OSCP ( I did it…!!!!! )

Learner
Learner
Mar 18, 2018 · 8 min read

Hello friends, I am CodeNinja a.k.a. Aakash Choudhary and this is my review for OSCP[Offensive Security Certified Professional]

In this review I will be discuss about my preparation before OSCP and my background and tips and resources.

Ok so without wasting time,lets start with Thanks section

Thanks:

First of all I want to say thanks to my GOD and Parent to support me and giving me chance to do this course so, I can prove myself to all my family members.

I also wants to say thanks to my all friends who helped me/guided me in my entire pentesting journey from 2014 to till now and forever.

Here are Some awesome friends that I want to mention theme who always helped me and believe in me and keep motivated me:

Dante Devilhunter,Zen Javanicus,Benji, g0blin ,Jhalon,,MakMan,Kalampolo,Mustafa,Ronnie,Minatow, Hrushikeshk,Alamot,Oschoudhary,Harshil,Bhargav,Ahmed,Poli,Plaintext,Shawar,Rahul Maini,Tahair,Akbar,Kenneth

About me & Background:

I know this will be little boring but anyway here is about me.

I am Aakash from Jaipur and I did MCA in 2013 september. After that I took course for RCHE and CEH from local institute in Jaipur but I didn’t learn anything from there and my money wasted.Then in 2014 I joined an Awesome facebook group Web Injector ran by Zen brother.This group changed my life. From there got many friends and I learned basics of sql injection.So in 2014 I did lots of sql injection stuffs and other things. In 2015 I learned web developing and web designing and python language. In 2016 to 2017 July I started preparation for government exam for job and did part time job[2 months] where I didn’t get even a single rupee yet.Then in July 2017 I finally decided my future career as Pentester.

I got my new laptop on 26 July 2017 and from 1st August I started my Pentesting journey.

And on 28 January 2018 my 30 day OSCP Journey started and now I am OSCP Certified guy.

So,my real learning experience comes from August 2017.

About PWK & OSCP:

OSCP is Offensive Security Certified Professional and this is an entry level Certificate course in pentesting world.

As we know there is a lot of reviews about OSCP so

PWK Lab:

In lab we will get more than 50 Machines to pentest. Each machine is build to teach us a lot. Every boxes is superb. Exploits, weak credentials, web vulnerabilities, a range of privilege escalation techniques are all required to compromise the boxes. Some boxes are depending on other machine so these boxes force us to enumerate boxes completely. So, we have to become a good detective to discover everything in boxes which can be helpful later for other machine. Some machines are real world scenarios and some are like CTFs. So, from this course we learn real lesson like patience and never-give up attitude. This course really teach us to heavily depend on our own researching stuffs.

PWK Network:

So, there is 4 network subnets.

1. Public Network

2. IT Network

3. Development Network

4. Admin Network

We have to first solve Public Network and then from public network machines we have to unlock other networks.

Some machines can’t be exploited itself, as we have to do some client side attacks to exploit that machine using other machine.

PWK Course Book, videos, and Exercises:

When you start the PWK course you are sent a 320 page PDF book that contains lessons and exercises and an accompanying set of videos. The content of the book and videos is summarized with the publicly available syllabus (https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf).

From PDF we will be given a lots of exercises to do and this is really good to solved exercise by understanding them and then practice on then and researching about them. Some exercises is not important to solve.

However, the book alone is not enough to pass the OSCP. The student needs to do their own research when they do not understand something.

Yeah, Just Like This..!!!!

My favorite section from book was “file transfer,shellcode,client side attack,buffer overflow”

My Journey begins:

Ok, so above I told about PWK Labs and Exercises and now time comes about my journey how I did it in 30 days.

So, I got email on 28 January and there I got materials like PDF and video and Kali VMware image.

here is my day by day walkthrough ->

I learned a lot during my whole journey. i rooted many machines and all machines was my favorite and specially bob,payday,ghost,mail,alice,alpha.

PWK EXAM:

I booked my exam on 8 March at morning 4:30 AM. I was nervous and not stress. I know i can do it. I slept nearly 10:00 PM and got up 4:05 AM and exact 4:30 AM i got Exam VPN connection.

I planned for 15 minutes to understand the detail given and objectives and i wrote down them in my notes. And in another 15 minutes i ready my weapon and made plan.

The plan was simple, first get information of first 2 machines as much as i can in 3 to 4 hours and then prepare all tricks i learned to root that machine. So, I completed all 5 machines with this plan, like first some hours getting information and then root it in another hours.

So, I completed all machines within period of time and in those period of time i rested my brain when needed.

Report Time:

The hardest part of Exam is making report.I took whole day to complete it. At night nearly 12:30 PM i submitted my report. As this was my first time to write report so i took my time to write it.

Just in two days i got email that i passed the OSCP Exam.I expected the result in positive as i done 100% marks. I didn’t submit lab report and exercise report. I only reported exam report as i done 100 marks already.

OSCP Exam Result

So, After Some Struggle, I’m Now OSCP..!!! Wooohhho..!!!

Question Time:

ANS: There is not much difference between them as both focus on pentesting the system. From OSCP we learned to make our own methodology and we can apply them on HTB Machines. And from HTB Machines we learned to solve machine which help us in OSCP labs.

The real difference between HTB and OSCP lab is that in OSCP labs we got old vulnerability and in HTB we will get latest vulnerability for practice.

example: in oscp labs mostly rooting using kernel and using old exploits but there we learn to modify exploit by understanding it.In HTB we don’t get kernel exploit rather than we get latest vulnerability to solve it.

It all depend on us mean on our experience/skill. So some HTB Machine hard then OSCP and some are Easy.

So, if you are asking my opinion about comparison between them, then please don’t compare them,instead just try to solve them to gain more experience and learn more and improve skill.

As HTB is free so we can improve a lot, and for solving retire boxes the money is not too high for VIP.

Some machines i solved in HTB was similar in OSCP too.

2. OSCP type Vulnhub Machine:

ANS: I don’t understand why people asking this question. As a pentester our main aim is to improve skill and gain more experience so why looking for specific VM? Just started to solve machine from Vulnhub as much as we can by hook and crook and learn.That we our experience will be boost. More machine we solve more knowledge we got. If we are beginner then solving machine by reading solution is not bad. This way we learn many ways to solve machine and understand the concepts.

If still looking for oscp specific vms then i refer to Abatchy blog.

3. Preparing before OSCP

ANS: Best is just check the syllabus of PDF from 2014 and start preparing.

Also book by Georgia Weidman is superb. [ Penetration Testing: A Hands-on Introduction to Hacking]

My friend made a blog https://pwktutorials.blogspot.com/

You can check this link. He made this blog freshly and soon he will update it.

According to my friend he is planning to do something helpful. I’ll sure that the content of the blog going to be rock the learning process. Specially for those who think about OSCP as he is also preparing for OSCP.

We must know the language like python,bash scripting,php,c etc

Don’t master them,just learn the concept like we understand the code and modify them when need.

4. Are exam tough ?

ANS: No and Yes, exam is not tough and not so easy, we just need to prepare very well.

EXAM TIPS:

Helpful Materials and Links:

Stay tune for my next writeup for helpful material and links as i want to give this in my another writeup.

My Next Plan:

After OSCP my next plan is:

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store