Wednesday, December 9, 2015

OSCP - Taking the Long Break

The past two weeks I've been off from the daily grind of graduate school.  During that period I had time to evaluate where I am, where I want to be and how will I get there.  That time of reflection included what demands I will be making at work.  We're going to be on boarding a new person, I've been picking up some slack for an undermanned unit and there are items I really want to explore to improve systems we utilize every day.  I also had to focus on the fact that I will be training next week and the holidays are coming.

At this point the OSCP certification is not in the cards.  The biggest item is the fact that I will not be performing any penetration tests in the near (3-5 years) future.  The knowledge I had garnered from completing the lectures have definitely been beneficial.  But without the plan of leaving my current position the certification isn't going to garner me anything.

So for now I am shelving it and will return to it if/when it becomes more beneficial to pursue it.  My focus will be turning back to big data and development as to continue to support my unit's mission.

Tuesday, December 1, 2015

OSCP - Short Detour

The next three weeks are going to be pretty busy.  I have a business trip on Thursday and Friday.  I have two finals to complete for my graduate courses.  Finally, in two weeks I am going for training for four days.  Given that time table I am going to try to power through the Powershell for Penetration Testers course I picked up at SecurityTube.  I figure it will help me out with OSCP and also give me a chance to review the course.  Look for the posts starting tomorrow!

Saturday, November 21, 2015

OSCP - Six Boxes Down!

Thursday into Friday I took down five boxes!  Granted they were the low hanging fruit, but sometimes that is all that you need.  I learned how much I love the Meterpreter!  It is vastly easier to get password hashes with it and to download/upload files.  Obviously, you can't relay on it solely, so I have good documentation on how I would exfil data in the event that I don't have a Meterpreter shell.

Also, I finally figured out why Ophcrack wasn't working for me:  have to download rainbow tables for it.  Typically I was using the bootable cd so it wasn't an issue, but the installed version only has a small amount of tables.  Once I loaded two table sets in, I cracked about a dozen passwords.

I'm taking a break tonight, but will spend most of Sunday trying to get the other boxes.  Definitely going to take some work, but I'm confident!

Thursday, November 19, 2015

OSCP - Crack My First Box!

Tonight, after I spent some time setting up my laptop and studying for one of my graduate courses, I cracked my first box in the lab!  I'm a little disappointed for two reasons.  One, I had to be a script kiddie and use Metasploit.  The positive to that is I found the vulnerability and the exploit needed to compromise it.  It was also funny to see it not work at first and then when I tried again it took.  Something to remember for next time!

The second disappointment was with the amount of time it took me to do it.  I'd say it took about two hours to get on the box, setup the tftp to download and upload files and to get the hashes.  I know I need a lot of work.

One thing I was especially happy about was in figuring out a password without any tools.  I was running a cracker and decided why not guess a couple.  Low and behold, I guessed correct :)

Lots to do, but well on my way!

Wednesday, November 18, 2015


I started a new image and reconfigured OpenVAS.  That seemed to make things go a lot smoother and it was running pretty quick.  So I leave it overnight to have it get stuck at 42%.  At least this time I was actually able to download the report (for the hosts it had scanned).  At this point I at least have something to go off of so I will attack the hosts with the info I have and do individual scans for the other ones.

Tonight, after setting up my new laptop (which just arrived) I will begin the plunge :)

Tuesday, November 17, 2015

OSCP - OpenVAS still sucks!

My saga continued with OpenVAS, but after an hour of playing with it I was able to get it up and running.  I ran my scan overnight and of course it crashed at 69%.  Hoping to get it finished up today, but I figure at least now I have some vulnerabilities to review.  Adapt and overcome, as the Marines would say!

Monday, November 16, 2015

OSCP - I Hate OpenVAS

On Friday night I went about mapping the network and gathering details about the live hosts.  I wrote up a quick script to get the list of IP's that were live (or appeared live) on the network.  From there I wrote a quick bash script to run nmap against the list and output a file with the information for each host.  Saturday I went to work on OpenVAS to scan for vulnerabilities, but the thing just wouldn't start.

It is honestly one of the worst open source tools I've ever dealt with.  I had to do a number of things to get it started and even then the scan just wouldn't kick off.  I'll be looking at some alternatives since it doesn't seem to want to cooperate.  Today I made a spreadsheet with all the big info needed for each host.  My plan is to explore the hosts that nmap couldn't give me good info on and see where I end up.  I want as complete a picture as I can get as I believe that will be the key to success.  I also ran across the dreaded SUFFERANCE!  But I didn't see the other two that are suppose to be real challenges.