Starting OSCP from 2nd June 2013 !!!

This topic contains 19 replies, has 8 voices, and was last updated by  Master Of Puppets 6 years ago.

  • Author
    Posts
  • #8469
     batz21 
    Participant

    Hi Everyone.

    Finally got courage to register for the PWB, basically from Networks/Firewalls background and a newbie in the world of VA/PT and linux.

    My Labs getting started from 2nd June for the next 60 days.

    Anyone have their labs at same time ?? …and would like to make a Study Group, Kindly ping.

    Senior members any suggestions for me ?  😛

    regards
    batz21

  • #53034
     hanyhasan 
    Participant

    Hi batz21 , ok am not senior member yet , but am also planning to take the OSCP before Dec2013 . I read many many reviews from here EH and google search . I found that the key to this certificate by mastering this topics .
    Bashing skills = to automate tasks = reduce time .
    Enumeration , Enumeration ===  found it in many reviews
    Scanning = nmap & unicornscan ,make it a habit to scan the 65535 ports
    Privilege escalation =  g0tma1k have a nice article about it and every one recommend it
    Exploitation  = corlan.de = Python + C .. usually modifying the code of the exploit 
    Finally writing the Report  .. keep it ready from now , make a template.

  • #53035
     batz21 
    Participant

    Thanks Mate…for the reply

    I have mentally prepared myself. Knows x86 a bit…can control the EIP sometimes  :P….. can understand what a Python Script doing and how to tweak it  😛

    As I am new in this Field so bit worried in that front…as I don’t know what should I expect.

    I know Bash plays a Huge role not just in OSCP but in our daily work and I suck in it at the moment….and have to work hard as I am not that comfortable with the *nix Systems.

    My thought Process is to learn as much as possible during the next 60 days…clearing the certification doesn’t matter to me as I feel your knowledge is more important rather than collecting Certs 🙂

    I seek Support from Senior members here so that I can learn something from them …. ;D

    regards
    batz21

  • #53036
     superkojiman 
    Participant

    @batz21 wrote:

    Thanks Mate…for the reply

    I have mentally prepared myself. Knows x86 a bit…can control the EIP sometimes  :P….. can understand what a Python Script doing and how to tweak it  😛

    As I am new in this Field so bit worried in that front…as I don’t know what should I expect.

    I know Bash plays a Huge role not just in OSCP but in our daily work and I suck in it at the moment….and have to work hard as I am not that comfortable with the *nix Systems.

    My thought Process is to learn as much as possible during the next 60 days…clearing the certification doesn’t matter to me as I feel your knowledge is more important rather than collecting Certs 🙂

    I seek Support from Senior members here so that I can learn something from them …. ;D

    regards
    batz21

    I suggest you pop into the #offsec IRC channel on freenode. You’ll find other students taking the course as well as alumni. You’ll have a better chance of setting up a study group there.

  • #53037
     Taemyks 
    Participant

    I’ll be in there starting June 9th for 90 days. I’d be happy for some study once I get caught up!

  • #53038
     hanyhasan 
    Participant

    @superkojiman
    I think this is your blog ” http://www.iodigitalsec.com/blog/ “.
    also plz update your signature  😉 you are OSCE now

    @batz21
    have a look at his blog and read his review about OSCP . He signed for 60 days but end up using only 36 and finish the final challenge in 8 hours  8)

  • #53039
     m0wgli 
    Participant

    @hanyhasan wrote:

    @superkojiman
    I think this is your blog ” http://www.iodigitalsec.com/blog/ “.
    also plz update your signature  😉 you are OSCE now

    According to Superkojiman’s profile, this is his blog: http://blog.techorganic.com/ 😉

  • #53040
     Phillip Wylie 
    Participant

    How is the course going?

  • #53041
     batz21 
    Participant

    Hey Rockman…the situation is very bad 😛

    I got my lab re-schduled for 16th June and now I having no clue how to proceed…being a novice in Pen Test field seems causing this issue.

    I am lacking the approach and thought process it seems…as I never done the PT ever before.

    Going through the Videos at the moment..and trying to get a hold on it :P…..lets see what happens 😀

  • #53042
     superkojiman 
    Participant

    The course does have pre-requisites and if you’re weak in the foundation, you’ll be struggling to get through the course and learning the foundation material at the same time. That being said, certain things can be learned while you’re in the lab, although I recommend being extremely comfortable with them before taking the exam.

    Just go through the course material and videos before you start throwing exploits at servers. That will probably net you a couple of low hanging fruit but won’t get you very far. Enumeration is key. Remember – these machines are configured to have a hole, you just need to find it.

  • #53043
     Phillip Wylie 
    Participant

    I agree with superkojiman’s comments. His recommendations were helpful to me when I was preparing for my exam retakes.

    Understand the labs and if you don’t understand something research it further. I went through several buffer overflow tutorials before I got it. Like superkojiman said enumeration is key. Nmap is not always enough. On webservers, I would run nikto, dirbuster, and httprint. This will help you find vulnerabilities and httprint is a good crosscheck to verify you have the correct webserver and version.

    It took me a while to think like a hacker, once I did it got easier to root servers in the lab. That comes from practice in the lab and the understanding the exercises in the lab manual and the videos, it will help you learn to think that way.

  • #53044
     batz21 
    Participant

    Golden Words…from Senior guys…thanks Rockman & superkojiman

    Enumeration is the Key it seems can you guys share any useful link or point me to a Book

    Which Enumeration Tools should master , Right now I am relyin heavily on namp,netcat,rpclient 😛

    Any pointers will be appreciated.

    regards

  • #53045
     Phillip Wylie 
    Participant

    @batz21 wrote:

    Golden Words…from Senior guys…thanks Rockman & superkojiman

    Enumeration is the Key it seems can you guys share any useful link or point me to a Book

    Which Enumeration Tools should master , Right now I am relyin heavily on namp,netcat,rpclient 😛

    Any pointers will be appreciated.

    regards

    The nmap scripts are good to use. You can use the scanner modules in Metasploit. What you are using is good. Don’t forget snmp enumeration. Brute forcing passwords is a good way to get access via ftp or ssh and then you can work on escalating access. Also as I mentioned above; nikto, httprint, dirbuster and burp suite, which I forgot to mention.

  • #53046
     hanyhasan 
    Participant

    @batz21 wrote:

    Enumeration is the Key it seems can you guys share any useful link or point me to a Book

    Which Enumeration Tools should master , Right now I am relyin heavily on namp,netcat,rpclient 😛

    regards

    Hi Batz21 .
    Going through those books fast and use the Enumeration tools which they mention
    1.Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
    2.Backtrack 5 cookbook
    3.BackTrack 4: Assuring Security by Penetration Testing..Old but believe me has many many tools and how to use them .. try the tools in the lab and compare the results a tool like fierce for DNS enumeration is better than both Dig and Host !!
    4.Nmap Cookbook: The Fat-free Guide to Network Scanning
    5.The Basics of Hacking and Penetration Testing
    Currently am preparing also for OSCP by taking some crash course on PT from Joe Maccry weekend boot cam and its by 100$ only and have like 30 days on the lab next weekend he have Exploit Dev again 2 days by 100$ only . Have a look to this video about Exp_Dev
    http://www.youtube.com/watch?v=eNSWUAVxbzk
    from BSides Rhode Island Con was on 15-6-2013.
    All the best and keep update us

  • #53047
     superkojiman 
    Participant

    On Backtrack, look at /pentest/enumeration. Lots of tools in there.

  • #53048
     the_hutch 
    Participant

    @hanyhasan wrote:

    Privilege escalation =  g0tma1k have a nice article about it and every one recommend it

    Second this. Highly recommend this article for intelligent privilege escalation in a linux environment. Helped a lot.

  • #53049
     Master Of Puppets 
    Participant

    How are you doing?

  • #53050
     batz21 
    Participant

    Not Good at all… 🙁

    Seems I don’t have the proper foundation for the OSCP. Still struggling and learning the stuff. My Count is only 3 and I am 15 days into the lab.

    Lets see how things advance…

    regards
    batz21

  • #53051
     Phillip Wylie 
    Participant

    @batz21 wrote:

    Not Good at all… 🙁

    Seems I don’t have the proper foundation for the OSCP. Still struggling and learning the stuff. My Count is only 3 and I am 15 days into the lab.

    Lets see how things advance…

    regards
    batz21

    You just need experience and the labs will give you that. Enumeration is key and the more the better. Some helpful tools for systems in the lab running web servers and web based apps are;

    Nikto (web vulnerability scanner) – This helped me a lot. Nikto works well at finding vulnerabilities.

    Dirbuster (web crawler) – This is a great tool for discovering files and directories.

    Burp Suite (web proxy) – Burp is an awesome tool. You can crawl/spider like in Dirbuster, but you can modify http requests and send them to the web server, as well as a lot of other things. You can brute force html forms.

    HTTPrint – This tool is good for fingerprinting the web server. This is good to double check nmap results.

  • #53052
     Master Of Puppets 
    Participant

    Did you end up extending your lab time? How about the others? Hope it’s going good.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?