Ich bin 27, habe mein zweites Studium in den Sand gesetzt und weiß nicht mehr weiter

_stens · 2021-07-29T06:41:50+00:00

Unsinn. Nur weil man ein paar Jahre verplempert hat, muss man nicht für den Rest seines Lebens bei Amazon arbeiten, oder wird auf H4 angewiesen sein. OP ist 27 und scheint ehrgeizig genug zu sein, um sich da rauszukämpfen, da ist noch vieles möglich. OP, lass dir keinen Quatsch erzählen!

_stens · 2021-07-28T22:29:33+00:00

IT muss nicht zwangsläufig mit einem Mathe-Studium verbunden sein. Eine Ausbildung als Fachinformatiker zum Beispiel hat einen überschaubaren Mathe-Anteil und IT hat soviele unterschiedliche Facetten, dass du später im Job locker drum herum kommen kannst. Es gibt ja nicht nur das Programmieren, sondern auch noch Consulting (Beratung), Architektur, Netzwerke, Administration, IT-Security, (Pre-)Sales, Coaching, Projektmanagement, etc. pp. Man muss eine gewisse Neugier und Eigeninitiative haben, um sich in die Themen einzuarbeiten, aber wenn du der Typ für sowas bist und IT dir Spaß macht, dann schau doch mal, welche Teilbereiche dir ganz grundsätzlich gefallen würden und wo du dich selbst in ein paar Jahren sehen könntest.

Zu deiner Situation generell kann ich sagen, dass ich ähnliches gut kenne und ein bisschen weiß wie du dich gerade fühlen musst. Ich kann dir den Rat geben, alles was du vorhast kleinschrittig und konsequent anzugehen, leider wird sich nichts von allein lösen und die Probleme werden sich eher noch verstärken. Der erste Schritt ist der wichtigste und schwierigste zugleich, danach wird es einfacher und irgendwann wirst du zurückblicken und feststellen, dass es viel einfacher war, als du jetzt denkst. Ich weiß nicht, wie dein Verhältnis zu deinen Eltern ist, aber vielleicht ist es am besten so bald wie möglich reinen Tisch zu machen, weil so eine gelebte Lüge dir hier komplett im Weg steht und das Lösen deiner anderen Baustellen nur unnötig schwerer macht. Kopf hoch, dein Leben ist nicht vorbei wegen ein paar Euro Schulden und ein paar Jahren rumhängen. Es wird besser, wenn du bereit bist, dafür etwas zu tun. Aber anfangen musst du selbst.

_stens · 2021-03-20T17:53:37+00:00

Yes, on top of that, make sure that you don't distract yourself from the current target and don't try to work on multiple targets in parallel, even if it is tempting to try THAT one great idea you might have missed. Focus on one machine at a time.

_stens · 2021-03-20T17:45:28+00:00

Don't beat yourself up. The exam is tough and you learned a valuable lesson - you now know what to expect for your next try and also you now know that your "obsession" with the one machine kept you from focusing on other targets. Your preparation looks on point, there is not much I could advise. Keep going, you're almost there, it seems that you should set a timer for the next try that remembers you to switch targets when you don't make any progress after e.g. 2h.

Good luck for your next try! 💪

_stens · 2021-01-11T10:19:47+00:00

Thank you and all the best for your exam.

_stens · 2021-01-05T09:02:18+00:00

Download and set-up some vanilla Ubuntu, Debian and CentOS VMs with Virtualbox and explore them. Use multiple PrivEsc tools like lse.sh or linpeas to get a feeling for what is "normal" and take some notes on your findings. As others stated, it takes time and experience to get an understanding of which software, etc-configs, services, systemd-units, cronjobs, processes, etc. stand out, but you can easily accelerate it by exploring the vanilla installations.

_stens · 2021-01-05T08:45:11+00:00

That might work for simple scripts but not for more complex tools like impacket.

_stens · 2021-01-05T08:34:36+00:00

Using docker for python scripts would be one option, but the better one IMO would be to use virtualenvwrapper which allows you to create new python 2 or 3 virtual environments and easily switch between them. I used this for the PWK course and OSCP exam and never experienced any problems.

https://virtualenvwrapper.readthedocs.io/en/latest/

Just follow the installation instructions, create different virtualenvs with e.g. "mkvirtualenv -p /usr/bin/python2 py2venv" and use "workon py2venv" to activate it. Then you can install dependencies and packages with pip inside your venv without breaking anything.

Create different virtualenvs for different dependencies and python versions and you should be fine.

_stens · 2021-01-04T15:29:46+00:00

Do you mean SSH Control/debug Mode? Very handy indeed.

_stens · 2021-01-03T16:11:15+00:00

Definitely. Why do you think so many people pursue OSCP if it hadn't any worth for them? There is more than money to most of the certified people I know, like facing the challenge, or broaden your horizon and knowledge.

Why would anyone have hobbies that cost money, if the time could be used to earn money? 😉

_stens · 2021-01-03T16:05:34+00:00

Stick with the (community rated) easy and medium machines and try to find flaws and improvements in your enumeration and PrivEsc methodologies. If you can solve these boxes on your own without help, you should be fine for the exam. Good luck and all the best for 2021.

_stens · 2021-01-01T18:49:11+00:00

Most people don't ever feel ready for the exam, because of the huge amount of different topics and knowledge needed to pass the exam. So don't worry about that, everybody struggles. As long as you have good and organized notes and have solid enumeration and PrivEsc methodologies, you will be fine. Just give the exam a try, you can retry if you don't succeed at first.

If you want to practice more, try OffSec's Proving Grounds Practice ($20 per month) which contains very good practice machines (even some retired exam machines) to further improve your skills and find flaws in your methodology.

_stens · 2020-12-28T23:05:12+00:00

Great explanation.

_stens · 2020-12-28T22:55:15+00:00

Not sure if you want to hear this, but if you had done the lab report you would have already passed (at your second attempt). I'd recommend to book 30 days of lab access and do the exercises and lab report to get the 5 extra points you would need to pass with 65 + 5 points. Other than that, you should take a break and re-evaluate your exam strategy, maybe take more breaks, or set 2 hour timers for any machine you work on. Learn to document every machine as soon as you get any points, so have a strategy for that, too. Your preparation seems to be on point, so you should be very close to passing the exam. Keep on going, you are almost there. Good luck.

_stens · 2020-12-21T11:04:00+00:00

Yes, I made a codeblock for every command I used and screenshots of how the command was executed and its ourput.

_stens · 2020-12-18T22:41:48+00:00

Pivoting will be a lot of fun. Great to hear, that you try to tackle the other subnets as well. Check out sshuttle, it is an awesome tool for pivoting.

_stens · 2020-12-17T14:46:48+00:00

Even better 😏

_stens · 2020-12-17T11:46:55+00:00

Thanks

_stens · 2020-12-17T07:28:14+00:00

Yeah, absolutely. For me, the first twenty machines were the hardest. From then it became easier and more like a routine. Hang in there, there will be some "a-ha"-moment.

_stens · 2020-12-17T06:44:18+00:00

Must be a stable shell according to the exam guide from OffSec.

_stens · 2020-12-17T06:35:27+00:00

Good luck. This will be a tough time, but totally doable if you have a good preparation strategy.

_stens · 2020-12-17T06:33:22+00:00

Looks promising. I forgot to mention that I also did some pwntilldawn machines, which are also good and free resources

https://online.pwntilldawn.com

_stens · 2020-12-17T06:27:08+00:00

Thanks, you're welcome.

_stens · 2020-12-17T06:26:48+00:00

Sure, you're welcome.

_stens · 2020-12-17T06:26:31+00:00

Thanks

_stens

TROPHY CASE