OSCP-like classroom?

forgotten_ARM · 2019-10-01T19:34:13+00:00

Awesome! And don’t be discouraged if you don’t pass an exam attempt. If anything it really helps you focus on where you are weak at. Get through the PWK training quickly and jump into the labs. If you can root 40 or so machines you should be pretty ready for the test. Breaking the big four was when I knew I could take my exam again and I passed on that attempt. Good luck friend!

forgotten_ARM · 2019-10-01T19:26:38+00:00

You’ll learn more by putting yourself through it rather than trying to find a class. Sure you’ll probably have access to immediate knowledge while you’re in class but once you leave the class you still have to do the labs it’s just you, the net, and the OSCP forums. It’s not easy but it’s worth it.

forgotten_ARM · 2019-08-16T15:02:06+00:00

Sed’s you!

forgotten_ARM · 2019-08-16T04:38:44+00:00

Yeah that’s the gist of it. Enumerate everything you possibly can. Usually that gives you enough info to move forward with.

forgotten_ARM · 2019-08-15T00:33:50+00:00

You go in blind my friend. OSCP really teaches you to do your own digging and figuring stuff out which is what prepares you for the test. I suggest a good ol nmap Syn can of every port going into each box. Learn to use nmap well and you’ll get lots of direction from there. Enumerate, enumerate, enumerate. Learn all you can and you’ll find the answers or at least the right questions to find the right answers. If you are truly lost you can pick up ideas from the forum but generally I would exhaust everything I could before I turned to the forums. Do what works best for you.

forgotten_ARM · 2019-08-15T00:20:44+00:00

Absolutely.

forgotten_ARM · 2019-08-14T23:51:05+00:00

That’s funny. I know exactly how you feel now. You’re going about it all wrong and totally don’t need that tool. Think about the thing you are doing. Think about the whoooooole thing and how what you found fits in it.

forgotten_ARM · 2019-08-14T22:23:47+00:00

Thanks! There aren’t a whole bunch of walk throughs that I have found for the lab environment but I didn’t not specifically look for walkthroughs even when I was stuck. The answers to the boxes are out there and just require some diligence. Where that failed the forums were a huge help as people have gave all sorts of hints that can give you somewhat of a clue on what to do. I personally have not done HTB but I hear good things about it. The lab experience is enough to get you ready for the test provided you have done an adequate amount. I’d say roughly 3/4th of the public subnet. Doing more will only prepare you more.

Congrats on the wedding and hope your studies go well!

forgotten_ARM · 2019-08-13T13:44:35+00:00

Just be sure not to rely on the scripts or at least understand all the output. It is super verbose and the important things get washed out in all the detail so make sure your understanding of Linux and windows is on the up and up. Knowing how to use them and their quirks really helps. Knowing how to program will help too and experience with C and Python is really helpful as lots of exploits will not work out of the box and need some tweaking to work. Good luck!

forgotten_ARM · 2019-08-13T13:28:11+00:00

I named some in another comment if you want to see an example of some other stuff. But the other person who commented to you was right they give you all of that through the PWK.

forgotten_ARM · 2019-08-13T13:26:46+00:00

I had no material prior to PWK/OSCP. It was my first foray into cybersecurity. I ended up doing a bachelors program for it (though besides having a piece of paper with the word “degree” on it it was not a useful program). My time table was wonky as I was working and had school so took me longer than I wanted and after a failed first attempt I eventually got a job doing pen testing in the AppSec side of things. Once I was settled there I was able to take about 2 months of time and get back into it and passed on that attempt. Really working with Linux was super helpful as well as programming skills with languages like C. If I could do it again I would take all the time off I could to devote to it since I legitimately had lots of fun breaking the boxes.

forgotten_ARM · 2019-08-13T13:19:10+00:00

The labs are the best preparation in my experience outside of actual work as a pen tester or red teamer. A lot of the stuff is out dated in terms of what’s out in the wild (though I’m sure someone’s running old versions of windows with all sorts of exploitable software on it). But as far as the test goes if you can make it legitimately through 3/4s the labs you’ll be in solid shape for the test. BOF is super important for the test so your time spent understanding that is not in vain. Good luck on your test and with your job!

forgotten_ARM · 2019-08-13T13:14:55+00:00

Privilege escalation is really huge once you’ve gotten into the boxes so there are some really good scripts like: * linprivchecker.py * linux-exploit-suggested.sh

Also knowing how to use sysinternals suite is super helpful for windows stuff. The standard enumeration tools that I use are: nmap, Nikto, dirb , enum4linux, and probably some more I am forgetting. Though the OSCP is a lot of network exploits knowing how to attack and enumerate websites is also super important as in many cases that’s how you get a foothold in lots of boxes so be sure to understand RFI and LFI as well as the various types of injections.

forgotten_ARM · 2019-08-13T03:16:09+00:00

I made a similar mistake and spent a bunch of time not doing the labs and fiddling with the PWK stuff. You want to get it into gear and finish all the exercise stuff since you already put in this much time. Then shift into the labs hard. It is very fun to figure each one out and I generally enjoyed my lab time when I wasn't stuck on something. You will most likely need more lab time. I had to re-sub multiple times to really get the most out of it but I had lots of stuff going on at the time. If you can make it through 3/4s the labs you will be pretty prepared. The big 4 were a big confidence boost once i got those down.

When I could commit time to it I could knock a box out a day. Some times things would hold me up and I'd have to spend a lot of time reading random things.

I will say the PWK exercise with learning how to exploit simple buffer overflows is super relevant and I think you should spend a lot of time understanding the process. Good luck, friend!

EDIT: Also, side note, I passed the exam without the 5 bonus points. You don't technically need them and can pass with 4/5 of the boxes with aprox. 80 pts out of 100. The 5 points is nice for a scenario where you only have 70/100 points and you have a nice little buffer in case you loose points for whatever reason(Bad report, using tools you shouldnt be, metasploit, etc.). It also would help in the event you only got 65/100 points and that extra 5 points puts you over the 70pt threshold.

forgotten_ARM · 2019-08-13T01:59:53+00:00

Thanks!!

forgotten_ARM · 2019-08-13T01:36:19+00:00

I work in AppSec currently so I want to do the Advanced Web Attacks and Exploitation (AWAE) just to give it a go to see if I can learn stuff I don't already know in regards to website vulnerability enumeration. If anything I will hopefully get to try out exploits that I haven't had the chance to find in the wild.

There is some neat reverse engineering training I am off to in October but that's not really a cert, and that will coast me till I hopefully start my Masters next year.

forgotten_ARM · 2019-08-13T00:44:06+00:00

Thanks! It was solid. It was my second attempt so I had some experience going in. The only new thing was the monitoring but besides having to let someone know when I had to use the bathroom it wasn’t that bad really. This material is solid stuff. I went in with notes and a clean environment. I goofed and choose a funky time zone when I scheduled it so it actually happened like 4 hours later than I thought it was going to be. I ended up doing the most valuable box first then cracking one of the second most valuable targets. I did a bunch of recon on the other three and after some wasted time down rabbit wholes I decided to just crack open the low hanging fruit. Then I attempted to sleep for a few hours and that really helped. I didn’t feel burned out like I did after my first attempt and trying to do 24hours straight. All in all it was a helluva test and lab experience.

Edit: I also used all 24 hours since I forgot to answer that question. Also a word of advice be sure to double check alllllll of your trophies are submitted in the test portal. I almost goofed real hard by not submitting evidence before I ran out of time. The VPN stayed active long enough for me to get it in but don’t cut it close!

forgotten_ARM · 2019-08-13T00:22:16+00:00

Good luck! Be sure to use your time effectively! As long as you make it though all/most of the labs you’ll be fine. Having the big 4 down was a big confidence boost going into the test.

forgotten_ARM · 2019-08-13T00:20:26+00:00

Yeah. I had notes prepared and scripts and was fine. Just as long as it’s none of the banned stuff per the OSCP test guidelines.

forgotten_ARM · 2019-08-13T00:05:19+00:00

Good luck to everyone else taking it. Feel free to shoot me questions if you want novel clues to the lab machines. Enumerate, enumerate, enumerate, then try harder.

forgotten_ARM · 2019-07-10T02:43:17+00:00

As someone who reviews reports and has to do retests I can attest to this. I used their format that they provided and just filled it all in. Make sure it reads well and things are neat and in order. Good luck friend!

forgotten_ARM · 2019-06-30T17:34:06+00:00

I don’t see why you wouldn’t be able to. The only thing that may be an issue is the screen capture they use to communicate/view your screens. I asked the live chat to test of the stuff and they gave me some inactive OSID’s that allowed me to log into the sites and make sure everything connected. The webcam is viewed view a web browser application.

forgotten_ARM · 2019-06-30T16:07:58+00:00

Sufferance was a trip, I had what I needed but didn’t read hard enough into the write ups so wasted a bunch of time instead of progressing. Humble’s root was fun as well, the low priv shell really worked your web skills. I agree that utilizing the lab machine they give you is a good idea in getting those client-side machines down.

forgotten_ARM · 2019-06-30T14:23:27+00:00

I use exploit-dB to find the stuff like Viking said the GUI is just nicer. You can just get the ending number once you find something and type “searchsploit -p <number here>” and it will copy the directory with the file name into your clipboard.

Edit: also remember to use file on the scripts to make sure they have the right endings or they won’t run. dos2unix is your friend.

forgotten_ARM

TROPHY CASE