.

OSCP Strategy

<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Oct 04, 2010 7:09 pm

OSCP Strategy

I'm currently 2 weeks into the OSCP. I heard that for the final exam you are only able to use Metasploit one time. Armed with that new information, I'm trying to ween myself off my favorite tool and go back to a manual process.

My question for the OSCP cert folks is about a strategy. If for example, you find a box that is vulnerable to ms08-067, instead of using metasploit, you'd have to search for the exploit and find a POC. Then, you'd have to understand the code to enough to be able to fix it for your own environment. Would you say this is correct?

If this is so, I'd say you've got to master fingerprinting and have ninja skills in finding exploit POCs.

Your thoughts?
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Oct 05, 2010 12:10 am

Re: OSCP Strategy

Proof-of-Concepts, modifying existing exploits, etc - all of these concepts are covered in later on modules. Understanding the code enough to be able to fix it for the appropriate situation is what will play a huge part in any pen-test you do.

I'd say you've got to master fingerprinting and have ninja skills in finding exploit POCs.


This is a definite. No one taking the course is suppose to reveal any specific details about the exam itself, but whenever you do plan on taking the exam be prepared for anything. The OffSec guys have put together a great course and you truly have a lot in store for you. Be sure you grasp each attack vector and take advantage of the lab time you paid for.

-Kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Oct 05, 2010 6:48 am

Re: OSCP Strategy

@cd1zz: My best advice would be:

1) Go through the videos
2) Do all exercises, including the "Extra Mile" ones
3) Hack your way into many, many, many, many lab machines and find your way into the other networks (dev, IT and admin)
4) Then worry about what you are missing for the exam

The exam is very tough and it is too big to discuss learning strategies here. But if you follow these 4 steps, you should be fine!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Tue Oct 05, 2010 9:56 am

Re: OSCP Strategy

I don't know what to say about the challenge without giving away important details about the contents and working, but xXxKrisxXx and H1t M0nk3y have made very important points. Remember, fingerprinting is crucial for a successful pen test.
<<

linares189

Newbie
Newbie

Posts: 2

Joined: Thu Oct 07, 2010 2:55 am

Post Sun Oct 10, 2010 7:47 pm

Re: OSCP Strategy

Hey all. I'm also going through the course and spending a lot of hours in the lab banging away at things. I've had some problems getting nmap scans to work, which might hurt for time in the challenge maybe. (Nmap reports host is down though I can reach it through other means like netcat, etc. not sure if this is how it's "supposed" to work in the lab or not.) Doing things more manually sounds better but may push a 24 hour window, wouldn't it?

linares
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Sun Oct 10, 2010 7:52 pm

Re: OSCP Strategy

linares189 wrote:Hey all. I'm also going through the course and spending a lot of hours in the lab banging away at things. I've had some problems getting nmap scans to work, which might hurt for time in the challenge maybe. (Nmap reports host is down though I can reach it through other means like netcat, etc. not sure if this is how it's "supposed" to work in the lab or not.) Doing things more manually sounds better but may push a 24 hour window, wouldn't it?

linares



Try -T2 or similar for nmap scans and it should be fine . I think its a problem with they VPN they used .
It has become appallingly obvious that our technology has exceeded our humanity.
<<

linares189

Newbie
Newbie

Posts: 2

Joined: Thu Oct 07, 2010 2:55 am

Post Sun Oct 10, 2010 7:58 pm

Re: OSCP Strategy

COm_BOY wrote:Try -T2 or similar for nmap scans and it should be fine . I think its a problem with they VPN they used .


Will do thanks. I was trying -PN and no game. As long as I know it's a bug and not a feature I'll just try em all.

linares
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Sun Oct 10, 2010 8:27 pm

Re: OSCP Strategy

linares189 wrote:
COm_BOY wrote:Try -T2 or similar for nmap scans and it should be fine . I think its a problem with they VPN they used .


Will do thanks. I was trying -PN and no game. As long as I know it's a bug and not a feature I'll just try em all.

linares


-PN or -P0 means to avoid ping request since there are lot of host computers out there ( web )  which will block icmp and I would recommend to use this option normally , other then that -Tx ( where x is 0-5 ) means timings templates , remember 0-1 is for IDS :) . Other then that if they are still using OpenVPN I think its a problem what that , other wise it should run fine on other VPNs in real world .


Best of Luck
It has become appallingly obvious that our technology has exceeded our humanity.
<<

ssherei

Newbie
Newbie

Posts: 16

Joined: Wed May 19, 2010 5:56 pm

Location: EGY

Post Tue Oct 19, 2010 2:31 pm

Re: OSCP Strategy

well since your taking OSCP then the answer for you question will be withing the course modules trust me :D i know
OSCE, OSCP
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Dec 16, 2010 5:28 pm

Re: OSCP Strategy

Here we are - 2 months later and I passed the exam. Now I see the light :)

I've documented the experience on my blog:
http://networkadminsecrets.blogspot.com/

Thanks for everyone's input.
<<

Pookie

Newbie
Newbie

Posts: 47

Joined: Fri Oct 29, 2010 4:26 pm

Post Thu Dec 16, 2010 5:37 pm

Re: OSCP Strategy

Congrats on passing!
Certifications: A+, Network+, Security+
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Thu Dec 16, 2010 10:43 pm

Re: OSCP Strategy

Congrats
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Fri Dec 17, 2010 3:50 am

Re: OSCP Strategy

Nice review, congrats on passing!
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Fri Dec 17, 2010 4:14 pm

Re: OSCP Strategy

Congrats!
Nice review, it made me think again about doing the course.

I would like to go in the architecture / risk mgmt on the long run, but I still strongly believe that if don't know how the attacks are done you are not a good security specialist.
Doing a course like OSCP will help you more than enough understand how the things are working. Also, being a guy that works best under pressure I will full enjoy the rithm of the course. Being in Canada and having winter untill April, it will be a good way to enjoy.
The biggest problem will be my wife (and the kids) ...  ::)
Hmmmm
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Dec 17, 2010 4:48 pm

Re: OSCP Strategy

As another who fully understands, I'd say you've got the right mindset (with the wife and kids,) but I'll tell you, you'll find a way to make it work, and it's worth it when you've done it.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software