My Journey to the OSCP.

HI Everyone, Happy to Share that I Successfully cleared my OSCP Exam. As many people are messaging me about My experience in OSCP, So I am Writing this Post of my Journey of 5 months Towards OSCP. Hope you will find it useful.

So, Let’s Start.

After hearing a lot about OSCP, I decided to give it a try. I purchased two month’s lab of PWK, which cost around $1000. I registered on 23 August and i got my Lab access on 10th September. In this gap i practised on Vulnhub machines (Some important machines which are specifically recommended for OSCP aspirants by some experienced people) i Listed them in end of this Post.

Offsec Provides a PDF and some videos including Lab access. I started by going through the PDF, i was already familiar with most of the content in the PDF and Videos but I still finished the course material as it was recommended by Offsec.

Now let’s come to the lab, which is awesome, PWK lab is Designed as a real world corporate network Like there are three different network in the lab. You can’t enter in private network until you exploit some specific boxes in public network. I pwned 40 boxes in 60 days including ( pain, Humble, gh0st and Sufferance). I wasted my 3 days on Humble ( but now I think it wasn’t waste of time it is actually worthy).

Now comes the Exam Time, i failed in my 1st attempt due to some specific reasons that I can’t disclose here, so I scheduled my 2nd attempt in Feb, as my lab was expired in December and i scheduled my exam in February in this gap of one month i did some boxes on hackthebox

And Now i am going to say something which was completely unexpected for me also. My exam was started at 10:30 AM, and i rooted 4 boxes in 4 hours.

I know you won’t easily believe me, I started from Buffer overflow (I recommend to check bad characters twice or even thrice, if you do not follow the automated approach of finding them). I used Mona to find bad Characters, i did BoF in Less then 25 Minutes.

Then i moved for 10 point’s box, after wasting 1 hour in finding the exploit i decided to exploit it through Metasploit as we can use it once in the exam so I secured 35 Points in one and Half Hour.

After that i moved to next 20 points box, and as the luck was in my Favour that day, after some enumeration i saw something that with which i was already familiar , so i got the user in 55 Minutes and root in 5 minutes (root was the piece of cake) so we had 55 points and we needed 20 points more to clear the exam.

So i moved to the next box which also had 20 points, i started my enumeration and got a specific service. After the struggle of 45 minutes i got user. After enumerating local system for few minutes, i got something suspicious and then a bit of Googling..Boom! rooted in 20 Minutes.

As i secured 75 marks already, i decide to prepare report. Because i didn’t take a single PoC of any Box, although we had the next 24 hours to prepare the report but i decided to finish on same day and it took me around 10 hours to prepare my report because i verified every single PoC and steps more then 6 times as i didn’t want to take any risk.

Now, still we had 10 Hours left with us and a last box of 25 points too. But to be honest i am a lazy person so I slept for 7 hours and tried to exploit the last box in the rest of the time but i failed to find the attack point as i was exhausted. So i left that box.

After verifying everything in the report i sent to the Offsec, and after three days i got an email with congartulations from offsec.

Here is the list of some important Resources from which i learnt and practised.

Books:

1. Penetration Testing By Georgia Widman
2. Web application Hacker’s Handbook
3. Blackhat Python

Blogs::

1. https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/
2. http://securitysynapse.blogspot.com/2013_08_01_archive.html
3. http://www.madirish.net/59
4. http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
5. https://www.adampalmer.me/iodigitalsec/2013/08/10/windows-null-session-enumeration/
6. http://www.enye-sec.org/en/papers/web_vuln-en.txt
7. http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html
8. https://guif.re
9. https://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation.pdf
10. https://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html
11. https://toshellandback.com/2015/11/24/ms-priv-esc/
12. http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/?redirect
13. http://pentestmonkey.net/tools/audit/unix-privesc-check

OSCP Like VM’s

• Kioptrix: Level 1
• Kioptrix: Level 1.1
• Kioptrix: Level 1.2
• Kioptrix: Level 1.3
• FristiLeaks: 1.3
• Stapler: 1
• PwnLab: init
• Kioptrix: 2014
• Mr-Robot: 1
• VulnOS: 2
• SickOs: 1.2
• pWnOS: 2.0
• SkyTower: 1
• IMF
• Tr0ll
• SkyTower

One important thing, if you stuck in the lab on any machine, you can check the offsec forum, there you will find hints, ideas and ways of exploitation of boxes.