.

OSCP Walkthrough

<<

Dutchie

Newbie
Newbie

Posts: 33

Joined: Sat Jan 23, 2010 1:48 pm

Post Fri Aug 20, 2010 12:49 pm

Re: OSCP Walkthrough

hayabusa wrote:I think there'll be a bit more from him... hang tight.


Is the time-slot for the lab exercises that thight that there is no time left for a interim update, as promised!
RA, CISA, CISSP, C|EH, C|HFI, CWSP, LPIC-1
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 20, 2010 2:00 pm

Re: OSCP Walkthrough

It's a rough class, and does take a lot of your time, especially if you're doing it around a full-time job, etc.  So I'd venture he's been plenty busy, and thus, the delay in updating his thread / walkthrough.

It's hard telling where j0rdy's at (I don't know what he does with his non-course time - re: family, work, school, etc -  and he could've extended his time, too, depending on what package he signed up for.)  But I'm certain he'll be adding more, as he concludes his time and / or takes his exam (with what he can give you, within the course / exam NDA)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Mon Aug 23, 2010 1:58 am

Re: OSCP Walkthrough

Here i am ;D

and hayabusa is right, this course has taken a lot of my spare time which i at the moment rarely have (new job, trying to keep my family/friends happy etc.). but here is a new update!

[quote]
Hacking along and preparing for certification

Ok, my labtime is officially over. I managed to get into about 60% of the hosts which leaves me with an unsatisfying feeling. If i knew the lab was going to be this big and hard i would have stared way earlier then i did now. i spend the first half working through the material which i could combine with playing around in the lab, but didnt. i suggest to start immediately if you want to get into the other subnets and make sure you get at least the 60 day course. The skill level of the lab differs from click and hack to complete manual procedures which makes it a pleasant environment to play in for everyone. You are certain to find a challenge regarding of the skill level you have prior to the course.

this brings me to one of the most burning questions at the moment: how hard is OSCP and is it suitable for beginners? i would say NO. If you have no prior knowledge in pentesting/ethical hacking this will knock you down and leave you in the gutter. Unless you have aquired the techniques of hacking and know how to penetrate systems you will have a very difficult time to gain the knowledge required to do well in the labs. I'm not saying its wasted time, because you will learn (a lot!) and you have sufficient time, you probably will have a decent chance to pass. i found it hard to find time because of my new job which kept me pretty busy and i guess you will have occupations too, so keep that in mind. Compared to CEH, wait...what is there to compare? i thought about this a long time but i cant seem to find any similarities between the two courses. the only way to describe it is as followed: CEH: start talking it. OSCP. start doing it!

At this point i am working on my report that you will need to hand in once the exam is finished. I am describing all the hacks i made within the labs and the exercises i made during the course. Remember to make it as complete as possible to make it look just as a real pentest report. I planned my exam somewhere next month, this give me some time to go over the material again and to put in some work on some of the extra mile challenges to make sure i completely understand all the techniques mentioned. i have no idea what to expect, but i am preparing for hell! wish me luck!

Next up: Exam time!
[\quote]
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Aug 23, 2010 9:50 am

Re: OSCP Walkthrough

and there he is!

Congrats on getting through your lab time, j0rdy! 

My advice to you, now:

Spend the next bit of time, as you said, cleaning up and preparing the final report.  What I'd recommend (without giving any specifics) is to template the sections, like you did for each host you did in the labs, into your appendix or section you're going to use fot the exam machines.  Then your format for those is already prepared, and you can simply add your notes, screenshots, POC code, etc, to those, one you've gotten done with your 24-hour exam.  (Because, you have to remember, after the exam, you only have an additional 24 hours to submit the report.)  The more you have prepared in advance, the easier it will be to organize and submit your data, after exam day.

Then, review a little, anything you had any questions on from the labs, and then relax until exam day, focusing your time on those other things that matter (job, family, etc) and let yourself wond down a bit.  Then, when test day arrives, you'll be refreshed, and ready to settle in for your exam.

One more thing I can tell you.  IF you approach the exam right, you can get your 'passing score' pretty quickly.  I passed within about 7 hours.  However, I went after the perfect score, since Ryan Lynn set such a high target.  I didn't get it, but afterwards, found out I was extremely close to finishing, on the LAST machine in the exam. <sniff>  Oh well, considering I was in physical pain throughout, I was pleased with my result!

Good luck, and let us know when you schedule it, etc.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Mon Aug 23, 2010 10:00 am

Re: OSCP Walkthrough

Thanks for taking the time to update j0rdy!
Great read as ever.

Good luck on the final run, kick some ass! :)
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue Aug 24, 2010 2:10 am

Re: OSCP Walkthrough

thanks guys! i know i am not 100 points material, but i think i can give myself a fair opportunity, even with my (limited) background. i cant wait to start on the exam, but on the other hand i really want to play in the lab a little more because i have learned so much from it and i want to learn even more!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Thu Sep 16, 2010 11:57 am

Re: OSCP Walkthrough

Last update before the exam!
This is my last update before i will take the exam this weekend. It will be less informative then the previous posts i made but i want to give you all a view on how i stand thowards the exam, mental wise. i cant stop thinking about the score hit monkey got on his first try. I believe we are skillwise pretty equal. Giving the fact i am only in security for about 1.5 years now, i almost cant believe how far i already came, but the big question is will it be enough? i really want to pass the exam just to prove i learned all these skills and that i can put them in use.

At this moment i feel pretty confident about the knowledge i have optained. The one thing that worries me most is the time window in which i have to operate. Because i am on almost the other side of the earth, none of the starting times are great. You have the option of choosing several starting times going from 4pm to about 22pm. This means you will have to pull an all-nighter, no matter how good you are. This gives the whole experience a nice ring to it though. Pulling an all nighter just like real hackers do in movies. Can you imagine the dark room, lighted by just a computer screen, and the only sound you hear is the soft thicking of the keyboard and the brain cracking of a hacker that is working his ass off to get that root-shell? just thinking about it makes me all hyped up to get stared! Luckily i took a day off (sort off) so i can prepare myself for this. i'm planning on getting plenty of food and drinks (caffeine is your friend is such situations) so i dont have to waste any time on less important things like if i have enough to fuel my body for this experience.

After practicing in the labs i found out that if i really put myself to it, i can hack most of the hosts without any real problem. The only thing is that when i do, i dont have a time limit in which i have to finish. Some of the hosts took me a really long time because of the extra knowledge required to make the actual hack. Luckily not everything is chewed out so you really have to think on your own to achieve the result wanted. Because of my slim pre-knowledge this takes me longer then with someone who has more experience. the best advice in these situation IS just to try harder. In the end i get there, but with significantly more time and effort. I think time will be my biggest enemy. Wish me luck and i will post my post exam experience when i'm ready to do something else besides sleeping.

Next up: ???
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Thu Sep 16, 2010 12:03 pm

Re: OSCP Walkthrough

Good luck! And keep that positive attitude. You've proven you can do it in the labs....
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Sep 17, 2010 8:09 am

Re: OSCP Walkthrough

I wish you all the luck j0rDy!

My background is all about developing web applications. If yours is server administrator, it should help you in the exam.

Remember a few things. Each machine in the lab are worth different points, but for me, the "easiest" machines turn out to be the hardest... This is obviously due to a lack of experience on my part, but just don't be afraid to tackle the "big" ones.

That being said, you may get a totally different exam then mine was, but still...

Also, you will have a little bit less than 5 hours per machine. So take your time (yes, you will be awake all night!) and be careful not to do stupid mistakes toward the end. I mistyped an IP address after 22 hours into the exam and it took me almost 30 minutes figure it out... (yes, I was getting really tired!).

Finally, read your scan results properly. Something I didn't do for 2 machines!!

But hey, this can be done by humans!!!  ;)

Good luck, I will be looking at your result.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Fri Sep 17, 2010 8:19 am

Re: OSCP Walkthrough

You sound as prepared as you can be J0rdy, so just go for it :)
We'll be here cheering you on, let us know how it went afterwards!
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Sep 17, 2010 8:26 am

Re: OSCP Walkthrough

I like these tips. I am still studying for eLearnsecurity and sometimes I study the metasploit-unleashed from Offensiv-security to sharp my skill and when I pass those exams (yes CEH too) I will shoot OSCP
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Fri Sep 17, 2010 8:57 am

Re: OSCP Walkthrough

Don't forget to take (short) breaks too  ;) If you don't take a small break occasionally you will probably overheat your brain and you may end up in a deadlock. I know there is a big stress factor that you shouldn't eat, relax, or take long breaks while you're doing the exam because it's running and you need to get the right amount of points.

But if you're going in circles and you need fresh ideas, take a short break (perhaps a walk outside to the nearest store for refreshments you want and need) and think creatively about how you can solve the problem even though it may seem impossible it is not.  ;)
I'm an InterN0T'er
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Fri Sep 17, 2010 10:29 am

Re: OSCP Walkthrough

Good luck j0rDy! r00t those boxes!
ZF
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Sun Sep 19, 2010 9:20 am

Re: OSCP Walkthrough

I got Pwnd...

No seriously...like a script kiddie. I cant really figure out what happened. Maybe it was the long night, the fact i was more nervous then a bouncing toothpick, or perhaps just lack of skill? Anyway the mail was right on time, i logged in, started on the first host and bam! 5 hours gone. I was almost there but decided to let it go cause time was ticking. i went for the other hosts where i pretty quickly got a shell on one of them, but spend hours to make it a root one. No luck. The other hosts were just playing with me. I found several vulnerable services, but somehow i couldnt get that shell. And then, time's up. I got nothing! No shell, No exploit that worked for me. Perhaps this was where my lack of programming skills came in. I spend too much time figuring out how to make the exploits run, let alone if they worked. I feel defeated, almost humiliated. Even though somewhere i keep thinking wow, i cant believe how much i have learned in the past couple of months. At this point im having trouble to be entheusiastic about it, but thats just to blame on the exam results, and the 3h sleep i got.

I expected it to be hard. Heck, i was even sure i would need all the luck in the world to pass, but this result left me bedazzled. I guess this closes the ever ongoing CEH vs OSCP debate. Even if you can pass the CEH exam with two fingers up your nose, OSCP is a whole different ballgame. this certification truely separates the men from the boys.

the positive thing about this is that now i know where my weak points are. i will work on them first, expand my skills further, become more knowledgable and eventually i will succeed. i have never given up on anything in my life, and this will not become my first. I feel there is no point in taking the exam again any time soon, but when i feel i have progressed both skill and time wise, i will be ready for the biggest challenge of my life once more...I wish we could end this walkthrough with better news, but hey, guess i just have to: try harder...
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Sep 19, 2010 10:34 am

Re: OSCP Walkthrough

Here's a tip for you, j0rDy...

If you got even semi-detailed scan results from the exam, or have versions of specific software you came across on the targets, see if you can't setup some of those in a lab, on your own, and spend some time on them.  While you may not have found many / all, you can grow, simply by setting up what you DID see, and working to figure out how to nail those programs / services. 

I'm sorry to hear you had a rough go of it.  I've been talking to several folks who didn't pass on first attempt, and it seems this latest version of OSCP is challenging for  'almost' everyone I've chatted with.  I'm glad, though, that you're looking at the bright side, and realizing what you HAVE learned and taken away from it, so far.

Remember, too, that IT security / pentesting is a never-ending learning experience.  You'll see folks like me, sil, Ketchup, former33t, don and others regularly posting about what we're working on or learning, currently.  It never ceases to amaze me, how much new and fun stuff there is to achieve in IT.  That's what drew me to the field, to begin with.  And the security aspects are literally the 'icing on the cake,' for geeks like me.  :P

Just keep studying, attempt some things on your own, similar to what you saw in the labs, and grow.  Either way, you take a lot from the experience.  (Although, I'm sure you'll keep with it until you pass, and I commend you for your hard work and dedication to it, moving forward.)

Take care, and keep us posted, as to how you proceed, and feel free to ask questions.  That's what we're all here for!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
PreviousNext

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software