This is my story of passing OSCP in just 7 hour with my super cool Strategy.
Here you will get all the things for OSCP that you needed.
So, Let’s Start here I will tell you how to planning and prepare for OSCP.
I started OSCP preparation in February 2019 and booked lab in April and given exam in End of the May so what i done in between lab and exam here I will tell you.
I stared with Hack the box lab and try to solving easy machine of lab but it was not that easy for me and even for very easy machine i took long time to solve and took many hints from other HTB people on Telegram group.
And then I realize I have to learn proper methodology to pwned boxes for that i done 3 thing that give me boost up and I recommend to all who is preparing for OSCP Exam.
- Watch Ippsec HackTheBox solving videos
Ippsec made very organized playlist for Windows as well as for Linux and he divided machines in different levels Easy,Medium,Hard and Insane so I recommend watch at-list Easy,Medium and Hard machine video before taking OSCP Lab to check video Click Here.
2. Read HackTheBox Retried machine write-up.
Read same machine write-up from different different blogs and make your own notes. this will help you to learn different techniques.
3. Buy Hackthebox VIP membership and must solve below machines.
This is important because you can do retired machine and this will boost your confidence and make you ready for PWK LAB and it’s just in 10 EURO.
Below is list Hackthebox machines which is similar to the OSCP machines so before going forward must solve all this machines without any help.
Before Going to PWK Lab now one more step I take that is Learning Buffer Overflow.
For Buffer Overflow when I heard then 1st thing come in my mind is
For those who feel same like me or even know about Buffer Overflow this will help u definitely for OSCP exam.
Buffer Overflow is very simple and it give you 25 point in exam a Brawny point. I solved BOF(Buffer Overflow) in just 25 min and yes u can also just follow below steps that will make you.
- Learning Buffer Overflow from Cyber Mentor.
Cyber Mentor explain simple buffer overflow in awesome way really easy to understand Click Here and watch every video.
- Solve Vulnserver and Brainpan buffer overflow.
Start solving Vulnserver overflow and it does not contain any badchars so it’s very easy to solve. You can download vulnserver from HERE.
Another very good example for Buffer overflow is Brainpan it contain little badchar but it’s easy to solve if you want help Michael LaSalvia made videos and explain very good way learn from Here.
- Last but not least solve very similar to OSCP like stack buffer overflow.
Here r4j1337 made very good and similar example for buffer overflow and specially his technique for finding badchar is awesome. I recommended to all of you once go through his buffer overflow find HERE and watch his video also.
Now Ready For action after solving 40 boxed from HTB and oscp-like-vulnhub-vms i think now i ready to take a PWK lab.
I took for 30 days lab and set goal as solve all machines as soon as possible as 20–25 days.
1st day at my lab i set goal to solve at-list 10 machines to achieve my goal and then Feel like this
But i was wrong i just done 1 machine at 1st day after working hard and my get plan failed.
then i took advise from my friend and he tell me that don’t set goal to do all machine in lab set goal for learning new things from PWK lab
- Tips For PWK Lab
- Set Goal to learn from PWK as much as possible and try to solve machine in different ways.
- Never ever set goal like me to do all machines but do as good as you can do in lab
- Don’t just solve machines from lab but also read Offsec PDF and watch video also it also as important as solving machines. Spend minimum 2 hour for PDF and video everyday
- In PWK lab you can get easily exploit just searching on google remember “Google is your Best Friend”
5. Feel stuck no worries try get help from offsec forms.
Now I will share you my favorite Tools and my Methodology for OSCP.
Here I divided tools and methodology in 2 parts.
Where we are trying to get initial level access of system like revershell or meterpreter session.
2. Post Exploitation
OSCP exam has a boot to root machines which means you have to get administrator or root level access. So after getting a revershell try to get a higher level access is called as post exploitation phase.
- My Pre-Exploitation Tools
- Sparta(my Fev)
- Dirbuster or Dirb
- Smbmap and Smbclient
- Google ( Best Friend)
You can find how to use this tools by simply googling.
- My Pre-Exploitation Methodology
Step 1: I always used nmap to scan my target system and also started scan with Sparta. Because sparta is scan all the port and even UDP port also and Sparta run many automatically tools that scan is very helpful like nikto and smbenum etc.
Step 2: Always check all open ports and try to enumerate there service and versions and collect as much as information as you can using google
Step 3: Then i tried Nikto and Dirbuster for finding something juicy and most of the time they didn’t disappointing me
Step 4: After following all step still i didn’t get anything then I looked for SQL injection or try to find XML or any other vulnerability using burp this step also I follow while doing bug hunting.
- My Post Exploitation Tools
For Post exploitation can be divided in 2 parts.
this blogs are manually tech manually technique for doing Post exploitation.
- My Post Exploration Methodology:
Linux System: I loved Linux truly said if you get familiar with Linux you will never used other operating system so I’m having very well grep in Linux that’s why pwned Linux is very easy for me. But if you are new in Linux my advice to you learn basics commands before going to OSCP.
So what i do when i get Linux System.
Step 1: Run LinuEnum.sh or linuxprivcheck.py scripts.
Step 2: my 1st preference is always looking for uncommon SUID permission and “sudo -l” command.
For SUID here is blogs you can learn from
Step 3: Enumeration uncommon files folders and /var directory
Step 4: Look for programs, services and cronjobs.
- Window system:
I personally thinks windows post exploitation is little bit a hard as compare to Linux just because maybe I’m not that good with it but from one of my best friend Peek told me very important steps and I followed his steps.
Step 1: Check net user and admin and user rights
Step 2: Check if we have access of powershell if yes then run powerup.ps1,sherlock.ps1 and JAWS.ps1.
Step 3: Try to get Meterpreter.
Step 4: Load mimikatz,try bypass UAC, check SAM SYSTEM etc.
Step 5: check for weird programs and registry.
Now it’s Exam Time get suite ready.
in exam there is 5 machine which contains 100 points for passing exam we need to get 70 points so in general we need to pwned minimum 4 machines.
Point distributes as:
- 1 machine which having 10 point (Easy).
- 2 machines which having 20 point (Medium).
- 2 machines which having 25 points one of them is Buffer overflow (Easy) another one is really hard
So I made a simple strategy for exam as you already know “Every battle is win before it’s Ever fought”.
So my strategy is I started with buffer overflow machine Because I’m very good at that so while doing buffer overflow I put all other machine is full scan with sparta and nmap. As I complete Buffer Overflow in 25 min my all scans are complete.
Then I started to do 10 point machine which is easy one but not that easy so i completed it in 30 min so within an hour I get 35 points.
Still 35 remains for passing OSCP then I started to do 20 point machine and one of them I easily pwned but another is headache for me.
So I thought that leave that machine right now and do another 25 point machine after 2 hours enumeration i got user on this machines and try for higer access but not get that so i leave and come back to my 20 point machine.
Now I have a my Metasploit(Bramhastra) is still Left and I got all machines user so I thought that I can now used my Metasploit on that machine and full pwned that machine and what I got 85 points (or to jivan me kya chahiye) and than my feeling is like a boss.
Last but not Least if you have any problem feel free to contact me on twitter. https://twitter.com/DesaniParth
Before Ending I would like thanks to
(1) My Parents ( Without there blessing it’s never possible)
(2) My Love ( Without your support and love it’s impossible. I Love You my Love)
(3) Hacker Dark_Shadow (Without you brother maybe this won’t be easy)
(4) R4V1 ( Because of you I got my path bro)
(5) Peek ( I learn a lot from you)
(6) Krupesh ( for always repair my mood with all that senseless talk)