.

OSCP - advice and grasp

<<

mackwage

Newbie
Newbie

Posts: 2

Joined: Mon Nov 08, 2010 11:37 am

Post Mon Nov 08, 2010 3:37 pm

OSCP - advice and grasp

Greetings all! This is mainly directed towards those holding the OSCP status.

I have passed the CEH and took the PWB version 2.0 course last year. I failed the final cert test (so I have a great idea of what is on it so don't worry about spoiling anything for me) but did not schedule a retake as many of life's hurdles got in the way.

I recently purchased the upgrade to the 3.0 version as well as extra lab time and a cert test retake. I have around 30 days left in the labs, completed all of the modules and started penetrating some of the machines in the first student network.

I have two grand questions and I understand the first one is rather subjective because it can have many variables:

1. How far do you personally think one should be able to penetrate the thinc.local network before being comfortable with the cert test? Like I said, I understand it's a very subjective question but your take on information in the labs and exploits performed in the thinc.local network versus the cert test would help great.

2. What outside resources have you used to further develop your learning of the content? Specifically do you have any great links to sites that you found particularly informative or helpful on the different topics? I have done TONS of Google searching and found some useful sites but a LOT of outdated ones as well.

Thanks in advance!
Last edited by mackwage on Mon Nov 08, 2010 4:02 pm, edited 1 time in total.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Nov 08, 2010 4:02 pm

Re: OSCP - advice and grasp

hey mackwage,

welcome to the forums. I'm not too sure if the v2 examination differs between the v3 examination but I'd imagine it would. To answer your first question:

1. How far do you personally think one should be able to penetrate the thinc.local network before being comfortable with the cert test? Like I said, I understand it's a very subjective question but you take on information in the labs and exploits performed in the thinc.local network versus the cert test would help great.


A similar question was asked on the offsec forums which you should have access to, and a summarized answer to it was that they suggest penetrating a minimum of the all of the machines in the student network disregarding some of the harder machines. The link to this thread can be found here.
My personal opinion on this is I think you should penetrate every machine you can in order to help prep you for the exam. I personally wasn't able to hit every machine on the student network but I did get access to all 4 subnets and hit a few machines on them too. Every successful penetration into any lab machine makes you feel more ready for the exam.

2. What outside resources have you used to further development your learning of the content? Specifically do you have any great links to sites that you found particularly informative or helpful on the different topics? I have done TONS of Google searching and found some useful sites but a LOT of outdated ones as well.


I had posted my review of Pentesting With BackTrack on my site (but it's currently down right now), you may want to check out this link in a couple of days -> My PWB v3 Experience. I still have access to the resources that helped me out throughout the entire course so hopefully these will help you out:

http://carnal0wnage.blogspot.com/

http://www.exploit-db.com/

http://securityfocus.com

http://ethicalhacker.net

http://www.offensive-security.com/metasploit-unleashed/

http://irongeek.com

http://securitytube.net/

http://www.packetstormsecurity.org/

http://www.securityaegis.com/

http://synjunkie.blogspot.com/

http://www.corelan.be:8800/

Milw0rm was up at the time and it helped out too - but the sites gone now. That's okay though because exploit-db's taken over the project. There's a few active OSCP's on this forum so don't hesitate to ask other questions, were here to help! Good luck on your adventure in the course, I had tons of fun!

-kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

mackwage

Newbie
Newbie

Posts: 2

Joined: Mon Nov 08, 2010 11:37 am

Post Mon Nov 08, 2010 4:10 pm

Re: OSCP - advice and grasp

Thanks greatly for you quick answers and links! I have not been to the last six sites you listed.

The main area I am trying to focus on right now is priv escalation. On many of the lab machines I have low priv shells and am having a difficult time escalating to root/system/admin.

I look forward to seeing your site once it is up!

Thanks again!
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Nov 08, 2010 4:13 pm

Re: OSCP - advice and grasp

Your welcome. Privilege escalation is definitely a necessity in the course! I'll bump this thread when it's back up if it gets backed up too far.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software