OSWP Walkthrough

Viewing 21 reply threads
  • Author
    Posts
    • #6113
      j0rDy
      Participant

      OK, since i got alot of positive feedback on my last “walkthrough” i made the descision to write another one for my OSWP certification. Again, if anyone got feedback/comments (Donald or the guys at Offensive Security) please let me know!

      General info:

      After passing the OSCP course i decided to take a well deserved break. After about a month something started itching ;). I was so impressed by the learning method used by Offensive Security i just had to go for another one. Giving the fact i went through hell (got there, got lost, wandered around for a long long time, and finally got back) to pass for PWB i decided to go for WiFu. The main reason for this decision is that i feel i am not yet ready to pursue OSCE, cause of my previous experiences with PWB. Another reason is that even though how much i ould like to learn it, writing exploits, learning assembly etc., it is a little bit out of scope for the work i do, but WiFi becomes a more important factor for me. And last but not least, it is a bargain!

      When i clicked the sign up now button i noticed a different registration process. I received a mail with additional information about the course, and a registration form. From what i remember this is new. It is good to see that the guys at OffSec are not only working on the course itself, but also everything else that counts to become a good, respectable learning institute.

      The outline is pretty much equal to the other courses. You will receive a lab guide (which is in size equal to the OSCP one!) and ofcourse the video’s, which will take about 2.5 hours to get through. They also specify the required skills needed to pass the course. This is a little bit more then the “basic linux commandline skills”. I quote:
      “You need to have basic Linux skills in order to complete this course- meaning you should be able to navigate through the Linux filesystem, run simple commands, edit files and be comfortable in the command line in general.”
      They also provide an estimated time for completing the course, which is according to OffSec 2 hours. Giving i have played with WiFi and the air-suite before i guess it will be a little less, but we will see.

      The labs are hosted by the student. This means no VPN to connect to as with PWB, but set up your own wireless network. Besides the fact that this is also good to know, it provides a nice look on the other side of IT security, which is in this case not hacking it, but properly configuring it. They also provide some tips on hardware which should not be a problem, cause most of the wireless adapters have good support in the latest version of Backtrack.

      Finally there is an exam (ofcourse). This one will take about 3 hours including the time to prepare your results and to send them by mail. There are no pre set dates, but you have to schedule the exam within 4 months from your starting date. My guess is this will be no problem.

      right now i am waiting for further instructions, and i must say i am stoked to be starting another OffSec course again!

      (First) Impressions:

      OK, this was supposed to be a first impression update, but since i already covered all material i will rename it to just impressions. As i suspected the course is significally smaller than OSCP. I knew this before i started the course, because of the CPE points you get for both exams. Ofcourse getting through the course so fast is partly my fault, because i spend almost the entire weekend on the course. First lets start with the course guide.

      The first couple of chapters contain some background information on the wireless protocol. Mostly is about the used protocols and operating modes. Even though none of this information is required for the exam, it is very useful to read through to get a deeper understandig of the wireless protocol. There is also a chapter that covers the hardware aspect. While this information can be considered a little bit oudated because of the current developments within Backtrack 4 and the upcoming 802.11n protocol it makes the choice of hardware a little bit easier if you dont want to go dig in technical specifications of wireless adapters. This is something i decided to do just because i think it is fun.

      Like mosts hackers i like new toys and if possible, the best toys available. I got myself an Alfa Network AWUS036NH, which is not supported out of the box by BT4R2, but there are tutorials around to get it fully working. I bought this specific one with current and future developments in mind, because the n protocol becomes more and more mainstream. While i was at it, i also ordered a 9dbi high gain antenna to make the picture complete. OK, enough about the hardware.

      The course is mainly focussed on the aircrack suite. The last chapters cover some other tools briefly, but almost not noteworthy. I like the layout of the course, because the different attack techniques are explained before you start the actual attack. This gives a better understanding of what goes on while aircrack is doing what it does best. While doing some extended research on the tool (after getting some vague errors which somehow dissapeared after a reboot, so actually not noteworthy) i saw that most of the material is also covered on the aircrack site. This makes the course a little bit obsolete if you just want to learn WiFu and do not want to pursue the certification. Still the additional video’s provide a good addition to the course guide.

      Again, Mati does a great job explaining the different attack techniques and makes it all very understandable. I always say that if you have the power to make something difficult look easy, you truly master the skills. Even though some subjects may need some updates, (for example, why is still BT3 recommended with the madwifi drivers?) it is still a great course to follow. Since there are no real exercises in the course (except for trying everything yourself) i will skip this part and move right on to the exam, so stay tuned for the next update: Exam time!

      Exam time!

      Quote:
      The exam exists of multiple WEP and WPA wireless networks that need to be hacked. There is a wordlist present for the WPA network(s), so do not worry about failing the exam because of a bad wordlist. The exam is more about how you got the result instead of the actual result. You have 4 hours to complete the exam and a total of 24 hours to send in the acquired results. They specifically ask for a workout of the steps taken and commands used which got you to your result. After this you will receive a reply with your results within a few workdays.

      Different from the other courses, you will login using a SSH connection on a Backtrack3 box where the wireless setup has been prepared. The host has two wireless devices hooked up, which gives you the decision to choose your favourite driverset (Atheros or Alfa). Since i practised at home with the alfa my choice was obvious.

      Saying this, there is really nothing more to tell about this course. I like the introduction chapters that give a better theoretical understanding of the wifi protocol. The big advantage of this course is that you will learn different attack methods to obtain the key which can be different depending on the state of the network (client/clientless, OPN/SKA etc.).

      I received a reply on my submitted documentation within 24 hours, which was extremely fast! since i owned all the networks i figured i would most certainly pass, but there is always that little piece of doubt. Still when i got the results i was stoked i passed the course. Thank you again for all the feedback i received and for taking the time to join me once again in this walkthrough. I hope you had as much fun reading it as i had writing it. Thanks again to everyone for this great experience and the opportunity to tell others about my experiences within the security field. Until next time.
      [quote]

    • #38307
      caissyd
      Participant

      Hey j0rDy,

      We really can’t stop, isn’t?  ;D

      Thanks for your walkthrough. I was thinking on taking it eventually. You write nice reviews. You should talk to Don about writing an “official” review!

    • #38308
      j0rDy
      Participant

      @H1t M0nk3y wrote:

      Hey j0rDy,

      We really can’t stop, isn’t?  ;D

      Thanks for your walkthrough. I was thinking on taking it eventually. You write nice reviews. You should talk to Don about writing an “official” review!

      i guess we can’t  😉

      Thanks and if Don wants me to save it for the front page, no problem, but then you guys have to play the waiting game…

    • #38309
      Don Donzal
      Keymaster

      I like the walkthrough format, but I’m always willing to look for new articles. PM me.

      Don

    • #38310
      j0rDy
      Participant

      (First) Impressions:

      OK, this was supposed to be a first impression update, but since i already covered all material i will rename it to just impressions. As i suspected the course is significally smaller than OSCP. I knew this before i started the course, because of the CPE points you get for both exams. Ofcourse getting through the course so fast is partly my fault, because i spend almost the entire weekend on the course. First lets start with the course guide.

      The first couple of chapters contain some background information on the wireless protocol. Mostly is about the used protocols and operating modes. Even though none of this information is required for the exam, it is very useful to read through to get a deeper understandig of the wireless protocol. There is also a chapter that covers the hardware aspect. While this information can be considered a little bit oudated because of the current developments within Backtrack 4 and the upcoming 802.11n protocol it makes the choice of hardware a little bit easier if you dont want to go dig in technical specifications of wireless adapters. This is something i decided to do just because i think it is fun.

      Like mosts hackers i like new toys and if possible, the best toys available. I got myself an Alfa Network AWUS036NH, which is not supported out of the box by BT4R2, but there are tutorials around to get it fully working. I bought this specific one with current and future developments in mind, because the n protocol becomes more and more mainstream. While i was at it, i also ordered a 9dbi high gain antenna to make the picture complete. OK, enough about the hardware.

      The course is mainly focussed on the aircrack suite. The last chapters cover some other tools briefly, but almost not noteworthy. I like the layout of the course, because the different attack techniques are explained before you start the actual attack. This gives a better understanding of what goes on while aircrack is doing what it does best. While doing some extended research on the tool (after getting some vague errors which somehow dissapeared after a reboot, so actually not noteworthy) i saw that most of the material is also covered on the aircrack site. This makes the course a little bit obsolete if you just want to learn WiFu and do not want to pursue the certification. Still the additional video’s provide a good addition to the course guide.

      Again, Mati does a great job explaining the different attack techniques and makes it all very understandable. I always say that if you have the power to make something difficult look easy, you truly master the skills. Even though some subjects may need some updates, (for example, why is still BT3 recommended with the madwifi drivers?) it is still a great course to follow. Since there are no real exercises in the course (except for trying everything yourself) i will skip this part and move right on to the exam, so stay tuned for the next update: Exam time!

    • #38311
      AndyB67
      Participant

      j0rDy,
      Hope you can clarify something on this?

      Have got the hardware and am playing with that and Aircrack suit atm with a view to doing the course and exam sometime after easter once I finally get my CCNA out of the way.

      Been reading up on the Offensive Sec site about the course and note that the exam is only about 4 hrs.  Do they expect you to crack passwords within that time, if so what the hell with?

      Depending on which txt or lst file I use, I can be looking at 20hrs+ for aircrack to ‘crack’ a cap file

    • #38312
      j0rDy
      Participant

      I am not sure about that one. I think they require you to crack several networks, probably a WEP and a WPA one. WEP should be no problem if they use a simple password, which should be done within several seconds/minutes. For the WPA i see your concern. I guess since BT comes with a standard WPA password list i figure the password will be in there, otherwise it will be shooting mosquito’s with a bazooka. Once i have done the exam i will give clarification on this. Wish me luck  😉

    • #38313
      rattis
      Participant

      @AndyB wrote:

      Have got the hardware and am playing with that and Aircrack suit atm with a view to doing the course and exam sometime after easter once I finally get my CCNA out of the way.

      Been reading up on the Offensive Sec site about the course and note that the exam is only about 4 hrs.  Do they expect you to crack passwords within that time, if so what the hell with?

      Depending on which txt or lst file I use, I can be looking at 20hrs+ for aircrack to ‘crack’ a cap file

      4 hours was more than enough time to do it. I finished in under 2, including the write up. I had to do both WEP and WPA, but more than that I will not say.

      You’re not cracking the passwords, you’re cracking / recovering the wifi keys. There is a difference.

      If you want to really get some side study done, besides just reading the Aircrack-NG site and howto, pick up Hacking Exposed Wireless Hacking.

    • #38314
      AndyB67
      Participant

      Best of luck j0rDy

      chrisj, i’m ordering it very soon!  Only question I have is, I’ve seen that there is edition 2 of the hacking exposed wireless.  Looking at the blurb with the books online, the edition 2 looks like it’s bang up to date but should I be looking at the edition 1 book to help with the exam?

    • #38315
      rattis
      Participant

      That’s actually a good question, and I don’t know. I was suggesting the second edition to learn beyond what you’ll need for the exam.

    • #38316
      j0rDy
      Participant

      Update: I passed!  ;D I will write the final update in a few days…

    • #38317
      lorddicranius
      Participant

      Gratz j0rDy!  Some more knowledge to build upon 🙂

    • #38318
      hayabusa
      Participant

      Congrats on passing, j0rdy!  Always nice to hear you’re progressing.  Keep it up, and continued good luck!

    • #38319
      AndyB67
      Participant

      Congrats and I look forward to reading you final installment

    • #38320
      Anonymous
      Participant

      I just passed this too. and 4 hours is more than enough I didn’t find that exam that hard once i got my head around it first security certificate so was all very new.

    • #38321
      j0rDy
      Participant

      Thank you all! i had a blast taking it and i must say i really enjoy the whole wifi hacking thing. its fun and due to some recent developments in the Netherlands, completely legal!  8)

      The exam exists of multiple WEP and WPA wireless networks that need to be hacked. There is a wordlist present for the WPA network(s), so do not worry about failing the exam because of a bad wordlist. The exam is more about how you got the result instead of the actual result. You have 4 hours to complete the exam and a total of 24 hours to send in the acquired results. They specifically ask for a workout of the steps taken and commands used which got you to your result. After this you will receive a reply with your results within a few workdays.

      Different from the other courses, you will login using a SSH connection on a Backtrack3 box where the wireless setup has been prepared. The host has two wireless devices hooked up, which gives you the decision to choose your favourite driverset (Atheros or Alfa). Since i practised at home with the alfa my choice was obvious.

      Saying this, there is really nothing more to tell about this course. I like the introduction chapters that give a better theoretical understanding of the wifi protocol. The big advantage of this course is that you will learn different attack methods to obtain the key which can be different depending on the state of the network (client/clientless, OPN/SKA etc.).

      I received a reply on my submitted documentation within 24 hours, which was extremely fast! since i owned all the networks i figured i would most certainly pass, but there is always that little piece of doubt. Still when i got the results i was stoked i passed the course. Thank you again for all the feedback i received and for taking the time to join me once again in this walkthrough. I hope you had as much fun reading it as i had writing it. Thanks again to everyone for this great experience and the opportunity to tell others about my experiences within the security field. Until next time.

    • #38322
      AndyB67
      Participant

      Just downloaded the course software from their site!  Guess what i’m doing most of this bank holiday weekend  ;D

    • #38323
      j0rDy
      Participant

      @AndyB wrote:

      Just downloaded the course software from their site!  Guess what i’m doing most of this bank holiday weekend  ;D

      I can’t imagine…  8) Good luck and hack the packets out of it!

    • #38324
      Darktaurus
      Participant

      I know the recommended hardware for the course is a WRT54GL (Access Point) but does anyone know if the course can be done with a WRT54G (Access Point)?  Thanks in advance.

    • #38325
      Anonymous
      Participant

      It can be done with any Access point as long as you know how to change the wireless settings and it supports the different types of encryption.

      You can usually get the WRT54GL for £30 to £50 pounds on ebay. you also need a wireless card that allows injections I used the alfa AWUS036NH card and BT4.

      hope this helps

    • #38326
      j0rDy
      Participant

      @Jamie.R wrote:

      It can be done with any Access point as long as you know how to change the wireless settings and it supports the different types of encryption.

      You can usually get the WRT54GL for £30 to £50 pounds on ebay. you also need a wireless card that allows injections I used the alfa AWUS036NH card and BT4.

      hope this helps

      like Jamie said, almost every accesspoint will do, but i can not stress enough that a wireless adapter that supports packet injection is required. Personally i like the alfa network adapter i bought for the course very much, so if you dont have one, go for it!

    • #38327
      Darktaurus
      Participant

      Thanks for the info Jamie.R and j0rDy.  I want to get to the point where I can crack WEP in my sleep and attempt to tackle WPA. It seems like with crunch and backtrack, you can give WPA a run for its money.  Also I want to test my own wireless networks.  Thanks again guys for the info. 

Viewing 21 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?