localhost exposed

Next »

Path to OSCP - Part 1

Hello World!

Two weeks ago I signed up for the OSCP certification and its 30-day course, Penetration testing with Kali Linux. OSCP stands for Offensive Security Certified Professional and basically it is a certification for penetration testers, i.e. people trying to find security vulnerabilities in your IT infra and apps. From what I've read, it is one of the toughest courses and exams out there with legit hands on experience instead of multiple choice chances.

And during these past 2 weeks I have been getting ready for the course in any way that I can think of. I have joined the #offsec channel on freenode and have been lurking there getting some good tips on how to prep.

As I am going through videos, blog posts, CTFs, vulnerable VMs etc. I am learning quite a few new tips and tricks. And I figured that I'd share with you - whether it is some other you or just me 5 years from now - my learning process and the new ideas I find.

I'm doing this as a video + blog post combo so that I can get through the main ideas verbally and then provide the tech details in the blog - so that you can copy paste code snippets or URLs quite a lot more easily than listening to me slur about semicolons and brackets.

So without further ado, here's the semi-coherent part 1 of my series - Path to OSCP.

https://www.youtube.com/watch?v=A2s8_r973Xw

And here is the relevant code bits:

sqlite databasename.db
sqlite> .mode csv
sqlite> .import yourfile.csv yourtable
sqlite> .schema yourtable
sqlite> select count(*) from yourtable;

And of course if you had to split your scans into multiple parts and thus have multiple CSV files, you can just repeat the import and it will append to your existing table.

Then for example to get the "Which vulnerabilities were already previously known"

sqlite> .mode csv
sqlite> .once some_output_file.csv
sqlite> select  "Plugin ID", CVE, CVSS, Risk, Host, Protocol, Port, Name from oldresults o where Risk <> 'None' and exists (select * from newresults w where w."Plugin ID"=o."Plugin ID" and w.CVE=o.CVE and w.CVSS=o.CVSS and w.Host=o.Host and w.Protocol=o.Protocol) order by Host asc;

Could be that there are more elegant SQL queries for this, but, hey, at least this one worked for me.

Next »