Another, Here is my OSCP story


So the OSCP journey is hard work, needs commitment, understanding from your wife and a try harder attitude (you will hate the words try harder and love them at the same time).

To be able to pass the exam and earn the OSCP cert you will need to get enough points to pass. You will have a handful of machines with varying points to attack to get the much needed points. You have exactly 23.45 hours to achieve this.

Typically one machine will be for exploit writing and which is worth top points. The others will be for enumeration, exploitation, and post-exploitation. To practice various attacks and approaches, you will be given access to an online lab which has around 55 machines of different versions of both Windows and Linux. Once you are confident in your pentest skills after practicing in labs, you can take the exam.

I started the OSCP labs with a pretty decent background in IT and penetration testing, Having said that i didn’t know anything about buffer overflows when i started.

You are going to need a try harder never give up attitude, if you are missing this, don’t bother starting the OSCP journey. You will also need some linux skills, patience and the ability to understand some basic coding.

For your money you will receive a PDF, a bunch of videos and access to the labs. These are very good resources to get you through your lab and exam, but you WILL need to also do your own research on top of these resources.

One of the resources that you can follow step by step is the buffer overflow. Buffer overflow is a very important concept you should practice. Because, if you are good at exploiting buffer overflows, you are sure to get the maximum point machine in the practical exam.

Enumeration, enumeration, enumeration.

You will hear this over and over and over. You will think yeah yeah whatever, i have looked everywhere!!!! But you have either a) not looked everywhere or b) already found what you need and just simply overlooked it. Enumeration is the key to success, if you don’t spend the time enumerating, you will not pass the exam, it really is that simple.

Some tips i can give you are:

NOTES

Make sure you take great notes. I used OneNote for this and it worked perfectly.

Each machine had its own section and then in each section there were subsections where i could keep my notes and screenshots.

The other tip I can give you is try and find a methodology that works for you.Exploiting a machine is a Systematic Process:

  1. Find the open ports and services running on ports
  2. Enumerate the services and the machine
  3. Exploit the correct vulnerability and gain access
  4. Do proper post exploitation enumeration
  5. Privilege Escalation

The EXAM

I made sure i started my exam in the morning. This allowed me to get a full nights sleep and a fresh start at the exam.

Metasploit usage is restricted in the exam. You should use it only once. So, use it wisely, but it is NOT needed to pass the exam. I failed my first attempt with 10 points less than i needed ;(
But i would say ALWAYS start with the buffer overflow machine, as you can get this done fairly easily and get good points to give you a motivation boost. It took me probably 1 – 2 hours to get this completed. Then you can concentrate on the other boxes.

After my first failed attempt I turned to hack the box to play some CTF and practise in a different environment from the OSCP labs. This really helped me learn some creative ways for looking at exploiting boxes.

A few months later, i had another go at the exam, This time i had enough points to pass in 12 hours and used the rest of the 24hours to write my report as i still had the exam VPN connection. If i had missed some notes for my report i still had time to go back and get the screenshots / notes i needed. I went to bed very happy knowing that i had enough points to pass.

I sent the report the next morning and then waited the the email to say if i had passed or not.  A few days later i go confirmation and had such relief.

A few weeks later i got my certificate in the post (real name redacted for OpSec 😉 )

Lessons learned

  1. Never give up, ever! If you can’t find a solution you haven’t looked hard enough.
  2. Document your notes in a clean way. Pass on what you learned (without spoilers ).
  3. An hour of careful enumeration saves two days of …. Frustration.
  4. Nothing is impossible except turning back time, so manage it carefully.
  5. Don’t be intimidated but also don’t get cocky.
  6. Buy tons of flowers /gifts for the wife as she will need to back you up big time!
  7. Have fun !!! Even if you fail that’s ok, a setback = a setup for a comeback.