.

My OSCP journey...

<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Fri Aug 31, 2012 7:39 am

Re: My OSCP journey...

thanks for the advice, I finished these books :

Metasploit - the penetration tester's guide
Practical Packet analysys

I'm currently reading :

The Web Applicatino Hacker's handbook

I'm also extending the lab for 90 days.

This trip is going to take much longer than I anticipated, mostly because of the huge workload of learning stuff on your own, you guys have to admit, the OSCP is all about the lab, it has less to do with learning from the videos and the pdf's. I see them more as a 'practical example' of theoretical stuff you have to learn on yourself. I wish I knew it before so I could have digged the books before I took the OSCP plunge. For that I would say their text what you should know before the OSCP is kind off misleading.

That might explain why almost nobody passes the test the first time.
Try harder....hmpf!!
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Aug 31, 2012 8:54 am

Re: My OSCP journey...

Almost nobody passes the OSCE the first time. OSCP has a higher success rate the first time around.
<<

azmatt

User avatar

Full Member
Full Member

Posts: 103

Joined: Sun Jul 29, 2012 2:11 pm

Post Fri Aug 31, 2012 11:10 am

Re: My OSCP journey...

sternone wrote:thanks for the advice, I finished these books :

Metasploit - the penetration tester's guide
Practical Packet analysys

I'm currently reading :

The Web Applicatino Hacker's handbook

I'm also extending the lab for 90 days.

This trip is going to take much longer than I anticipated, mostly because of the huge workload of learning stuff on your own, you guys have to admit, the OSCP is all about the lab, it has less to do with learning from the videos and the pdf's. I see them more as a 'practical example' of theoretical stuff you have to learn on yourself. I wish I knew it before so I could have digged the books before I took the OSCP plunge. For that I would say their text what you should know before the OSCP is kind off misleading.

That might explain why almost nobody passes the test the first time.


It sounds like you're being very smart about this.

Thanks for sharing these books, please post any more that you really wish you had read first.

I want to make sure I'm ready to get the most from the course and I'm planning on just extending 90 days right at the start to make it a non issue.
GCFA, GCIH, GCIA, GWAPT, CISSP, CEH, GSEC
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Fri Aug 31, 2012 3:39 pm

Re: My OSCP journey...

DAY 20

Okay okay OKAY again ;-)

I listened and read more in the books but meanwhile took 1 server out with many ports opened and worked on it.

Found one way to enter it, so I rooted it, that puts the number on 4.

Not a lot. Step by step... but happy I rooted another one.
Try harder....hmpf!!
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sat Sep 01, 2012 2:10 pm

Re: My OSCP journey...

DAY 21

Another day, another server ? I rooted another one. And this time, I have to say it was really really cool meaning -without spoiling it for the others- that I came across something that I said: Hey I might use this on server X, I tried it, and it worked.

Puts the counter on 5 servers rooted so far. Let's do some more reading further on the day and try another one tomorrow.

Instead of trying several servers at once, I now try to take 1 server out per day and try to hack it. Focused on only 1 server. It seems to be a little less frustrated and let me go deeper on the server but it makes me need to read more and more :-)

Let's see if I can hack another one tomorrow!
Try harder....hmpf!!
<<

jjwinter

User avatar

Jr. Member
Jr. Member

Posts: 80

Joined: Mon Mar 05, 2012 10:33 pm

Post Sat Sep 01, 2012 3:23 pm

Re: My OSCP journey...

Do the servers contain any data that assists you exploiting other systems? Lists of usernames, fake company info, docs, browser history, cookies, etc.. or are just a clean image a server OS with patches missing or hackable services running? Does a hashdump on one help you on others?
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sat Sep 01, 2012 6:04 pm

Re: My OSCP journey...

I can just say: They look just like a real server.

They are not like a clean image with patches missing, that's for sure.
Try harder....hmpf!!
<<

jjwinter

User avatar

Jr. Member
Jr. Member

Posts: 80

Joined: Mon Mar 05, 2012 10:33 pm

Post Sat Sep 01, 2012 7:52 pm

Re: My OSCP journey...

That is good to know, I was concerned that their lab environment would like something I could setup at home, just with more VM's running on better hardware or something.

Is getting through firewalls, managed switches, VLANS, IDS's and the like included? How realistic is this environment?
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sat Sep 01, 2012 8:04 pm

Re: My OSCP journey...

Check out their pdf on their site, they address your questions.

Every server I came across has specific applications running.
Try harder....hmpf!!
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sun Sep 02, 2012 9:52 am

Re: My OSCP journey...

DAY 22

Started with SQL Injection and managed to bypass one web authenticate login to the admin console on a server I didn't rooted yet. So I guess that's a half server hacked today :-)

I must say, Hacking Web Applications is a BIG subject, and the PDF and the Videos cover it only on the surface, back to reading books now !!!!

I'm also planning to re-read the PDF and review all the videos starting from tomorrow.
Try harder....hmpf!!
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Sep 02, 2012 9:58 am

Re: My OSCP journey...

Most servers can be compromised directly, but you will occasionally require information or functionality from another system. You should investigate each application, service, and system thoroughly as you go. Don't assume each system exists in a bubble.
Last edited by dynamik on Sun Sep 02, 2012 10:11 am, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sun Sep 02, 2012 1:18 pm

Re: My OSCP journey...

Thanks, just rooted another one and finished the half one too ;-)

That puts the number on 7 boxes rooted.

;D
Try harder....hmpf!!
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Sun Sep 02, 2012 2:25 pm

Re: My OSCP journey...

Cool sounds like its going well :)
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sun Sep 02, 2012 2:37 pm

Re: My OSCP journey...

Just rooted another one.

I was trying different stuff on that server and in my notes I wrote about a vuln: NOT WORKING - TRIED

But I said, really, and I tried it again, a little more deeper this time, and it worked!

Meaning... I can be wrong too, it's not because I say it's not working that it's not working :-)

Counter is now on 8 rooted boxes.
Try harder....hmpf!!
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Sun Sep 02, 2012 6:54 pm

Re: My OSCP journey...

sternone wrote:Just rooted another one.

I was trying different stuff on that server and in my notes I wrote about a vuln: NOT WORKING - TRIED

But I said, really, and I tried it again, a little more deeper this time, and it worked!

Meaning... I can be wrong too, it's not because I say it's not working that it's not working :-)

Counter is now on 8 rooted boxes.


Try harder, try different. :)
PreviousNext

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software