Cleared OSCP | April 2023

Hi everyone,

This is my first entry in medium. As a newcomer, i thought it would be best to start my “Medium” journey by talking about my OSCP Exam that i had recently cleared on my first try.

Introduction:

My name is Usman Shah and i am born and brought up in kuwait. I am natively from Kashmir, India. I am currently work as a security consultant.

Technical Background:

• I come from a network security background, worked initially as a NOC Engineer.
• Completed my CCNAs and CCNPs. I am a certified Cisco CCNP-Security Specialist. [i.e CCIE Security Written]
• I have been playing around with firewalls [Cisco, Fortinet], IPS/IDS, WAFs, Routers and switches since the beginning. Also got my Fortinet NSE4 Certification soon after.
• Shifted my career towards cybersecurity [Coz, i always wanted to become an ethical hacker] — started the field with a SOC Engineer job role.
• Started learning about cybersecurity and more initially from ‘Cybrary’. Started playing around with different SIEMs, EDRs, Sandboxes etc and got a good hold over them.
• Started practical red teaming experience from ‘Try Hack Me’ — got to the global 1% rank pretty easily. Completed all the red and blue team paths, along with many other machines that they have.
• Enrolled for CEHv11 exam on August 2021 — and cleared in January 2022.
• From Feb 2022 to August 2022 — I finished multiple paths and courses on ‘TCM Academy’ — which was really helpful for OSCP.
• Enrolled for the OSCP LearnOne Subscription on August 2022 — and cleared OSCP in April 2023.

Journey:

I have always been a fan of upskilling myself and learning new and different technologies. Since, i wanted to become an ethical hacker — as far as global validation and recognition is concerned. OSCP still tops the charts, so i wanted to be OSCP Certified.

I bought the LearnOne Offsec subscription on August 26th 2022 at around 9 PM IST.

I gave in 2 full months and finished all the course material along with the topic exercises and then it took me 4 more months to complete the machines and gain a pretty good hold on penetration testing.

I did not watch offsec video material — since they were very slow and time consuming. I straight away went ahead with the practice machines.

First i grabbed the TJ-Nulls latest list and then did the following:

• Completed 9 PG-Play machines
• Completed 20 PG-Practice machines
• Completed 43 PWK-Labs machines
• Completed 37 HTB machines

In total i had done 109 machines before i went ahead with the OSCP Exam. Where to find the list of all the machines that i did — scroll to the bottom.

Exam Day:

I had booked my exam from 12.30 PM IST on April 15th 2023 to 12.30 PM IST April 17th 2023.

Exam start time: 12.30 PM IST on April 15th 2023.

I sat down, took a deep breath and started my exam.

Once you start the exam, you are presented with a portal where you ll be able to see your IP Addresses and a blank field against each of them where you ll have to insert your flags later.

I started with the AD Set [Since i had practiced AD alot, and i thought that i was pretty good at AD]

I took up one IP from the AD Set and started to play around with it, performing recon, doing scans etc.

While i was targeting the AD Set, i had also spun some extra linux terminals and ran nmap scans on the other 3 standalone machines.

The AD was not that hard, but to find the entry point was gruesome. Once, you have the entry point, the rest was pretty easy for me. [Again, difficulty level varies from person to person depending upon their previous experience in the field]

I rooted the whole AD set in about 6 hours. i was stuck on privescs, which took a lot of enumeration and attention to detail, but i did get the vectors in the end.

Then i went back and reviewed by standalone nmap scan results. quickly figured out the way in for the 1st standalone machine. Rooted the first standalone machine in about 2 hours.

So all in all, i had got 60 points in my first 9 hours + i had also done all the topic exercises and completed 30+ labs, so i also had my 10 bonus points.

So, Basically including the breaks and all i took — i had passed OSCP in about 9 hours.

All this was done close about to 10 PM IST.

I had a sigh of relief tbh, months and months of practice and i had passing marks for OSCP in my first 9 hours. I then took a long break, had my dinner and went ahead to have a good nights sleep.

Woke up at around 7 AM IST the next day, had breakfast and everything and then went back to my exam.

I started taking screenshots, collecting flags and submitting them on the portal.

Once all that was done — i started targeting the other standalone machines and i had about 3 more hours before my exam finishes.

I did the scans, did alot of recon and enumeration but unfortunately couldnt get inside any of the other 2 standalone machines and finally finished and submitted my exam.

The next whole day went with building up my exam report, putting in screenshots, explaining the steps in detail and everything, finally submitting the exam report on 11 AM IST on April 17th 2023.

My Mistake:

• Took alot of rest
• Could have practiced more on initial foothold

My Resources:

• https://github.com/slyth11907/Cheatsheets/blob/master/Cheatsheet_LinuxPrivilegeEsc.txt
• https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
• https://tib3rius.com/
• https://ippsec.rocks/?#
• https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html#allow-list-vs-block-list
• https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#bash-tcp
• https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
• https://www.netwrix.com/attack.html
• https://github.com/mtrill47/OSCP-Notes/blob/main/Active%20Directory/AD.md
• https://github.com/rewardone/OSCPRepo
• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
• https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/
• https://wadcoms.github.io/#
• https://guide.offsecnewbie.com/5-sql
• https://book.hacktricks.xyz/welcome/readme
• https://vulp3cula.gitbook.io/hackers-grimoire/learning-resources
• https://burmat.gitbook.io/security/hacking/msfvenom-cheetsheet#javascript-reverse-shells
• https://github.com/juliocesarfort/public-pentesting-reports

Key areas to focus on:

• Active Directory: Lateral Movement.
• Privilege escalations.
• Initial foothold.

Key tools to learn:

• Crackmapexec, smbmap, smbclient
• mimikatz
• nmap, dirbuster, gobuster, dirb, nikto, wpscan
• msfvenom
• enum4linux-ng, winpeas, linpeas, wes-ng, les
• nishang powershell
• impacket-toolkit

Checkout my roadmap to OSCP [All steps and resources are mentioned there] to start from scratch and crack the exam in 6 months! — https://medium.com/@ushah.789012/roadmap-to-oscp-2023-c38c5b4e713a

I have recently made my own website [https://hackershares.com/] where i intend to publish good quality technical content like walkthoughs, explaining cybersec concepts [beginner to advanced], explaining RFCs, and even doing write-ups on various 0-days vulnerabilities.

The website is still being populated with content and is in its initial phase, however i have made a totally separate blog post [https://hackershares.com/my-oscp-journey] on my OSCP exam there, where you can also find the list of all 109 machines that i had done before taking the exam.

I welcome all the technical geeks and cyber enthusiasts willing to contribute to my website with their technical knowledge can come forward and ping me directly on linkedin: https://www.linkedin.com/in/usman-shah-7u7/

Will be posting more and more content on medium soon.

Hope you had a good read.

Thank you.