Forum Replies Created
June 19, 2013 at 11:04 pm #53148
I saw that earlier today in a ZDnet article. Talk about someone that could benefit from a bug bounty program.
June 19, 2013 at 3:29 am #53045
Golden Words…from Senior guys…thanks Rockman & superkojiman
Enumeration is the Key it seems can you guys share any useful link or point me to a Book
Which Enumeration Tools should master , Right now I am relyin heavily on namp,netcat,rpclient 😛
Any pointers will be appreciated.
The nmap scripts are good to use. You can use the scanner modules in Metasploit. What you are using is good. Don’t forget snmp enumeration. Brute forcing passwords is a good way to get access via ftp or ssh and then you can work on escalating access. Also as I mentioned above; nikto, httprint, dirbuster and burp suite, which I forgot to mention.
June 19, 2013 at 3:03 am #53043
I agree with superkojiman’s comments. His recommendations were helpful to me when I was preparing for my exam retakes.
Understand the labs and if you don’t understand something research it further. I went through several buffer overflow tutorials before I got it. Like superkojiman said enumeration is key. Nmap is not always enough. On webservers, I would run nikto, dirbuster, and httprint. This will help you find vulnerabilities and httprint is a good crosscheck to verify you have the correct webserver and version.
It took me a while to think like a hacker, once I did it got easier to root servers in the lab. That comes from practice in the lab and the understanding the exercises in the lab manual and the videos, it will help you learn to think that way.
June 17, 2013 at 11:26 pm #53040
How is the course going?
June 15, 2013 at 6:51 am #53089
June 12, 2013 at 11:04 pm #53087
June 12, 2013 at 2:15 pm #53085
June 12, 2013 at 2:13 pm #53084
Congrats! Dare I ask our usual question? (What’s next? – assuming you’re going to recover, first 😉 )
Thanks! I’m going to Disney Land! Just kidding, I purchased the eLearnSecurity Web App Pen Testing course during their course launch event. I wasn’t sure I would get a better deal than 30% and the way they do their courses, the lab time doesn’t start until you start. Also I got the hourly time allotment instead of monthly. I also need to start the SecurityTube Python Scripting Expert course I purchased around the time I started the OSCP course. I thought I could do both, but needed to focus on the OSCP. I would like to take the OSCE course, but I am not ready for it yet. Maybe next year.
June 12, 2013 at 2:06 pm #53082
June 12, 2013 at 1:26 pm #53080
June 12, 2013 at 1:24 pm #53079
You gonna write up about your entire experience?
I really wasn’t sure about doing a write up, but since you mentioned it I probably will. I have a shared web hosting account for my powerlifting website/blog and a couple other sites I host, I purchased a domain name for the purpose of infosec blogging, this could be my first post.
June 12, 2013 at 5:52 am #53074
June 11, 2013 at 11:55 pm #53072
May 26, 2013 at 3:10 pm #52023
Keep going r0ckm4n! It was very motivational to see that you learned from the failed attempts and got better.
I am trying too 🙂
I failed my first attempt at OSCP and in a bad way :-[ :'( (As many OSCP reviews mentioned I too contemplated a different career in the middle of my exam :P)
Going back to the basics for a re-attempt before Oct 2013…
Thanks, zeebee! I failed very badly on my first two attempts and didn’t even get user level access. What helped me the most was to work on rooting servers in the lab. I worked in the lab for about a month and was close to passing on my next exam attempt. Something else that helped, was for me to try to just get access to a server and the work on privilege escalation. I would get too caught up in trying to get root/admin from the start and once I focused on getting whatever level of access I could get, it made a big difference. I tell myself after each failed attempt, this cert is worth having, if it is this hard then not just anyone can get it or are willing to put in the work to attain the skills to acquire this cert.
May 20, 2013 at 11:11 pm #52020
Great job r0ckm4n, you’re right there. What are you going to work on during the next month?
Thanks, azmatt! I am going to work on Linux privilege escalation with a focus on missconfiguration. I do OK with Linux privilege escalation when an exploit is available.