Completed the password cracking videos and pdf content.

Got my first lab proof.txt during one of the exercises (using metasploit to grab password hashes). Good ole ms08-67!

--> n33dle

Completed the web application attack exercise. Could not complete 13.6.1 question 5. Will come back to this when I start on the labs

--> n33dle

Completed the Client side attacks videos and pdf and exercises. And watched the Web application attack videos

--> n33dle

Completed the privilege escalation section and exercises

--> n33dle

Completed the file transfers section in the pdf and exercises

--> n33dle

Actually a successful day!

I think yesterday I rushed too much with trying to get the shell, and didn’t back off a little and go back to debugging and really aiming for EIP.

Once I got EIP, I used breakpoints to make sure it was jumping to the right part in memory. After only about 30 minutes I think, I got shell for 643.c!

I then started on 646.c and though OMG. But after I read up on what ptr is, and it references the byte in memory, again I played around with immunity, playing around with values and debugging.

I got this one in about 1.5hrs!

--> n33dle

Finished the exercises on writing an exploit for crossfire and started the public exploit module.

Spent all night on 643.c. Getting no where. Posted on offsec forums

Pretty stoked tonight. From start to finish, with the poc, I successfully crafted my exploit to gain a reverse shell on the vulnserver.exe program!

Last night’s walkthrough and study, and note taking paid off. I followed along and was able to through trial and error, locate EIP and locate a jmp esp memory address to insert my shellcode.

--> n33dle

Worked through the BO section in the pdf and completed the exercises. If I compare from before starting tonight’s study, to the end. I have definitely got a better grasp on buffer overflows and how to debug them in the immunity debugger.

At the end of the night, I successfully craft an exploit to produce a reverse shell on the slmail.exe.

Tomorrow, I’ll continue on with the vuln.exe executable.

--> n33dle

Completed the vulnerability scanning module and started reviewing and learning the Buffer Overflow beast.

OpenVAS setup took some time to setup, download and configure.

Went through the Windows BO videos, will continue on with the pdf on BO next…

--> n33dle

Finally worked out the smtp vrfy python script and got that working. It’s rough and slow, but it works! Finished the snmp enum chapter. Next is vuln scanning and then BO!

--> n33dle

Spent all night on the bloody smtp vrfy script. Think I was too tired to study tonight...

--> n33dle

Spent a lot of time researching Tcpdump options and syntaxes. I use it all the time, but it's such a beast of a tool. 

--> n33dle

Continued on with exercises, got up to port scanning. Think my progress is going slow... but well. Long way to go!

--> n33dle

OSCP Journey

So I received my course content and welcoming email right on 11:00am as promised. I’ve spent about an hour downloading all the content, backing it up, organising a folder structure and just all round mentally preparing for the journey ahead.

I’ve created a folder OSCP with subfolders

• Pwk VM
• Course Material
•  PDF
• Videos
• Notes
• KeepNote file

I’ll also ensure I backup my notes and any other written material as I go to my online storage. I’ve written a PowerShell script to mirror my local OSCP directory to my online storage. For now I’ll run this manually, but I might create a scheduled tasks to do this every hour or so, depending on if I remember or not over the next 90 days….

--> n33dle