.

OSCP Walkthrough

<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 531

Joined: Sat Sep 08, 2007 7:48 pm

Post Wed Jul 07, 2010 11:15 am

Re: OSCP Walkthrough

I"m backing BillV on this one. When I was in the course, I scheduled my exam about a week after my lab time expired. This gave me time to go back and finish the report, take the exam then add my exam findings into the report (which is very do-able in 24 hours).
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Wed Jul 07, 2010 12:25 pm

Re: OSCP Walkthrough

At first I was kind of confused about the documentation and reporting. Seems like we have to document everything. And put all the results relating to the network itself in our pentest report.

Did you guys use leo or basket? I personally find basket easier. Also I'm planning to do all the extra mile exercises.
ZF
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Jul 07, 2010 2:19 pm

Re: OSCP Walkthrough

Speaking of scheduling the exam, I was going to register for Saturday, July 24th but all sits were taken. Having my daughters every second weekend, I tried August 7 or 8 with no chance. I finally got a slot on August 21st!

I have to wait almost 2 months!

So zeroflaw, book your exam way in advance, especially if you are planning on doing it on a weekend...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1911

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Jul 07, 2010 9:56 pm

Re: OSCP Walkthrough

Yeah, the better your documentation is during the lab, the easier it will be to put it into a report. Personally, I didn't spend much time in the lab and only compromised about 6 or 7 systems. I just didn't have the time to spend playing around. I didn't use leo or basket. I used an Excel spreadsheet to keep track of what I was doing, with one sheet giving me an overview and each system having its own sheet. Just my preference of doing things I guess.

And I agree on scheduling the exam. It's a pretty bad interface imho. I ended up sending an email out to those guys to ask them what times were available for the next couple Fridays/Saturdays, then from there I went back and selected one of those times. Each one I had tried before that I just got the message saying it was unavailable. I think I suggested they should do something similar to Prometric, with a calendar that shows available dates/times rather than playing a guessing game with the system.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jul 09, 2010 4:56 am

Re: OSCP Walkthrough

thanks for the replies and i will get to the 2x24h part as soon as i get my next chapter finished! also great advice on the exam planning, i will keep it in mind when i am getting close to my last lab days.
CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1911

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Jul 19, 2010 10:33 am

Re: OSCP Walkthrough

How's your course going? Any updates?
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Mon Jul 19, 2010 11:59 am

Re: OSCP Walkthrough

just hit rock bottom working on the lab machines >:(, more on this next friday!
CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

partek

Newbie
Newbie

Posts: 27

Joined: Thu Feb 28, 2008 6:15 pm

Post Mon Jul 19, 2010 1:05 pm

Re: OSCP Walkthrough

OSCP is a tough course and really forces you to come up with some interesting and unorthodox solutions. I remember spending many a late night trying to break into the lab boxes.  It's very frustrating, but is definitely the most rewarding course I've ever taken.
CISSP, CISM, CISA, CCNA Security, OSCP, CEH
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1702

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Jul 19, 2010 3:46 pm

Re: OSCP Walkthrough

I fully agree with partek.  Just take your time, j0rdy, and take breaks and rest, if you feel like you're hitting a wall.  (muts and company would agree, especially when you're taking the exam.)  Always remember, on the boxes, to look for the: who, what, where, when, why and how - as a moderator on the IRC chat reminded me during my lab time, as I hit a wall at one point on one box in particular.  I asked, not for an answer, but for some sense that I wasn't WAY off on the machine, and he gave me that advice (and I wasn't far off, after all, once I stepped back and rested, then reconsidered some things.)

Keep it up.  It's worth it !
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Tue Jul 20, 2010 3:10 am

Re: OSCP Walkthrough

This makes for a great read Jordy, and will be most useful for other people trying their hands at the course (hopefully including me).

As a possible suggestion: maybe you can add the newly written parts in the first post? It's easier to then read the whole thing in one post, instead of having to scroll through, what I imagine, will become a very long thread :)

Thanks a bunch for taking the effort to write it all down m8, looking forward to more of your experiences with PWB!
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Thu Jul 22, 2010 3:52 am

Re: OSCP Walkthrough

Great idea Anquilas! let me get on it straight away! remember to stay tuned for the next update coming this Friday!
CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Sat Jul 24, 2010 6:46 am

Re: OSCP Walkthrough

as promised:

I finished all the modules that are covered in the videos and skipped in a fast pace through the last ones in the lab guide. Some topics were complete new for me like ARP spoofing, buffer overflows and client side attacks. Thanks to the good and simple explanation that takes you step by step through the process i managed to get through them with succes. The further i got in the course, the more i was amazed of the knowledge that the course comprehends (and i lack).ou  I want to give massive kudo's to the Offensive Security team for this course. You know you are watching/learning from true professionals when they master the difficulty of the art, but make it look easy. This is exactly what they do.

After finishing the modules i started to review the information gathered about the labs you collect through the exercises. The reconnaissance part gives you heaps of info about the targets in the labs, but found out quick enough that i had to start documenting properly. I started with putting all the important information i gathered in the sample test report you receive at the start of the course. This helps in getting that overview of the target and lets you set that aim for your first targets. I tried to spend a full day in the week on this course doing exercises and practicing, and an hour a day to read/watch the material. At this point i am halfway through the 60 days i have, so i recommend everybody to take the 60 day course.

Now we got that out of the way it is time for the interesting part: The lab machines! At this point i only spend a few hours in the lab, which comes to about the 24h you need for the exam. At this point i targeted about three machines. results? Nothing! Remember that feeling i talked about earlier that you can hack the planet? This gets shot into a thousand pieces when you actually start on the lab. At first this got (and still does a little) me really frustrated and insecure about my freshly aquired knowledge, but then again, if it would be a walk in the park everybody would be OSCP certified.

At this point i can identify most of the vulnerabilities that the machines have, and theoretically explain how to exploit them, but when i try the exploits that are discussed in the material in practice i always seem to find a little twist that makes it not work the way it supposed to. The frustration feeling i got with this experience quickly turned into motivation to try harder and get as far as possible in the labs. I got this feeling that once you have hacked your first one, the next few will come within no time, and guess what: i was right! After spending another few hours in the lab i managed to get into a few machines! I see that the difficulty of the machines varies from 1 click hacks to almost impossible. All i can think of now is that this is more challenging and most important, more fun then i could imagine! This is like playing around in the biggest playground there is, and get certified at the same time. Once you have experienced this you will never want to take a normal certification course again!
CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1702

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Jul 24, 2010 7:42 am

Re: OSCP Walkthrough

Great job, j0rdy, and glad you're progressing.  You'll continue to have even more fun in the labs.  Something to be aware of, as you progress... There are a few, whose IP's and names I won't disclose (both because 'we can't' and because that would take the fun and learning out of it for you,) that you'll need multiple steps / exploits to truly beat.  Your challenge will be thinking of not only how to get that first access into the box, but how to move deeper on it, and root it / get SYSTEM.

Be patient, think things through, and when in doubt, 'talk it out.'  Sometimes that inner monologue, in your head, if you walk away from it for a bit, is the best thing for the situation.

What I can say it this, having already passed the course and exam, I'm enjoying reading your take on it, and your descriptions of it all make this an interesting read.  Keep it up!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Sat Jul 24, 2010 8:52 am

Re: OSCP Walkthrough

Nice post, j0rdy. Looks like you're finally getting your rhythm.
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Mon Jul 26, 2010 4:00 am

Re: OSCP Walkthrough

I'm following your adventures in OSCP with great interest m8, keep it up and kick ass in the next 30 days!
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
PreviousNext

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software