Monthly Archives: May 2019

OSCP Journey – Week 5

This week I completed the course reading material. I have a few exercises that I still need to complete but since you are required to do them on lab machines, my time was better spent on coming back to them later. From here on out my plan is to start going after the boxes and finish up the exercises as I go. My goal is to have at least 20 unique boxes compromised (or at least unique methods used) in order to attempt the exam, therefore I have just under 60 days of lab time to make this a reality.

Today I was able to get a limited shell on one machine that I discovered earlier in the week, which was fairly rewarding. When I first started going after the box, I was really close to the web technique I needed to use but I needed to slightly change my attack.

Course Pages: 380 / 380

Lab Shells Popped: 0.5

OSCP Journey – Week 4

Unfortunately I didn’t finish the course material this past week as I had originally planned. I have about 100 pages left, which should be manageable to finish this coming week. Primarily the past week was spent on attacking Web Applications and starting to get into password cracking. Web Applications are fairly interesting to attack since they can be a good vector to get inside of a system. SQL Injection (SQLi), Local File Inclusion (LFI), and Remote File Inclusion (RFI) are all definitely entertaining in their own way when you get that root shell. I also found a nice writeup on getting a shell with sqlmap here.

Course Pages: 282 / 380

Lab Shells Popped: 0

OSCP Journey – Week 3

Another week of studying is complete. This week the focus was primarily on privilege escalation techniques. I am still on track so far for finishing the course material by the end of this week, which is good because I am getting a little antsy to start popping shells. I have also started to watch some walkthrough videos on HackTheBox systems to get the practical mindset churning. In my opinion, the mindset is one of the harder things to grasp because after all technical procedures can be step-by-step, but to “think bad” is quite challenging at times especially if you operate on a blue team all day.

On a side note, today is Mother’s Day.

Course Pages: 229 / 380

Lab Shells Popped: 0

OSCP Journey – Week 2

Welcome back to the recap for week 2 of my OSCP Journey (Attempt #2). This week started off with the Buffer Overflow (BO) material. Going into Buffer Overflows, I definitely wanted to remain focused as I feel like this was a weaker area for me the last time around. My plan for the future is to practice BOs frequently to make sure I can confidently execute the tasks required. This section took a while to get through because creating a BO has several steps to find the correct location in memory to attack and then injecting a payload. Here is a walkthrough on BOs for Linux but there are several others depending on which OS is required (just a fair warning, BOs are fairly technical). I also spent a little time messing around in the lab, although this was mainly unstructured scanning and testing some ideas on a few machines.

My goal right now is to have the course material completed within the next two weeks and then start popping shells in the lab with about 60 days left of lab time.

Course Pages: 186 / 380

Lab Shells Popped: 0