.

My OSCP journey...

<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Wed Aug 22, 2012 3:24 am

Re: My OSCP journey...

Wow that looks like a pretty sweet setup.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

dbest

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Jun 23, 2011 1:14 pm

Post Wed Aug 22, 2012 6:41 am

Re: My OSCP journey...

@sternone - what the .......
CISM, CEH, CISA, ISO 27001 LA
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Wed Aug 22, 2012 6:57 am

Re: My OSCP journey...

YuckTheFankees wrote:I don't know man, I think you may need to add another screen on the bottom (4 and 4)..then it would be a real hackers lab.


Funny, I have it, but it's not connected, I needed it for another PC :-)

I have 2x NVIDIA Quadro NVS450 and on the other PC it's a ATI 2640
Try harder....hmpf!!
<<

satish.lx

User avatar

Newbie
Newbie

Posts: 36

Joined: Thu Jun 17, 2010 1:15 pm

Post Wed Aug 22, 2012 8:50 am

Re: My OSCP journey...

@sternone - you make me jealous
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Wed Aug 22, 2012 11:43 pm

Re: My OSCP journey...

REPORT DAY 12

So I finished doing the buffer overflow stuff twice. I feel like it's kind off important and I tried different payloads and stuff. I want to know it good both for linux and windows. Damn linux has some cool debugging tools I had no idea off, why would somebody ever pay for a program when we have anno 2012 such an amazing open source library ? ;-) Support ? Bah, if you're IT minded you shouldn't have any problems these days. I do understand for small non IT minded companies. But for the big corporations, I know how they work, and have worked with them myself for many years, they can put the right people on it and fix the problems themselves. I guess they still think : "Nobody got fired by buying IBM..."

Ok guys... back to OSCP !

This is it, I'm 2/3rd into the course and this is basically the first time I explicitly read in the manual : (not exact words, but it's how I interpret them)

"Go scan ip's in your range in the lab and try to hack them using exploits you just learned to find and use"

!!!!!!!

Let's gooooo!!! Who needs sleep ? I SLEEP WHEN I'M DEAD!!!

(probably will have to use their 'TRY HARDER' mantra from now on in the coming 9000 days or so :-)
Last edited by sternone on Wed Aug 22, 2012 11:45 pm, edited 1 time in total.
Try harder....hmpf!!
<<

dbest

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Jun 23, 2011 1:14 pm

Post Thu Aug 23, 2012 12:19 am

Re: My OSCP journey...

Buffer overflows are fun... aren't they?  I need to work on a few more...
CISM, CEH, CISA, ISO 27001 LA
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Thu Aug 23, 2012 1:11 am

Re: My OSCP journey...

ARE YOU KIDDING ME !!!!


2:09 AM

I JUST HACKED MY FIRST SERVER IN THE LAB GOT ROOT !!! YIHAAA


<and it's with a fun one -> a full buffer overflow with reverse bind shell!!!>
Try harder....hmpf!!
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Aug 23, 2012 1:48 am

Re: My OSCP journey...

Maybe this one helps to get a better understanding of the basic exploit development process: http://strategicsec.com/2012/08/16/expl ... e-mortals/
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Thu Aug 23, 2012 3:14 am

Re: My OSCP journey...

Was it one of the "low hanging fruit" or did you use a buffer overflow?
OSCP in progress
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Thu Aug 23, 2012 3:16 am

Re: My OSCP journey...

I've currently rooted 6 machines but my main focus for the next week is to get a system with either a buffer oveflow or some type of web app/sql injection attack.
OSCP in progress
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Thu Aug 23, 2012 3:18 am

Re: My OSCP journey...

Buffer overflow with reverse bind shell.

I'm kinda happy that I used that as my first rooted box :-)

I tried first a server but I gave up after getting halfway on it. Only did a little, then I just said, let me try some other servers. then the second one I buffer overflowed it. I LOVE BUFFER OVERFLOWS!!! They are freaking cool.

I can't say if it was low hanging fruit since I only rooted 1 yet.

Played on that server for 2 hours now going to take a quick nap :-)
Last edited by sternone on Thu Aug 23, 2012 3:21 am, edited 1 time in total.
Try harder....hmpf!!
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Thu Aug 23, 2012 3:29 am

Re: My OSCP journey...

Hehe I know the feeling you had since I recently started to play around with buffer overflows on the IO challenges of smackthestack.org

My biggest problem was understanding how to find the return address in gdb. By now it is going smoothly and I am a bit dumbstruck I did not understand this a few years ago. Also learned to abuse SETUID programs and using an egg + envirnoment variable to exploit programs. Very nice!

Anyway I will book the OSCP as soon as I am back from my Bangkok trip. Decided to skip on OSWP and ECPPT. OSCP is just awesome.
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
<<

satish.lx

User avatar

Newbie
Newbie

Posts: 36

Joined: Thu Jun 17, 2010 1:15 pm

Post Thu Aug 23, 2012 1:21 pm

Re: My OSCP journey...

You guys using Metasploit for buffer over flow or manually process? I am interested in manual process.
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 86

Joined: Wed Feb 08, 2012 6:30 pm

Post Thu Aug 23, 2012 2:25 pm

Re: My OSCP journey...

Metasploit is pretty powerful and can facilitate delivering a BoF exploit but I don't think it's capable of actually finding it in an application. But give HD Moore time...I'm sure he'll come up with a way eventually.

BoFs are still a more or less manual process.
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Thu Aug 23, 2012 3:28 pm

Re: My OSCP journey...

Manual

You can't use Metasploit on the exam.
Try harder....hmpf!!
PreviousNext

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software