8 min readNov 16, 2021

How I passed the OSCP certification in my first attempt, and hacked the 5/5 targets of the exam

Hello everyone, i’m a french cybersecurity engineer and you can ping me as jedus0r 😊

Since the 10 November 2021 i’m now Offensive Security Certified Professional, i will share with you my OSCP journey since March 2021.

So where do you need to start ? Do you need a lot of work ? Or hacked 1000 box before ?, just read my article you will know everything about my prep.

My Background :

I spent the last 6 years working in several IT Services first as Network/System Administrator, and in a second time in Cybersecurity as Chief Information Security Officer and Pentester.

Why the OSCP certification :

Since 2020 i though about it, i wanted to be OSCP certified.

This certification covers all the needs during a penetration test, and gives us the basics to be able to perform a pentest and write a raport.

I knew that the challenge was high, and that I was going to have to push myself and get out of my comfort zone.

Post Preparation :

You will know it rapidly , if we begin a penetration testing without solid knowledge we will be lost quickly.

For perform during a penetration test we must be comfortable with networking, programming, and the basic encryption.

So take your time before starting and learning pentesting , everything in it’s time.

If you start from scratch and you need 6 months of post preparation , do it. And if you are more Dev or more Sys Admin, correct your missing skills before starting your journey

The more we will know about IT, the more we can perform after to find vulnerabilities, and one day maybe find our first 0Day.

My journey :

We are in March 2021 and after 2 months of post preparation, I finally started my OSCP journey

Like you, i have read maybe 100 write up of OSCP preparation during my all prep.

My plan was the following :

Hack The Box

I have done all easy and medium retired machines

I tried at the beginning alone, and if i didn’t found anything i used minimal hints

After solved every box, i learned the methology of this box with the amazing ippsec : https://www.youtube.com/c/ippsec

2. Privilege Escalation Training

I bought Heath Adams privesc courses ( Windows and Linux ). And i was more confortable after, especially on windows privesc who was my weak point.

3. Proving Grounds Practice :

PG Practice includes Windows and Linux machines developed by Offensive Security experts.

For me this is the best preparation before the PWK lab, because with PG you can understand how the box are designed by Offsec. And you will be more prepared to avoid rabbit hole during your enumeration step :)

4. Virtual Hacking Labs

VHL include a PDF course for your preparation , and you have a lab for practice with a lot of OSCP like

I have owned 90% of the machines without hints , in 15 days.

5. PWK LAB

We are now in September, and i have solved more than 200 box since march

I started my PWK Lab the 12 september with 3 months of access

For be honest i didn’t want to do any OSCP exercices so i jumped directly into the Student Lab. If you do all the exercices and write a report for several oscp lab machines you will start you exam with a bonus of 5 Points.

The PWK Lab, was a great preparation before the exam, and you will find retired oscp exam machines.

I was a little bit nervious before starting the lab, but the first days i finally saw that the efforts are paying. Thanks to the hard work during the post and preparation phase.

I didn’t finish all the lab because I had too many problems with the pivoting, 1 day it works another no. So i stoped the lab in the middle of october and book my exam for the 10 November 2021

6. Buffer Overflow Prep

The 18 October i started my Buffer Overflow preparation with the Try hack me room. You will find 10 exercices , just do it correctly and you will be done for the exam

I was afraid of loosing time during the exam because of Buffer Overflow issues, so i have been training for a whole week, with all buffer overflow .exe that i found on github.

7. Free Practice Exam

As i saw that a lot of students failed the OSCP exam with time or screenshots issues, i wanted to know what’s like before my real exam

I set up 2 OSCP LIKE exam of 48 hours the week before the exam.

I found in this github 5 sets of random OSCP Like machines: https://github.com/ajdumanhug/oscp-practice

I took care to do it without any hint in the first 24 hours, and the others 24 hours i wrote the report with the following template : https://github.com/whoisflynn/OSCP-Exam-Report-Template

What i learned about this two 48h experiences, it’s that we need to take a lot of breaks, sleep very well before. And carrefully take screenshots.

8. OSCP Exam attempt :

We are the 8 November , in two days at 9h AM i will have my first oscp exam attempt

What i did during this two days ? The majority of the time playing with my nintendo switch and watched series in netflix , Why ? because i wanted to avoid any pressure before the exam day.

The 9 November i have contacted offensive security for ask if i can try their screen sharing sofware. They gave me access to it and every test was ok ( speed connexion, and the quality of my camera). Because yes, if you don’t know, you and your computer will be recorded during all the first 24 hours of the exam.

I also backup my Virtual Machine , in case of problems

10 November 2021 : 6h30

Maybe the most important day of this year “for me”

My Exam plan will be :

The buffer overflow ( 25 Points )
The easy ( 10 Points )
The first Medium ( 20 Points )
The second Medium ( 20 Points
And finally the Hard machine if necessary ( 25 Points )

I woke up at 6h30, took a bath and eat properly so as not to feel hungry too soon after the start of the exam

8h00 : I set up 5 workspaces in my Kali , open my pentesting notes (onenote)

8h45 : I starting the pre exam with Offsec, shared my screen and my camera with them

9h:05 : I can start the exam after 8 Months of preparation

I read carefully all the instructions for the 5 Machines in the OSCP EXAM Panel.

Started manually the nmap scan for buffer overflow and 10 Points machines, because yes i didn’t used any automatic tools for the recon step in the exam.

10h30 : I’m Root/Administrator of the Buffer Overflow machine, I took more time to take captures, than to gaining access to the machine

I took 10 minutes of break

11H45 : I’m Root/Administrator of the 10 Points machine, like we say in basket “catch and shoot”

I started the recon for the 2 medium targets and took 15 minutes of Break

12h30 : I have an initial shell in the first medium target

15h15 : I have found the privesc vulnerability since 12h40 but impossible for me to gain access, so i will go check the second medium box

Took 10 minutes of break

16h00 : I have an initial shell in the second medium box

Took 30 minutes of break for eat (Healthy)

17h30 : I don’t find any vulnerabilities for gain root/admin access

17h45 : I came back on the first medium box, and found my privesc configuration misktake , so a few minutes after i was root/administrator of this box

I started since 8h and i have now 65 Points, as i didn’t do the exercices of the pwk lab , i don’t have the 5 bonus points. So i need to find 5 more points before the end of the lab

Started recon for the Hard machine, and took 15 minutes of break

20h30 : I work on the second medium privilege escalation, but this time again i don’t find any way, so i will start the enumeration of the hard target

22h : I have an initial shell in the hard machine

22h30 : I’m root/administrator of the Hard machine , without a strict methology I think i would still be there

Took 30 minutes of break

23h30 : I found the privesc vulnerability of the second medium box, and i’m now root/administrator of all the targets

Took 1 hour of break, i was so happy :)

And after that during 2h hours, i cheked all my screenshots and my notes for the report, and requested the end of the exam, because i have everything i needed for my report.

Yes, now i can go to sleep serenely.