We will start here:
Spoiler alert:
you will (mostly;)) not find here a commands or links. They are already mentioned in multiple 'Guides for OSCP' available online. Just check it. ;)
They all ("mostly" - again;)) are great, helpful and very useful when you're learning (or preparing to the exam - you name it). But (tbh) unfortunately 3/4 of them never talked about Windows-related-hacks ;)
So yeah, that's cool, Linux web servers are nice but, see, during OSCP you'll never know if you will find 'only Linux machines'. Or maybe only AIX VMs... Right?
So (when I finaly decided to buy the course... after some about 2 years;)) - I said to my self:
"I'm working in ITSec so many years that I should get this cert with one hand and closed eyes."
Let say, it was a 'small detail' that last time when I saw machines (scope) form the Lab it was something like 2 years earlier. And (not prepared for the updates) - it was my 2nd mistake. ;)
After a while...
...I decided that this time ;) I will try to do something more, something I "never tried before" (the exam re-take last time), let's say: I will "try harder" ;D
And that's how I prepared a short 'TODO list' if you're looking to check (or get) OSCP. I assumed that you already tried:
- VulnHub resources - where you can find a lot of vulnerable Linux-based VMs to practice ways of exploiting and escalating privileges in this kind of 'environment'
- HackTheBox - where you can find a mixed 'environment' (so mentioned "not only Linux machines"). It helped me (a lot) to understand what I'm still missing "before the exam".
In my opinion - you should definitely try both.
Next thing I was using were "standard" 'Guides' you probably already tried.
Nihil novi: "enumeration is the key". ;)
(source: https://i.pinimg.com/originals/51/93/ec/5193ec1d5b884cf194d5fb3f9f361921.jpg) |
Quick list for you:
* Linux:
- https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
- https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- https://payatu.com/guide-linux-privilege-escalation
- https://guif.re/linuxeop
* Windows:
- https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html
- https://book.hacktricks.xyz/windows/windows-local-privilege-escalation
- https://www.fuzzysecurity.com/tutorials/16.html
* Mixed:
- https://github.com/0x4D31/awesome-oscp
- https://0x00sec.org/t/the-ultimate-privilege-escalation-reference-wiki/9788
- https://github.com/sagishahar/lpeworkshop
One more hint:
don't be afraid of the Proctor. Period. ;)
All Offensive Security folks I spoke during those years were always very helpful (and patience;)). If you will have any questions - they will always answer fast and with all the details you'll need.
Don't worry, just try harder! ;)
After a "while" you should see a similar email - including your name. ;)
I hope you will get it faster than me ;D (according to the screens - it should be pretty easy;)).
Do the job - and have fun! ;]
In case of any questions I'll be more than happy to answer (but forgot about spoilers or leak of scenarios. You'll be banned if I'll saw any qestions like that. ;))
See you next time!
Cheers
Brak komentarzy:
Prześlij komentarz