.

OSWP Walkthrough

<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue Feb 22, 2011 6:02 am

OSWP Walkthrough

OK, since i got alot of positive feedback on my last "walkthrough" i made the descision to write another one for my OSWP certification. Again, if anyone got feedback/comments (Donald or the guys at Offensive Security) please let me know!

General info:
After passing the OSCP course i decided to take a well deserved break. After about a month something started itching ;). I was so impressed by the learning method used by Offensive Security i just had to go for another one. Giving the fact i went through hell (got there, got lost, wandered around for a long long time, and finally got back) to pass for PWB i decided to go for WiFu. The main reason for this decision is that i feel i am not yet ready to pursue OSCE, cause of my previous experiences with PWB. Another reason is that even though how much i ould like to learn it, writing exploits, learning assembly etc., it is a little bit out of scope for the work i do, but WiFi becomes a more important factor for me. And last but not least, it is a bargain!

When i clicked the sign up now button i noticed a different registration process. I received a mail with additional information about the course, and a registration form. From what i remember this is new. It is good to see that the guys at OffSec are not only working on the course itself, but also everything else that counts to become a good, respectable learning institute.

The outline is pretty much equal to the other courses. You will receive a lab guide (which is in size equal to the OSCP one!) and ofcourse the video's, which will take about 2.5 hours to get through. They also specify the required skills needed to pass the course. This is a little bit more then the "basic linux commandline skills". I quote:
"You need to have basic Linux skills in order to complete this course- meaning you should be able to navigate through the Linux filesystem, run simple commands, edit files and be comfortable in the command line in general."
They also provide an estimated time for completing the course, which is according to OffSec 2 hours. Giving i have played with WiFi and the air-suite before i guess it will be a little less, but we will see.

The labs are hosted by the student. This means no VPN to connect to as with PWB, but set up your own wireless network. Besides the fact that this is also good to know, it provides a nice look on the other side of IT security, which is in this case not hacking it, but properly configuring it. They also provide some tips on hardware which should not be a problem, cause most of the wireless adapters have good support in the latest version of Backtrack.

Finally there is an exam (ofcourse). This one will take about 3 hours including the time to prepare your results and to send them by mail. There are no pre set dates, but you have to schedule the exam within 4 months from your starting date. My guess is this will be no problem.

right now i am waiting for further instructions, and i must say i am stoked to be starting another OffSec course again!


(First) Impressions:
OK, this was supposed to be a first impression update, but since i already covered all material i will rename it to just impressions. As i suspected the course is significally smaller than OSCP. I knew this before i started the course, because of the CPE points you get for both exams. Ofcourse getting through the course so fast is partly my fault, because i spend almost the entire weekend on the course. First lets start with the course guide.

The first couple of chapters contain some background information on the wireless protocol. Mostly is about the used protocols and operating modes. Even though none of this information is required for the exam, it is very useful to read through to get a deeper understandig of the wireless protocol. There is also a chapter that covers the hardware aspect. While this information can be considered a little bit oudated because of the current developments within Backtrack 4 and the upcoming 802.11n protocol it makes the choice of hardware a little bit easier if you dont want to go dig in technical specifications of wireless adapters. This is something i decided to do just because i think it is fun.

Like mosts hackers i like new toys and if possible, the best toys available. I got myself an Alfa Network AWUS036NH, which is not supported out of the box by BT4R2, but there are tutorials around to get it fully working. I bought this specific one with current and future developments in mind, because the n protocol becomes more and more mainstream. While i was at it, i also ordered a 9dbi high gain antenna to make the picture complete. OK, enough about the hardware.

The course is mainly focussed on the aircrack suite. The last chapters cover some other tools briefly, but almost not noteworthy. I like the layout of the course, because the different attack techniques are explained before you start the actual attack. This gives a better understanding of what goes on while aircrack is doing what it does best. While doing some extended research on the tool (after getting some vague errors which somehow dissapeared after a reboot, so actually not noteworthy) i saw that most of the material is also covered on the aircrack site. This makes the course a little bit obsolete if you just want to learn WiFu and do not want to pursue the certification. Still the additional video's provide a good addition to the course guide.

Again, Mati does a great job explaining the different attack techniques and makes it all very understandable. I always say that if you have the power to make something difficult look easy, you truly master the skills. Even though some subjects may need some updates, (for example, why is still BT3 recommended with the madwifi drivers?) it is still a great course to follow. Since there are no real exercises in the course (except for trying everything yourself) i will skip this part and move right on to the exam, so stay tuned for the next update: Exam time!


Exam time!
[quote]
The exam exists of multiple WEP and WPA wireless networks that need to be hacked. There is a wordlist present for the WPA network(s), so do not worry about failing the exam because of a bad wordlist. The exam is more about how you got the result instead of the actual result. You have 4 hours to complete the exam and a total of 24 hours to send in the acquired results. They specifically ask for a workout of the steps taken and commands used which got you to your result. After this you will receive a reply with your results within a few workdays.

Different from the other courses, you will login using a SSH connection on a Backtrack3 box where the wireless setup has been prepared. The host has two wireless devices hooked up, which gives you the decision to choose your favourite driverset (Atheros or Alfa). Since i practised at home with the alfa my choice was obvious.

Saying this, there is really nothing more to tell about this course. I like the introduction chapters that give a better theoretical understanding of the wifi protocol. The big advantage of this course is that you will learn different attack methods to obtain the key which can be different depending on the state of the network (client/clientless, OPN/SKA etc.).

I received a reply on my submitted documentation within 24 hours, which was extremely fast! since i owned all the networks i figured i would most certainly pass, but there is always that little piece of doubt. Still when i got the results i was stoked i passed the course. Thank you again for all the feedback i received and for taking the time to join me once again in this walkthrough. I hope you had as much fun reading it as i had writing it. Thanks again to everyone for this great experience and the opportunity to tell others about my experiences within the security field. Until next time.
[\quote]
Last edited by j0rDy on Mon Mar 28, 2011 2:21 am, edited 1 time in total.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Feb 22, 2011 10:20 am

Re: OSWP Walkthrough

Hey j0rDy,

We really can't stop, isn't?  ;D

Thanks for your walkthrough. I was thinking on taking it eventually. You write nice reviews. You should talk to Don about writing an "official" review!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue Feb 22, 2011 10:47 am

Re: OSWP Walkthrough

H1t M0nk3y wrote:Hey j0rDy,

We really can't stop, isn't?  ;D

Thanks for your walkthrough. I was thinking on taking it eventually. You write nice reviews. You should talk to Don about writing an "official" review!


i guess we can't  ;)

Thanks and if Don wants me to save it for the front page, no problem, but then you guys have to play the waiting game...
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Feb 23, 2011 12:06 am

Re: OSWP Walkthrough

I like the walkthrough format, but I'm always willing to look for new articles. PM me.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Thu Mar 03, 2011 10:32 am

Re: OSWP Walkthrough

(First) Impressions:
OK, this was supposed to be a first impression update, but since i already covered all material i will rename it to just impressions. As i suspected the course is significally smaller than OSCP. I knew this before i started the course, because of the CPE points you get for both exams. Ofcourse getting through the course so fast is partly my fault, because i spend almost the entire weekend on the course. First lets start with the course guide.

The first couple of chapters contain some background information on the wireless protocol. Mostly is about the used protocols and operating modes. Even though none of this information is required for the exam, it is very useful to read through to get a deeper understandig of the wireless protocol. There is also a chapter that covers the hardware aspect. While this information can be considered a little bit oudated because of the current developments within Backtrack 4 and the upcoming 802.11n protocol it makes the choice of hardware a little bit easier if you dont want to go dig in technical specifications of wireless adapters. This is something i decided to do just because i think it is fun.

Like mosts hackers i like new toys and if possible, the best toys available. I got myself an Alfa Network AWUS036NH, which is not supported out of the box by BT4R2, but there are tutorials around to get it fully working. I bought this specific one with current and future developments in mind, because the n protocol becomes more and more mainstream. While i was at it, i also ordered a 9dbi high gain antenna to make the picture complete. OK, enough about the hardware.

The course is mainly focussed on the aircrack suite. The last chapters cover some other tools briefly, but almost not noteworthy. I like the layout of the course, because the different attack techniques are explained before you start the actual attack. This gives a better understanding of what goes on while aircrack is doing what it does best. While doing some extended research on the tool (after getting some vague errors which somehow dissapeared after a reboot, so actually not noteworthy) i saw that most of the material is also covered on the aircrack site. This makes the course a little bit obsolete if you just want to learn WiFu and do not want to pursue the certification. Still the additional video's provide a good addition to the course guide.

Again, Mati does a great job explaining the different attack techniques and makes it all very understandable. I always say that if you have the power to make something difficult look easy, you truly master the skills. Even though some subjects may need some updates, (for example, why is still BT3 recommended with the madwifi drivers?) it is still a great course to follow. Since there are no real exercises in the course (except for trying everything yourself) i will skip this part and move right on to the exam, so stay tuned for the next update: Exam time!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

AndyB67

User avatar

Full Member
Full Member

Posts: 100

Joined: Fri Jan 14, 2011 7:13 am

Location: UK

Post Thu Mar 10, 2011 4:28 pm

Re: OSWP Walkthrough

j0rDy,
Hope you can clarify something on this?

Have got the hardware and am playing with that and Aircrack suit atm with a view to doing the course and exam sometime after easter once I finally get my CCNA out of the way.

Been reading up on the Offensive Sec site about the course and note that the exam is only about 4 hrs.  Do they expect you to crack passwords within that time, if so what the hell with?

Depending on which txt or lst file I use, I can be looking at 20hrs+ for aircrack to 'crack' a cap file
Net+ Sec+ More to come
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Mar 11, 2011 3:16 am

Re: OSWP Walkthrough

I am not sure about that one. I think they require you to crack several networks, probably a WEP and a WPA one. WEP should be no problem if they use a simple password, which should be done within several seconds/minutes. For the WPA i see your concern. I guess since BT comes with a standard WPA password list i figure the password will be in there, otherwise it will be shooting mosquito's with a bazooka. Once i have done the exam i will give clarification on this. Wish me luck  ;)
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Mar 11, 2011 11:50 am

Re: OSWP Walkthrough

AndyB wrote:
Have got the hardware and am playing with that and Aircrack suit atm with a view to doing the course and exam sometime after easter once I finally get my CCNA out of the way.

Been reading up on the Offensive Sec site about the course and note that the exam is only about 4 hrs.  Do they expect you to crack passwords within that time, if so what the hell with?

Depending on which txt or lst file I use, I can be looking at 20hrs+ for aircrack to 'crack' a cap file


4 hours was more than enough time to do it. I finished in under 2, including the write up. I had to do both WEP and WPA, but more than that I will not say.

You're not cracking the passwords, you're cracking / recovering the wifi keys. There is a difference.

If you want to really get some side study done, besides just reading the Aircrack-NG site and howto, pick up Hacking Exposed Wireless Hacking.
OSWP, Sec+
<<

AndyB67

User avatar

Full Member
Full Member

Posts: 100

Joined: Fri Jan 14, 2011 7:13 am

Location: UK

Post Fri Mar 11, 2011 6:51 pm

Re: OSWP Walkthrough

Best of luck j0rDy

chrisj, i'm ordering it very soon!  Only question I have is, I've seen that there is edition 2 of the hacking exposed wireless.  Looking at the blurb with the books online, the edition 2 looks like it's bang up to date but should I be looking at the edition 1 book to help with the exam?
Net+ Sec+ More to come
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Mar 11, 2011 9:26 pm

Re: OSWP Walkthrough

That's actually a good question, and I don't know. I was suggesting the second edition to learn beyond what you'll need for the exam.
OSWP, Sec+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Sun Mar 27, 2011 10:42 am

Re: OSWP Walkthrough

Update: I passed!  ;D I will write the final update in a few days...
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Sun Mar 27, 2011 1:41 pm

Re: OSWP Walkthrough

Gratz j0rDy!  Some more knowledge to build upon :)
GSEC, eCPPT, Sec+
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Mar 27, 2011 1:53 pm

Re: OSWP Walkthrough

Congrats on passing, j0rdy!  Always nice to hear you're progressing.  Keep it up, and continued good luck!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

AndyB67

User avatar

Full Member
Full Member

Posts: 100

Joined: Fri Jan 14, 2011 7:13 am

Location: UK

Post Sun Mar 27, 2011 2:50 pm

Re: OSWP Walkthrough

Congrats and I look forward to reading you final installment
Net+ Sec+ More to come
<<

millwalll

Post Sun Mar 27, 2011 3:47 pm

Re: OSWP Walkthrough

I just passed this too. and 4 hours is more than enough I didn't find that exam that hard once i got my head around it first security certificate so was all very new.
Next

Return to OSWP - Offensive Security Wireless Professional

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software