.

Starting OSCP from 2nd June 2013 !!!

<<

batz21

User avatar

Newbie
Newbie

Posts: 5

Joined: Fri May 24, 2013 5:16 am

Post Wed May 29, 2013 2:18 am

Starting OSCP from 2nd June 2013 !!!

Hi Everyone.

Finally got courage to register for the PWB, basically from Networks/Firewalls background and a newbie in the world of VA/PT and linux.

My Labs getting started from 2nd June for the next 60 days.

Anyone have their labs at same time ?? ...and would like to make a Study Group, Kindly ping.

Senior members any suggestions for me ?  :P

regards
batz21
<<

hanyhasan

User avatar

Newbie
Newbie

Posts: 17

Joined: Fri May 17, 2013 12:09 pm

Post Wed May 29, 2013 4:02 am

Re: Starting OSCP from 2nd June 2013 !!!

Hi batz21 , ok am not senior member yet , but am also planning to take the OSCP before Dec2013 . I read many many reviews from here EH and google search . I found that the key to this certificate by mastering this topics .
Bashing skills = to automate tasks = reduce time .
Enumeration , Enumeration ===  found it in many reviews
Scanning = nmap & unicornscan ,make it a habit to scan the 65535 ports
Privilege escalation =  g0tma1k have a nice article about it and every one recommend it
Exploitation  = corlan.de = Python + C .. usually modifying the code of the exploit 
Finally writing the Report  .. keep it ready from now , make a template.
<<

batz21

User avatar

Newbie
Newbie

Posts: 5

Joined: Fri May 24, 2013 5:16 am

Post Wed May 29, 2013 8:19 pm

Re: Starting OSCP from 2nd June 2013 !!!

Thanks Mate...for the reply

I have mentally prepared myself. Knows x86 a bit...can control the EIP sometimes  :P..... can understand what a Python Script doing and how to tweak it  :P

As I am new in this Field so bit worried in that front...as I don't know what should I expect.

I know Bash plays a Huge role not just in OSCP but in our daily work and I suck in it at the moment....and have to work hard as I am not that comfortable with the *nix Systems.

My thought Process is to learn as much as possible during the next 60 days...clearing the certification doesn't matter to me as I feel your knowledge is more important rather than collecting Certs :)

I seek Support from Senior members here so that I can learn something from them .... ;D


regards
batz21
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Wed May 29, 2013 9:06 pm

Re: Starting OSCP from 2nd June 2013 !!!

batz21 wrote:Thanks Mate...for the reply

I have mentally prepared myself. Knows x86 a bit...can control the EIP sometimes  :P..... can understand what a Python Script doing and how to tweak it  :P

As I am new in this Field so bit worried in that front...as I don't know what should I expect.

I know Bash plays a Huge role not just in OSCP but in our daily work and I suck in it at the moment....and have to work hard as I am not that comfortable with the *nix Systems.

My thought Process is to learn as much as possible during the next 60 days...clearing the certification doesn't matter to me as I feel your knowledge is more important rather than collecting Certs :)

I seek Support from Senior members here so that I can learn something from them .... ;D


regards
batz21



I suggest you pop into the #offsec IRC channel on freenode. You'll find other students taking the course as well as alumni. You'll have a better chance of setting up a study group there.
OSCP + OSCE
<<

Taemyks

User avatar

Newbie
Newbie

Posts: 6

Joined: Thu May 16, 2013 9:12 pm

Post Wed May 29, 2013 10:51 pm

Re: Starting OSCP from 2nd June 2013 !!!

I'll be in there starting June 9th for 90 days. I'd be happy for some study once I get caught up!
<<

hanyhasan

User avatar

Newbie
Newbie

Posts: 17

Joined: Fri May 17, 2013 12:09 pm

Post Thu May 30, 2013 12:10 am

Re: Starting OSCP from 2nd June 2013 !!!

@superkojiman
I think this is your blog " http://www.iodigitalsec.com/blog/ ".
also plz update your signature  ;) you are OSCE now

@batz21
have a look at his blog and read his review about OSCP . He signed for 60 days but end up using only 36 and finish the final challenge in 8 hours  8)
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Thu May 30, 2013 2:20 am

Re: Starting OSCP from 2nd June 2013 !!!

hanyhasan wrote:@superkojiman
I think this is your blog " http://www.iodigitalsec.com/blog/ ".
also plz update your signature  ;) you are OSCE now


According to Superkojiman's profile, this is his blog: http://blog.techorganic.com/ ;)
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

rockman

Full Member
Full Member

Posts: 104

Joined: Sun Apr 06, 2008 12:38 pm

Post Mon Jun 17, 2013 6:26 pm

Re: Starting OSCP from 2nd June 2013 !!!

How is the course going?
<<

batz21

User avatar

Newbie
Newbie

Posts: 5

Joined: Fri May 24, 2013 5:16 am

Post Tue Jun 18, 2013 8:40 pm

Re: Starting OSCP from 2nd June 2013 !!!

Hey Rockman...the situation is very bad :P

I got my lab re-schduled for 16th June and now I having no clue how to proceed...being a novice in Pen Test field seems causing this issue.

I am lacking the approach and thought process it seems...as I never done the PT ever before.

Going through the Videos at the moment..and trying to get a hold on it :P.....lets see what happens :D
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Tue Jun 18, 2013 8:53 pm

Re: Starting OSCP from 2nd June 2013 !!!

The course does have pre-requisites and if you're weak in the foundation, you'll be struggling to get through the course and learning the foundation material at the same time. That being said, certain things can be learned while you're in the lab, although I recommend being extremely comfortable with them before taking the exam.

Just go through the course material and videos before you start throwing exploits at servers. That will probably net you a couple of low hanging fruit but won't get you very far. Enumeration is key. Remember - these machines are configured to have a hole, you just need to find it.
<<

rockman

Full Member
Full Member

Posts: 104

Joined: Sun Apr 06, 2008 12:38 pm

Post Tue Jun 18, 2013 10:03 pm

Re: Starting OSCP from 2nd June 2013 !!!

I agree with superkojiman's comments. His recommendations were helpful to me when I was preparing for my exam retakes.

Understand the labs and if you don't understand something research it further. I went through several buffer overflow tutorials before I got it. Like superkojiman said enumeration is key. Nmap is not always enough. On webservers, I would run nikto, dirbuster, and httprint. This will help you find vulnerabilities and httprint is a good crosscheck to verify you have the correct webserver and version.

It took me a while to think like a hacker, once I did it got easier to root servers in the lab. That comes from practice in the lab and the understanding the exercises in the lab manual and the videos, it will help you learn to think that way.
<<

batz21

User avatar

Newbie
Newbie

Posts: 5

Joined: Fri May 24, 2013 5:16 am

Post Tue Jun 18, 2013 10:13 pm

Re: Starting OSCP from 2nd June 2013 !!!

Golden Words...from Senior guys...thanks Rockman & superkojiman

Enumeration is the Key it seems can you guys share any useful link or point me to a Book

Which Enumeration Tools should master , Right now I am relyin heavily on namp,netcat,rpclient :P

Any pointers will be appreciated.

regards
<<

rockman

Full Member
Full Member

Posts: 104

Joined: Sun Apr 06, 2008 12:38 pm

Post Tue Jun 18, 2013 10:29 pm

Re: Starting OSCP from 2nd June 2013 !!!

batz21 wrote:Golden Words...from Senior guys...thanks Rockman & superkojiman

Enumeration is the Key it seems can you guys share any useful link or point me to a Book

Which Enumeration Tools should master , Right now I am relyin heavily on namp,netcat,rpclient :P

Any pointers will be appreciated.

regards


The nmap scripts are good to use. You can use the scanner modules in Metasploit. What you are using is good. Don't forget snmp enumeration. Brute forcing passwords is a good way to get access via ftp or ssh and then you can work on escalating access. Also as I mentioned above; nikto, httprint, dirbuster and burp suite, which I forgot to mention.
<<

hanyhasan

User avatar

Newbie
Newbie

Posts: 17

Joined: Fri May 17, 2013 12:09 pm

Post Wed Jun 19, 2013 1:01 am

Re: Starting OSCP from 2nd June 2013 !!!

batz21 wrote:
Enumeration is the Key it seems can you guys share any useful link or point me to a Book

Which Enumeration Tools should master , Right now I am relyin heavily on namp,netcat,rpclient :P


regards


Hi Batz21 .
Going through those books fast and use the Enumeration tools which they mention
1.Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
2.Backtrack 5 cookbook
3.BackTrack 4: Assuring Security by Penetration Testing..Old but believe me has many many tools and how to use them .. try the tools in the lab and compare the results a tool like fierce for DNS enumeration is better than both Dig and Host !!
4.Nmap Cookbook: The Fat-free Guide to Network Scanning
5.The Basics of Hacking and Penetration Testing
Currently am preparing also for OSCP by taking some crash course on PT from Joe Maccry weekend boot cam and its by 100$ only and have like 30 days on the lab next weekend he have Exploit Dev again 2 days by 100$ only . Have a look to this video about Exp_Dev
http://www.youtube.com/watch?v=eNSWUAVxbzk
from BSides Rhode Island Con was on 15-6-2013.
All the best and keep update us
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Wed Jun 19, 2013 5:57 am

Re: Starting OSCP from 2nd June 2013 !!!

On Backtrack, look at /pentest/enumeration. Lots of tools in there.
Next

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software