My OSCP Journey
This blog post is all about my journey of getting the OSCP certification.
Who am I - Background
I passed the OSCP exam in my first attempt with zero cybersecurity/pentesting industry experience. I completed my bachelor’s in Computer Application (BCA) in India and Masters in Cybersecurity in Ireland. I know there are lots of writeups and blogs. This is for all those people who think they can’t do OSCP because they don’t have experience.
How this started
I came across OSCP when I was pursuing a master’s degree. One of my fellow mates has OSCP. I had no clue what it was and what skills do this certification required. So, I started Googling it and did some research about it. I realized that this certification is not an easy one (NOT FOR ME). I had no idea of basic Linux commands. Never worked on OWASP 10. Since I didn’t have the proper knowledge to pursue this certification. So, I started focusing on my master’s course.
First time I did pen-testing during my master course in the 1st-semester project on Hack The Box platform. It was a totally different experience for me. I never saw Hack the box before. I was shocked when I saw that platform. It was an amazing and interesting experience. From there my interest in HTB started building. I know that I had to upgrade my skills to even compete with the experienced student in my class. So, whenever I got free time I worked on Hack The Box. In April 2019 I went to the ZeroDays CTF event. First time I attended an event and I had never solved CTF’s or anything before. That day I actually learned lots of things that I didn’t know before. After, the CTF day I started reading the retired CTF challenges writeup. I started solving CTF challenges and machines on HTB. By the end of my 2nd semester, in August I planned to do CEH v10. I went to India to meet my family and side by side I did my CEH v10.
Preparation for OSCP (Jan 2020 — Nov 2020)
- Hack The Box
In January 2020 I submitted my master’s thesis and now it was a good time to completely focus on Hack The Box platform to increase my skills. I started with easy machines, then medium, after that hard and sometimes Insane boxes. Four months daily I was sitting in front of my laptop and solving HTB machines. It was painful to solve these machines. I struggled a lot because lots of things I didn’t know and I have to read many times to understand. Easy boxes some time took 2–3 days. I solved 28+ boxes and become n00b to Elite hacker on the HTB.
- Noob >= 0%
- Script Kiddie > 5%
- Hacker > 20%
- Pro Hacker > 45%
- Elite Hacker > 70% (My Rank)
- Guru > 90%
- Omniscient = 100%
In May 2020 I enrolled for eLearnSecurity Junior Penetration Tester (eJPT) certification and successfully passed eJPT in 7 hours with 19/20 marks. It was a wonderful exam with practical knowledge. Still, I was not sure that am I ready for OSCP?
I started doing OSCP like boxes on Hack The Box and I solved 34 machines. I solved some Buffer Overflow challenges also. I know my weak point that was Privilege Escalation. So, I did Windows and Linux Privilege Escalation (Cyber mentor & Tib3rius) courses on Udemy. The link is below.
Now the day comes when I enrolled for OSCP — 3 months lab and booked my exam on the 28th of Nov. I paused my part-time, as well as I started investing less time on HTB and more time on my OSCP labs.
When I started with the OSCP lab, I was confident because I had already solved lots of machines on HTB. So, I directly jumped to the lab machines. I did 3 boxes in 3 days. That was a big slap on my overconfidence. Then a few of my mates told me to do PWK pdf, videos, and then jump on the machines.
I followed their guidance and completed pdf + videos in 16 days. Now I was back in the labs. Some of the lab machines were very tough while some of them were piece of cake for me. I increased my study time from 12 hours to 15 hours. I used to sit the whole night doing labs and I was sleeping only 6 hours (5 am –11 pm). During my lab time, I cried lots of times, I was depressed, I was burned out. Sometimes it used to happen when I used to solved 3 boxes in a day and sometimes I was not able to crack a single box in 2 days.
Small pointer there are some boxes are extremely difficult like- Ghost, sufferance, humble, 1nsider, shared.thinc.local, manager, and adam. Apart from this, there are dependent boxes which can also be a pain in the ass. Sometimes I read the forum and took hints from the discord InfoSec Prep group. Finally, I completed all the 66 boxes in 35 days. Still, I had more than 30 days of lab remaining. So I started writing a lab exercises report to secure 5 marks. Now guess what:- exercises are one more big hurdle I had to face it. I felt like exercises are harder than lab machines. I finished all the exercises in 20 days and made 337 pages report. Now, I took 3 days of complete rest and started planning to do something else before my exam. I came to know about VHL labs.
Preparation - Virtual Hacking Labs (VHL)
I enrolled for the VHL 30 days lab. VHL lab is very good for initial shell enumeration also subnet boxes are good for privilege escalation practice. I completed 38+ boxes in 20 days and the last 2 boxes I left.
Boxes that are good for the PE practice are - James, Backupadmin, web01-dev, HelpDesk, Natural, Aaron, CMS02, Trails, Fed, WinAS01, Core, Trace.
Subnet2 PE Boxes: Mon01, JS01, websrv01, Graphs01.
10 days before my exam
I started reading hack the box and some vulnhub boxes writeups. For buffer, I will 100% recommend buffer overflow Prep room on tryhackme.
I started my exam on 28th Nov at 5 am. Luckily I didn’t face any issue during the proctored exam as people say a lot of times.
First box: I started with the buffer overflow box and in 45 minutes I was ready with my reverse shell final script. But when I triggered my script I didn’t get a test machine reverse shell. At that time I was more nervous and started panicking. I already did lots of buffer challenges. Still, I was not able to get a reverse shell after lots of practice.
2nd time again I did all the steps one by one. My offset, bad chars, jmp address looks fine. Still, I didn’t get a test machine reverse shell. My body starts shaking because I felt like I will fail this exam. I took 30 minutes break and left a buffer box for later. I started my Second box (10 points). I got a root shell in just 8 minutes at 07:43 AM.
I jumped to the Third box (25Points). I started enumerating and found myself I was heading towards a rabbit hole. Again I took 15 minutes break and started again. Then I found something that is hard to find. After 3.5 hours I got a user shell. Root part I left for later.
Fourth Box (20 points). I enumerated 30 minutes and I didn’t find anything that looks exploitable. I was again heading towards a rabbit hole. Again I took 15 minutes break and start enumerating from the beginning. Found a few more things but suddenly I found something that looks interesting. I got a user shell in 1.5 hours and root in 30 minutes.
Now I have 10+12.5+20= 42.5 points.
Back to the third box root part. Daam the root part on this box was hell is how I would say it. So, I got the root shell at 2:51 pm. Here I had a total of 55 points.
Back to the First box buffer overflow. Again 3rd time I did everything and I found my mistake and got a shell quickly.
Total points = 25 (Bof) + 10 + 20 + 25 = 80.
I took 2 hours of rest and after that, I start taking screenshots. Fifth and the last box. This box was a beast. I found an exploit but looks like the box was patched. I downloaded the vulnerable exploit in my own VMware and tested it in my kali box. It was working in my own VMware but not in the victim machine. The remaining time I spent in the 20 points box but I didn’t find anything. In order to pass the exam minimum of 70 points are required. And it's true the exam is brutal, you need to remain calm, the pressure builds up as the time passes. When the VPN connection closed I had rooted 4 boxes. Now time to write a report. I used the below template.
1: Never give up
2: Take screenshots as much as you can.
3: Don’t get burned out. Take breaks
4: Don’t close your exam tabs. It will help you to take more screenshots after the exam.
Exam and Lab Template
This repo contains my templates for the OSCP Lab and OSCP Exam Reports. The reports are nearly identical, with minor…
All these links I followed
Windows Privilege Escalation- Best link
Linux Privilege Escalation- Best link
Privilege Escalation enumeration Mind Map (Linux and Windows)
Buffer Auto script
The best tool for SUID enumeration.
Best web shell for Linux and Windows
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when…
Reverse shell payload generator
Smb port enum
Brute force cheat sheet
SQL Injection Cheat Sheet
Network Scanner Tool
Supports multiple targets in the form of IP addresses.
Tools I used
TJnull updated OSCP like boxes List
OSCP personal cheatsheet
Wordpress panel RCE Username enumeration Drupal panel RCE Default credentials Brute force Tomcat panel RCE HTTP basic…
This cheatsheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege…
I create my own checklist for the first but very important step: Enumeration. Useful exploits…
My OSCP Preparation Notes
Autobind ftp when ftp is permission denied for local user