In the field I work in, the IT, it is nearly compulsory to have some sort of proof to show how skillfull you are trough the amount of certifications you have. Kind of like a pokemon for grown up nerds, ”gotta-cert-them-all“. Now there many certifications around. But practically all, in my humble opinion, are worth nothing. They are just test to see if you can recite a 400 page study guide. Or have to money to buy a brain dump. They test your memory, not your abilities.
There are exceptions of course, like the Oracle Certified Master. For the OCM you have keep an Oracle Database environment running, two days in a row, while the examinators in the next room delete data files, disrupt the network or fill the test champer with nitrogen mustard gas. My friend and collegue Erik Sekeris actually managed to get this title alive, so I know his counter-terrorism and database skills are truely good.
Another exception to the ‘all-certs-suck’ rule is the Offensive Security Certified Professional. In case you don’t know, Offensive Security are the guys behind the linux distro ‘BackTrack’. BackTrack provides penetration testers with easy access to a comprehensive collection of security-related tools. You can only get this certification after spending some time in their lab environment followed by completing a 24-hour exam.
The lab consists of getting you familiar with the various ways to use backtrack components for a succesful attack. Most of the time there is first a thorough explanation of some software or configuration problem. Then they start to abuse this flaw manually and via scripts. Then when you grasp the concepts they will introduce a tool which does then same. And in the end they show something utterly mega kewl tool like ‘Core-Impact’. Which does the same as all your written scripts and used tools, but with the press of a single button. I really like this build up, to make sure that the users of the tools aren’t scriptkiddies. Remember, ”A fool with a tool is still a fool”.
The other thing I really liked is that there is little support. This sounds weird, but they really give enough information. But it doesn’t mean you can apply it directly. Sometimes you are stuck for a day or two. And you just need to try harder. It is like a difficult puzzle or game. Once you grasp it it feels like you climbed the everest or solved the algorithm for prime numbers. While all you did was getting a reverse shell for the first time through exploiting a buffer overflow and send some shell code with it.
Spending a whole day hacking servers and then another day writing documentation sounded cool enough for me. So about six months ago I signed up and started preparing for this exam. Clocking in at 230 hours of my free time and exactly 1641 ‘Come to bed!?’ yells from my girlfriend. ‘The time has come,” the walrus said.
The exam was suppose to start today at 14.00 GMT. And it is 15.13 now. So why am I spending some of my precious 86,400 seconds in writing this instead of pwning a server? Well, I assumed that GMT is 1 hour behind the Central European Time. So at 15.00 is was F5, F5, F5, F5… Nothing. Was I wrong? No.. there is indeed an one hour difference. But it appears that GMT doesn’t have daylight savings.. So I needed to add an extra hour. Grmblz.. Will be back in an hour.
Update 1: (15-05 15:57) It’s in. I have gotten a list of 5 IP addresses. Behind each of those is a machine which has a file, stored either in the root’s home or the administrators desktop, which you need to get.
Update 2: (15-05 18:04) Yeah.. First one in.
Update 3: (15-05 20:32) And that’s the second.. So it is Pizza time… Quattro Formagi, what else?
Update 4: (15-05 23:09) And I got the third one..
Update 5: (16-05 02:26) Hoooray, if my brain is still capable to do simple calculations, I now have enough points needed to pass the exam. That means it is now time to think over the solutions during my naturally recurring state of relatively suspended sensory and motor activity, characterized by total or partial unconsciousness and the inactivity of nearly all voluntary muscles
Update 6: (16-05 08:22) “Rise and shine, Mister Freeman, rise and… shine. Not that I wish… to imply that you have been sleeping on… the job. No one is more deserving of a rest, and all the effort in the world would have gone to waste until… well… let’s just say your hour has come again. The right man in the wrong place can make all the difference in the world. So wake up, Mister Freeman…wake up and… smell the ashes.”
Update 7:(16-05, 13.33) Done, now all I need to do is start on the documentation of all my steps. Which means cleaning up cli logging and editing them with comments in my leo file.
Update 8: (19-05, 11.00) Yesterday, I got the following mail for OffSec:
Dear Marinus,We are happy to inform you that you have successfully completed your Certification Challenge, and obtained your OSCP certification.
