.

My OSCP journey...

<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Sat Aug 18, 2012 8:12 am

Re: My OSCP journey...

Thanks for the resources
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Aug 18, 2012 11:41 am

Re: My OSCP journey...

sternone wrote:I will tonight also look on amazon what good beginners books I could buy for some more Assembly information. Any advise ?


As mentioned, Security Tube has a good Linux assembly primer available. I'm not of the fan of the AT&T-style syntax, so make it a homework lessen to convert the examples to Intel-style and use nasm instead ;) http://www.securitytube.net/groups?oper ... &groupId=5

http://www.amazon.com/Assembly-Language ... s=assembly is the best written resource I've found for getting started in assembly. Some of the reviews bash it over a chapter where he uses a weird analogy to explain counting in bases other than 10. I agree, it's weird. However, you should already know how to convert between hex, binary, and decimal, so just skip it. The other problem is that the debugger he used was unfortunately dropped from the Ubuntu repo shortly after the book was published. Just use Evan's Debugger or grab an old version of Ubuntu (8.10 works, I believe). This is another Linux resource. You'll probably be working mostly on Windows, but aside from the system calls, it's going to be nearly identical because it's the same hardware. This book uses the Intel-style syntax.

http://www.amazon.com/Professional-Asse ... s=assembly goes beyond the book I referenced above (and is actually mentioned as a next-step at the end). This probably goes above-and-beyond what you're looking for at the moment. It covers floating-point arithmetic and various extensions to the instruction set over the years (at least up until 2005 when it was published). It's an interesting read, but like I said, probably not entirely relevant. This book unfortunately uses the AT&T-style syntax, but it's another opportunity to practice converting the examples to Intel-style ;) (granted, you'll probably find a lot of AT&T-style examples in the Linux world, so it's good to be acquainted with both)

As awesec mentioned, the Intel developer docs are going to be your end-goal. You're not going to find a more complete and comprehensive resource.

sternone wrote:Unicorn doesn't allow you to give 200-254 as an option for hosts, you need Unicorn to give 192/26 or 0/24, that's why I ran into trouble...


Not the best use of unicorn scan, but:
for i in `seq 200 254`; do unicornscan -p p 192.168.1.$i; done

You could also use the largest range within the limit and use the above for the stragglers.

sh4d0wmanPP wrote:Hmm, I really wanna do this course but lack the time right now. I can recommend Smashthestack.org IO challenges for anybody that wants to improve their exploitation skills before opting for OSCP. I found it beneficial as it improved my gdb knowledge and general Linux exploitation skills.

Currently contemplating if I should do eCPPT in the mean time (since they have flexible labtime) but a bit scared I know most of it already.

If you need custom shellcode and have no access to metasploit, this is a good resource: http://www.shell-storm.org/


Yes, nice links. Remember that exploit-db.com has a lot of custom shellcode as well.
Last edited by dynamik on Sat Aug 18, 2012 11:44 am, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sat Aug 18, 2012 2:18 pm

Re: My OSCP journey...

Thanks for your comments ajohnson, I appreciate it.

I just finished watching the first 5 videos of SecurityTube on Assembly for Hackers. I will watch the rest probably tomorrow. I speak and understand completely Hindi English now fluently ! :-) Great work from that guy, he's awesome and a good teacher.

I also ordered the 2 books from Amazon plus the one that I wanted to read since a while : http://www.amazon.com/The-Web-Applicati ... CYHPPNDRZF

I know that the 30 days to finish the lab isn't going to work. It will be a 90 day walk for me, that's for sure.

My question is: Are the offensive books on Amazon are worth it ?

Metasploit: The Penetration Tester's Guide
Metasploit Penetration Testing Cookbook
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

??
Try harder....hmpf!!
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Aug 18, 2012 3:20 pm

Re: My OSCP journey...

sternone wrote:Thanks for your comments ajohnson, I appreciate it.

I just finished watching the first 5 videos of SecurityTube on Assembly for Hackers. I will watch the rest probably tomorrow. I speak and understand completely Hindi English now fluently ! :-) Great work from that guy, he's awesome and a good teacher.


No problem. It's funny how quickly you can adapt to a strong accept. As with Vivek, a good friend/ex-coworker of mine was from Colombia and had a very strong accent. I could barely understand him for the first couple days we worked together, and then I just suddenly stopped noticing it. 

sternone wrote:I also ordered the 2 books from Amazon plus the one that I wanted to read since a while : http://www.amazon.com/The-Web-Application-Hackers-
Handbook/dp/1118026470/ref=wl_it_dp_o_pC_nS_nC?ie=UTF8&colid=35XU0SBV7PHQ&coliid=I2DKCYHPPNDRZF


WAHH2 is a great book, good choice. If you're looking for a bit more in-depth read on SQLi, consider http://www.amazon.com/Injection-Attacks ... 1597494240 as well (no rush, it'll take you awhile to get through WAHH2; save that for a rainy day). Syngress also has an entire book dedicated to XSS, but I haven't had a chance to go through it yet.

sternone wrote:I know that the 30 days to finish the lab isn't going to work. It will be a 90 day walk for me, that's for sure.


Yea, 30 days is a really aggressive schedule. You need to space out all the frustration, so you don't get an aneurysm  ;)

sternone wrote:My question is: Are the offensive books on Amazon are worth it ?


That totally depends on the book.

sternone wrote:Metasploit: The Penetration Tester's Guide

That's a very good book, especially for someone with little-to-no Metasploit experience. Also, it'd be hard to go wrong with Dave Kennedy and all the OffSec guys (along with a stamp of approval from HD Moore). Sil wrote a review not too long ago (http://www.ethicalhacker.net/content/view/418/2/). Remember that Security Tube also has a Metasploit series, and there's always Offensive Security's free course as well: http://www.offensive-security.com/metas ... /Main_Page

sternone wrote:Metasploit Penetration Testing Cookbook


I don't have any experience with this one, and it seems to overlap a lot with the previous resource. I'd start with the other one and the free course and see if you feel like you need another written resource beyond that.

sternone wrote:Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

This book actually looks like it has decent content, but the title is ridiculously embellished. That's unfortunate. Just glancing at the ToC shows that about half the content is basic material that you'd probably find in most penetration testing resources. It's probably got a few chapters that would stand out and be worth a cheap used price, but $60 seems pretty steep.

sternone wrote:The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy


I'd drop this one off your list of potentials. It's probably a fine book for what it is, but I don't think it's going to teach you anything you're not covering elsewhere.

If that wasn't enough, Tom from Hacking Dojo also has a book that, in addition to generation penetration testing techniques, also covers some business and project management information. This isn't as exciting as popping a box, but it's important information for aspiring professionals: http://www.amazon.com/Professional-Pene ... enetration

This one also covers a lot of general tools and techniques and may be worth a look: http://www.amazon.com/Penetration-Teste ... enetration

You're on your own as far as all those go. Just go with what looks interesting to you. You'll find that you're going to have diminishing returns with each resource you use. You may find the first book you read to be 95% new and exciting, but your fifth or sixth book may fall to 15-20%. You'll probably get something out of any resource you go through, but you need to determine if that's going to be the best use of time and money.
The day you stop learning is the day you start becoming obsolete.
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sat Aug 18, 2012 4:28 pm

Re: My OSCP journey...

Thanks ajohnson for your efforts. Great advise for anybody wanting to have a good advise on some books  :-)

I was really surprised to see that after getting a shell on my first exploit the application actually didn't crash. It gave me a shell and it kept on running. It was my idea that buffer overrun hacks always crashed the application or the server, apparently it did not.

When I exited my shell, the application closed but I guess I could fix that with a good JMP to a good location in the code when the shell code exits.

Great!!!
Try harder....hmpf!!
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Sat Aug 18, 2012 10:07 pm

Re: My OSCP journey...

I think the following three books will give you the most knowledge combined with the OSCP track, although it can be pretty complex:

Metasploit: The Penetration Tester's Guide
The Shellcoder's Handbook - Discovering And Exploiting Security Holes
Web Application Hacker's Handbook (not sure how much web-attacks come back in the exam as they also seem to be developing a webapp track)

I did read "Advanced Penetration Testing for Highly-Secured Environments" but it is not as advanced as the title suggests. Better pick it up second hand and use the money you save to put into obtaining more certs or have a beer.

Further more I like to mention:
Ninja Hacking - Unconventional Penetration Testing Tactics and Techniques

This books covers some unrealistic attacks but also hands out a nice selection of attacks that can be used and usually not come back in other books. For example I liked the mention of disrupting an admins routine to add stress to his daily work and by doing so make him less focused on the work at hand. I know most attacks will be out of scope but nevertheless it is a nice read and of course these tactics can be applied by blackhats without restriction.

On my "to read" list:
Rootkits - Subverting the Windows Kernel
Practical Packet Analysis 2nd Edition
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sun Aug 19, 2012 3:53 pm

Re: My OSCP journey...

Thanks for the advise Sh4dowmanpp


UPDATE ON MY DAY NUMBER 8

I just found a nasty problem that took me practically all Sunday to fix.

I'm happy on one hand that I found it, but I'm disgusted that I lost a whole day trying to find the solution, thinking... did I really learn somebody because they made this stupid thing 'part of the learning process' ?

I mean, if there's one negative comment I can give about the OSCP course it's what I have done today fixing that problem they put in there 'intentionally' ...

I'm a little pissed off now, so it's time for a break, no more OSCP today !!!!

>:( >:(
Try harder....hmpf!!
<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Sun Aug 19, 2012 9:48 pm

Re: My OSCP journey...

Nice advice Sh4dowmanpp... those are all great books.

Sounds like you need a little rest Sternone.... get some air and some sun....

Hope the rest of the training goes well  ;)
<<

beastmode19888

Newbie
Newbie

Posts: 3

Joined: Sun Aug 19, 2012 9:41 pm

Post Sun Aug 19, 2012 10:18 pm

Re: My OSCP journey...

Man I took this course and it is a beast when you get the exam. Stay on top of everything your doing. I did not pass the Exam but I took this exam before I became a Ethical Hacker. I h ave used the skills I learned to increase my Hack Game in the cyber world. I have been capable of creating new up to date videos for others to review that may help them pass exams such as the OSCP.

[glow=red,2,300]http://www.youtube.com/beastmode19888[/glow]

My videos have been posted by others on SecurityTube.net and also Tweeted. I hope that some of the videos will inspire all if any to want that drive to get to the next level.

When money is right I will be returning to achieve my OSCP Cert.

Remember "Try Harder" and I intend to
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Aug 20, 2012 3:25 am

Re: My OSCP journey...

Cool sounds like everyone who done this has learned lots it makes me want to do the course even more than I already do.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Tue Aug 21, 2012 4:08 pm

Re: My OSCP journey...

DAY NR 10

Ok ok ok. I was pissed. I took a day off yesterday to let it rest a while and thinking it over. I learned an important lesson on Sunday.

Here it is :

IN PENTESTING NEVER TRUST ANYTHING........ NEVER!!! 

NEVAHHHH!!!!

You see, they teached me a lesson. Probably a good one.

I started with unit 7, using others people exploits. BT is such a good distro,  If they would ask money for it, I would pay !!!
Try harder....hmpf!!
<<

ricercar

Newbie
Newbie

Posts: 1

Joined: Sun Jul 15, 2012 12:04 pm

Post Tue Aug 21, 2012 4:21 pm

Re: My OSCP journey...

I did 90 days at the end of 2011, abandoned it due to time constraints, and started again on the 13th. I learned a LOT since I stopped!

9 servers with root shells!
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Tue Aug 21, 2012 4:27 pm

Re: My OSCP journey...

MY WORKSTATION

Ok guys,

I did do something cool today, I ran BT on different screens. After months working in the 'most hated file on the linux platform xorg.conf' I finally just got it running with a virtualmachine running under linux.

Ok guys, I have to confess. I like my monitors !!!
Try harder....hmpf!!
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Aug 21, 2012 7:37 pm

Re: My OSCP journey...

Damn. My setup sucks balls.
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Wed Aug 22, 2012 2:57 am

Re: My OSCP journey...

I don't know man, I think you may need to add another screen on the bottom (4 and 4)..then it would be a real hackers lab.
OSCP in progress
PreviousNext

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software