the value of paying for them is the ability to ask questions of the instructors, etc, anyway.

      besides the bad picture because of the blurring the audio is beyond bad. just invest in the complete course. therefore i dont think it is possible to only take the exam. Its still the “best bang for your buck” deal around so it should be a no-brainer…

    • #33163
      satish.lx
      Participant

      Thanks guys,

      which book you guys suggest for oscp?

      Atleast I have money for book to start study.

    • #33164
      hayabusa
      Participant

      That’s a really good question.  Honestly, I’d start looking at the various books geared towards pentesting and security.  There are MANY good threads about books, here, on the forums.

      Such books include (but aren’t limited to):

      Professional Penetration Testing by Thomas Wilhelm
      Build Your Own Security Lab by Michael Gregg

      and others…

    • #33165
      satish.lx
      Participant

      @hayabusa wrote:

      That’s a really good question.  Honestly, I’d start looking at the various books geared towards pentesting and security.  There are MANY good threads about books, here, on the forums.

      Such books include (but aren’t limited to):

      Professional Penetration Testing by Thomas Wilhelm
      Build Your Own Security Lab by Michael Gregg

      and others…

      Thanks! also i would like to add

      Penetration Tester’s Open Source Toolkit, Volume 2 (c) by Syngress

    • #33166
      Anonymous
      Participant

      InfoSec Career hacking by syngree is another good one

    • #33167
      koz
      Participant

      Thank you for the info!! I am just starting out and have been progressing a little slow. I grabbed 60 days of lab time and am hoping to devote a week away from work to dive right into the course. The advice here has been really helpful.

Viewing 136 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?