MY OSCP REVIEW
MY OSCP REVIEW
About meI am just a guy who has done B.E (Computer Engineering), C.E.H and I am doing vulnerability assessment for different clients in Mumbai.
Inspiration to do OSCPWanted to read technical stuff only then skip this para. Like other guyz I thought that OSCP is one of the most difficult task in the world of IT Security.
And yes, it is one the difficult mission you could ever face. Back in Dec 2014 I was really bored with the conventional vulnerability assessment thing, I wanted to do some more exploitation and some black hat stuff. But in our job we were not allowed to do so, as the environment used to be critical most of the time and time for completing the task was less.
So I asked few question on some group in facebook regarding How can I learn more exploitation stuff.
There was a guy with the name Mr.WhiteW0rm who have given me a brilliant answer and recommended me to do OSCP. That time I thought though I won't be able to do OSCP but at least I'll study in its way and work on exploitation as required in OSCP.
Study That I did before OSCP:I knew that we can use metasploit in the Labs and in Exam. So I started with learning metasploit.
Thou I know a bit of it as thought in C.E.H classes, but I need to know more.
There is a friend of mine named Chetan who told me to do metasploit from security tube.
It can be found here http://www.securitytube.net/groups?operation=view&groupId=8
2) Udemy metasploit tutorial given by Mr. Hitesh Choudhary It can be found here https://www.udemy.com/draft/93016/
The above course material is available for Free ;) if u know what I mean.
I learnt only the first and 3rd module from it. Basically python basics and socket programming is required for bufferoverflow exploitation and OSCP.
2) The book that I referred to practice python program is Violent Python. I did first 4-5 programs from the book.
Learning buffer overflow:
It explain buffer overflow in details.
Secondly I used Exploit research Megaprimer http://www.securitytube.net/groups?operation=view&groupId=7
Lastly I set up my own lab and practiced buffer overflow. I wrote 2 of such buffer overflow exploit on my blog:
Learning port forwarding and pivoting:
Practicing on vulnhub.com vm's
I would recommend the following Vm's:
1) Kioptrix series present here https://www.vulnhub.com/series/kioptrix,8/
2) Troll series present here https://www.vulnhub.com/series/tr0ll,49/
3) Pegasus present here https://www.vulnhub.com/entry/pegasus-1,109/
4) Command Injection OS by Security tube https://www.vulnhub.com/entry/command-injection-iso-1,81/ (Try to do this without metasploit, as I've done here http://justpentest.blogspot.in/2015/07/pentester-academy-command-injection-iso-basilic-exploit.html )
The practical exposure I've got from vulnhub.com A big thanks to the guyz who made it.
Post exploitation and privilege escalation:
Some privilege escalation tools that I've used for Linux:
1) Linux priv check www.securitysift.com/download/linuxprivchecker.py
2) LinEnum http://www.rebootuser.com/?p=1758#.VkG1BSvHU1I
Linux exploit suggester can be found here https://github.com/PenturaLabs/Linux_Exploit_Suggester
I guess 90% of the privilege escalation loopholes can be enumerated from the above tool.
Privilege escalation is an art, trust me it troubled me a lot in OSCP labs. Privilege escalation is all about how well you know Linux.
Some privilege escalation tools that I've used for Windows:
1) Windows Exploit suggester https://blog.gdssecurity.com/labs/2014/7/11/introducing-windows-exploit-suggester.html
Some good information regarding Windows privilege escalation can be found in security tube metasploit megaprimer.
My OSCP Lab Review:
I've taken one month Lab time, but I would recommend 2 month lab time is sufficient enough. There are approximately 35+ machine in student network and there are 3 network key that can be found on some of the host in student network. These keys will help you to unlock other Lan segment. Well, I got 2 network key. Lab time is the time that I will never forget in my Life. There were few days, I was really happy because I've compromised my target. But there were many days that I was really upset, disappointed. There was a day I was so frustrated that I thought of quitting it. As they say "TRY HARDER" I took a break tried harder and harder and finally I compromised my target.
I can proudly say I was able to compromise root of one of the toughest machine in the Lab named as "PAIN".
All in all I could say Lab time is a journey it will teach you a lot. In labs you will find variety of Operating system (Linux,Solaris, Windows, Ubuntu, Debian etc), variety of application server (apache, IIS, tomcat, with their different version and flavors) various service and various vulnerability.
There are some pretty famous framework that are used in corporate network but they are vulnerable and can be compromised to get the system.
Admin's of Offsec helps some time, gives disappointing answers sometimes. I could say instead of asking your query to admin, you should concentrate on enumeration and use google. I would recommend "MINIMUM USAGE OF METASPLOIT IN LABS", as this will increase you skill and it is very helpful.
My OSCP Exam review:There are 5 machine in exam that is supposed to be compromised. There are 3 machine usage of metasploit is allowed but , you can use metasploit on 1 of the 3 machine.
There are few lab machines that are difficult than all the machines in Exam.
The problem with the exam is that you have to compromise 5 machine. Out of which for one machine you have to code a buffer overflow exploit. For other machine you need to do lot of enumeration which is time consuming.
I cleared all 5 machine with its root access in 10 hours.