Phillip Wylie

Forum Replies Created

Viewing 15 posts - 16 through 30 (of 102 total)
  • Author
    Posts
  • #53148
     Phillip Wylie 
    Participant

    I saw that earlier today in a ZDnet article. Talk about someone that could benefit from a bug bounty program.

  • #53045
     Phillip Wylie 
    Participant

    @batz21 wrote:

    Golden Words…from Senior guys…thanks Rockman & superkojiman

    Enumeration is the Key it seems can you guys share any useful link or point me to a Book

    Which Enumeration Tools should master , Right now I am relyin heavily on namp,netcat,rpclient 😛

    Any pointers will be appreciated.

    regards

    The nmap scripts are good to use. You can use the scanner modules in Metasploit. What you are using is good. Don’t forget snmp enumeration. Brute forcing passwords is a good way to get access via ftp or ssh and then you can work on escalating access. Also as I mentioned above; nikto, httprint, dirbuster and burp suite, which I forgot to mention.

  • #53043
     Phillip Wylie 
    Participant

    I agree with superkojiman’s comments. His recommendations were helpful to me when I was preparing for my exam retakes.

    Understand the labs and if you don’t understand something research it further. I went through several buffer overflow tutorials before I got it. Like superkojiman said enumeration is key. Nmap is not always enough. On webservers, I would run nikto, dirbuster, and httprint. This will help you find vulnerabilities and httprint is a good crosscheck to verify you have the correct webserver and version.

    It took me a while to think like a hacker, once I did it got easier to root servers in the lab. That comes from practice in the lab and the understanding the exercises in the lab manual and the videos, it will help you learn to think that way.

  • #53040
     Phillip Wylie 
    Participant

    How is the course going?

  • #53089
     Phillip Wylie 
    Participant

    @caissyd wrote:

    That’s awesome, congratz!!!

    What was the hardest part for you, both in the exam and in your study?

    Thanks!

    Buffer overflows were the toughest for me. After my final exam, I feel more confident with them.

  • #53087
     Phillip Wylie 
    Participant

    @azmatt wrote:

    DUDE!!!!!!!!!! Congrats!!!!!!!!!

    You 100% need to do a write up on what you did between your first attempt and last attempt.

    Thanks, azmatt!

    I will do a write up.

  • #53085
     Phillip Wylie 
    Participant

    @superkojiman wrote:

    Well done! Congratulations!

    Thanks, superkojiman! Like you mentioned before, I am going to miss the lab.

  • #53084
     Phillip Wylie 
    Participant

    @Hayabusa0194 wrote:

    Congrats! Dare I ask our usual question? (What’s next? – assuming you’re going to recover, first 😉 )

    Thanks! I’m going to Disney Land! Just kidding, I purchased the eLearnSecurity Web App Pen Testing course during their course launch event. I wasn’t sure I would get a better deal than 30% and the way they do their courses, the lab time doesn’t start until you start. Also I got the hourly time allotment instead of monthly. I also need to start the SecurityTube Python Scripting Expert course I purchased around the time I started the OSCP course. I thought I could do both, but needed to focus on the OSCP. I would like to take the OSCE course, but I am not ready for it yet. Maybe next year.

  • #53082
     Phillip Wylie 
    Participant

    @n37sh@rk wrote:

    Congrats!

    Thanks!

  • #53080
     Phillip Wylie 
    Participant

    @hanyhasan wrote:

    Finally Congrats Man . In 12 Hours nice

    Thanks! As many times as I had taken it and had to use the full 24 hours, this was a nice break.

  • #53079
     Phillip Wylie 
    Participant

    @prats84 wrote:

    Awesome! Congrats!

    You gonna write up about your entire experience?

    Thanks!

    I really wasn’t sure about doing a write up, but since you mentioned it I probably will. I have a shared web hosting account for my powerlifting website/blog and a couple other sites I host, I purchased a domain name for the purpose of infosec blogging, this could be my first post.

  • #53074
     Phillip Wylie 
    Participant

    @impelse wrote:

    Congrats

    Thanks!

  • #53072
     Phillip Wylie 
    Participant

    @don wrote:

    w00t!

    What do you think made the difference?

    Don

    Thanks, Don!

    Spending more time in the PWB labs is what did it for me. I just needed more practice.

  • #52023
     Phillip Wylie 
    Participant

    @zeebee wrote:

    Keep going r0ckm4n! It was very motivational to see that you learned from the failed attempts and got better.
    I am trying too 🙂
    I failed my first attempt at OSCP and in a bad way  :-[ :'( (As many OSCP reviews mentioned I too contemplated a different career in the middle of my exam :P)
    Going back to the basics for a re-attempt before Oct 2013…
    Keep posting!

    Thanks, zeebee! I failed very badly on my first two attempts and didn’t even get user level access. What helped me the most was to work on rooting servers in the lab. I worked in the lab for about a month and was close to passing on my next exam attempt. Something else that helped, was for me to try to just get access to a server and the work on privilege escalation. I would get too caught up in trying to get root/admin from the start and once I focused on getting whatever level of access I could get, it made a big difference. I tell myself after each failed attempt, this cert is worth having, if it is this hard then not just anyone can get it or are willing to put in the work to attain the skills to acquire this cert.

  • #52020
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Great job r0ckm4n, you’re right there. What are you going to work on during the next month?

    Thanks, azmatt! I am going to work on Linux privilege escalation with a focus on missconfiguration. I do OK with Linux privilege escalation when an exploit is available.

Viewing 15 posts - 16 through 30 (of 102 total)

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?