How I Passed OSCP 2023 in Just 8 Hours with 110 Points Without Using Metasploit
Hey everyone, If you’ve ever been curious about how to pass OffSec Certified Professional (OSCP) exam and get certified so this blog is for you. Many individuals often contemplate beginning their cybersecurity journey by preparing and attempting exams like eJPT or CEH. I too was considering this path until a friend of mine provided an insightful suggestion that shifted my perspective. As a result, I came across OSCP and decided to pursue it. I’ll be sharing my experiences, challenges, and victories as I navigated my way through the OffSec Certified Professional (OSCP) certification. I hacked and rooted all machines provided in the 24 hours exam in just 8 hours with total of 110 points which consisted 40 points from Active Directory set, 60 points from 3 standalone machines in which 20 points each and 10 bonus point which i obtained after completing 80 % of the each module in the PWK(PEN200) exercises and submitted all proof flags for PWK(PEN200) Lab machine.
Continue Preparation of almost 6 months with different platforms on regular basis:
Jan 2023 — March 2023 | Try Hack Me
I purchased VIP membership and started preparing on TryHackMe. I completed a total of 174 rooms which consisted walk-throughs and individual machines from basic to advance level. I leveled up to [0xD] [GOD] and reached in top 1 % in just 2 months then moved to TCM-Security courses. I highly recommend this platform if someone is totally a beginner in cyber security.
I suggest everyone to complete these paths on TryHackMe platform one by one.(It worked for me so it should work for you too guys)
- Complete Beginner
- Jr Penetration Tester
- Red Teaming
- Offensive Pentesting
March 2023 — April 2023 | TCM Security
I had access to three of the courses from TCM-Security:
1. Practical Ethical Hacking (PEH).
Note Taking
- Effective note-taking techniques.
Networking Basics:
- IP & MAC addresses.
- TCP, UDP, ports & protocols.
- OSI model understanding.
- IP subnetting.
Virtual Environments:
- VMWare/VirtualBox setup.
Linux Essentials:
- Kali Linux overview.
- File system navigation.
- User privileges.
- Bash scripting.
- Intro to Python.
Web Attacks:
- SQL injection.
- Broken authentication.
- Sensitive data exposure.
- XML external entities.
- Access control flaws.
- Security misconfigurations.
- Cross-site scripting.
- Insecure deserialization.
- Using vulnerable components.
- Insufficient logging.
Active Directory:
- SMB relays.
- IPv6 DNS takeover.
- Pass-The-Hash attacks.
- Token impersonation.
- Kerberoasting.
- GPP & Golden ticket attacks.
- Mimikatz, Bloodhound, PowerView.
2. Windows Privilege Escalation
- Kernel exploits
- Password hunting
- Impersonation attacks
- Registry attacks
- Executable files
- Schedule tasks
- Startup applications
- DLL hijacking
- Service permissions
- Windows subsytem for Linux
3. Linux Privilege Escalation
- Kernel exploits
- Password hunting
- File permissions
- Sudo attacks
- Shell escaping
- Intended functionality
- LD_PRELOAD
- CVE-2019–14287
- CVE-2019–18634
- SUID attacks
- Shared object injection
- Binary symlinks
- Environment variables
- Capabilities attacks
- Scheduled tasks
- NFS
- Docker
These three courses provided me with a comprehensive foundation in Windows Privilege Escalation, Linux Privilege Escalation, and Active Directory Enumeration and Exploitation. As a result, I gained valuable insights and practical skills in these areas which is particularly needed in the OSCP exam to get passed. When i was done with the course videos on TCM-Security, i moved to HackTheBox to get more skilled for the OSCP preparation.
April 2023 — May 2023 | Hack The Box
So after moving to HackTheBox i already had basic and intermediate level knowledge in network & web pentesting and solving vulnerable machines. At first i was finishing OSCP like machines which were suggested in TJNull list. Then i did a few Active Directory like machines which were a bit struggling for me and needed to check walk-throughs.
Recommended HackTheBox machines:
- Forest
- Mantis
- Monteverde
- Sauna
- Active
- Blackfield
- Cascade
- Remote
- Optimum
- Precise
- Delivery
- Pandora
May 2023 — July 2023 | PWK(PEN-200) OSCP Labs and Exercises
Then in the month of April i realized i need to enroll in OffSec PEN200 Course without wasting any time, so i purchased 90 days Course access which included Labs, Exercises, Videos and a OSCP exam attempt to take within 10 months. The PWK(PEN200) course package costed me around 1599USD. I patiently started doing Exercises specially all modules provided for AD preparation and the capstones which were practical based, then after few days when i felt prepared for the OSCP Lab machines, i started doing Labs one by one together with exercises and it took me around 2 months to finish the Exercises and Labs with consistency and hard work. There are in total six challenges to work on in official PEN200 OSCP Labs.
don’t forget to make proper notes while doing OffSec Labs and exercises.
July 2023 | Proving Ground Practice
After finishing OffSec PWK(PEN200) Course curriculum i wanted to be sure if i am ready for this exam because it was very much concerned to me that i crack it in my first attempt so that i can get a good job as soon as possible then i decided to take one month subscription of Proving Grounds Practice and with a bit of hard work i completed around 45 machines from PG Practice in just less then one month which also included TJNull suggested machines, i made a lot of notes too. which later helped me in the OSCP exam.
Recommended PG Practice machines:
Wheels, Fail, Squid, Muddy, Jacko, Sorcerer, Fractal, Nickel, Slort, Medjed, ClamAV, Nibbles, Extplorer, Payday, Cassios, Pelican, Readys, Walla, Depreciated, Symbolic, Peppo, Access, Resourced, Craft, DVR4, Shenzi, Heist, Hutch, Billyboss, Hetemit, Zino, Dibble, Hunit, Banzai.
Let’s talk about why the OSCP certification is such a big deal in Cyber Security industry.
1. Credibility and Industry Recognition: The OSCP certification is widely recognized and respected by industry professionals and employers alike. Achieving this certification demonstrates your proficiency and competency in the field of ethical hacking and penetration testing.
2. Hands-on Practical Approach: Unlike other certifications that focus solely on theoretical knowledge, the OSCP certification sets itself apart by emphasizing practical skills. The examination process includes a grueling 24-hour hands-on practical exam and 24 hour for reporting for the same, where candidates must demonstrate their ability to identify vulnerabilities, exploit systems, and get root system to provide proof of concept.
3. Real-world Penetration Testing Experience: The OSCP certification equips candidates with the practical skills and knowledge necessary to perform comprehensive and effective penetration tests. By emulating real-world scenarios, the certification validates your ability to identify and exploit vulnerabilities in various environments and systems.
4. Offensive Security’s Reputation: Offensive Security, the organization that offers the OSCP certification, is renowned for its high standards and rigorous examination process. Their focus on practical skills and real-world experience sets them apart from other certification bodies and ensures the credibility and integrity of OSCP-certified professionals.
5. Career Advancement Opportunities: Holding an OSCP certification opens up numerous career opportunities in the cybersecurity field. Employers often prioritize candidates with this certification, as it demonstrates a commitment to continual learning and practical expertise. Moreover, the OSCP certification serves as a solid foundation for more advanced certifications in the field of ethical hacking and penetration testing.
Breaking down the OSCP Exam Structure for 2023: (No more Buffer Overflow machines in the exam)
- Active Directory Set Challenge: A setup with a Domain Controller (DC) and two Clients, carrying a juicy 40 points. The ultimate goal is to exploit chain of AD machines one by one obtaining admin access for both clients and Domain admin for DC.
- Standalone Challenges: Three standalone systems, each worth 20 points. Here’s the deal: bag 10 points by claiming low privilege, and then seize the other 10 by achieving the root or system privilege shell access.
- Bonus Points: To get an additional 10 points if you finish 80% of each module in the course material and solving the Challenge Labs and submitting at least minimum of 30 proof.txt flags.
So, if you’re ready to dive into the 2023 OSCP exam, remember: no buffer overflow.
Exam Day
I started my exam at 11:30 AM on 28 July 2023. My strategy was to focus on Active Directory Set first and then move to standalone machines and i did the same, at first i started doing port and service scanning. Then i enumerated all ports and web services manually and got first foothold on the external AD machine, i rooted it and moved to other internal machine in the AD environment and within 2 hours i finished the Active Directory set. After AD set cracked i enumerated harder and rooted all standalone machines within 6 hours one by one. I literally took around 15–20 breaks within 8 hours. I took screenshots for almost every important enumeration and exploitation steps. For the exam i would recommend do not skip a single enumeration step as it can lead to exploitation of the target machine, it makes a huge impact cracking the vulnerable machines on time.
Always remember whenever you stuck in the exam take breaks and enumerate smartly.
Reporting
Next day i had 24 hours to prepare report for the same. I used the official template provided by OffSec at https://www.offsec.com/pwk-online/OSCP-Exam-Report.docx
I made a few changes to the initial format and content then started writing about standalone challenges first one by one then finished Active Directory set. I was tired because of the Lab exam but i took my time and prepared the report with easy going. My report was 42 pages long and very much precise with the machines which i cracked and rooted in the exam because reporting is also very important to get certified. The report should be very precise, professional and thorough into the context of rooted machines.
Result Day
For me OffSec Team took around 4 days to release my result and the team emailed me on Thursday 3 August 2023. I couldn’t express my happiness at that time when i saw the email from OffSec. It was months of hard work which paid back in just one moment there.
My suggestion on taking OSCP exam
This exam demands serious dedication, consistency and hard work. There’s no magic formula or shortcut that guarantees success. It’s designed to challenge how you approach problems. Believe me, it won’t be a walk in the park, but if you want it and adopt the right mindset along the way, you’ll definitely crack it. I would suggest everyone to make notes of everything that you come across while doing the vulnerable machines regardless from TryHackMe, HackTheBox, PEN200 Labs, PG Practice or any other platforms. The discord channel of OffSec for PWK(PEN200) course is very helpful in regards to hints for exercises and labs, so connect and try to communicate with people there. Always make use of these below provided web resources to tackle and crack the vulnerable machines solving on any platform.
These below resources can be used while doing preparation:
Socials:
https://www.linkedin.com/in/iamsinghmanish/
If anyone having query feel free to drop me a message on my LinkedIn profile i would love to answer you all.
