OSCP V2 Journey

-


My Background :

I am working as an Information Security Analyst for over 2 years with experience in Vulnerability Assessment and Penetration Testing in the area of Web, Network, Mobile, Thick Client.

 

Pre-Prep :

I started preparing 2 months before I registered for the OSCP Exam. There are good resources online to start the preparation. I think a good place to startwith the TJNull’s OSCP like machine from both HTB and Vulnhub. Purchased HTB VIP and tried doing most of the boxes mentioned in it. It was a good start to practice the enumeration techniques.

 

Updated list from TJNull’s OSCP like machines :


HTB machines

 

Vunhub Machines

 

After 2 months of working on HTB and Vulnhub, I finally registered for the OSCP. I took 2 months LAB access in April 2020.

 

As soon as i got access,I went straight off to the PDF and the Videos. It took me almost 15 days to complete the PDF, videos and all the exercises with reporting and I was left with 45 days to complete the labs. The last 5-6 days was planned to take screenshots and report. 

I had the target as completing at least 1 machine per day. Due to work, sometimes I couldn’t spend time on labs.

I felt it was better to go with the machines with no dependencies and skipped the AD machines initially.

Once I was done with most of the machines, I worked on AD machines at the end. I was able to complete 50 machines in 40 days.

 

Exam :

I began at 9:30 PM, finished the initial stuff of ID verification and connection check and the proctor scanned my room.

Once my exam started, I started with the Buffer Overflow (25 points) which was a basic BoF machine and worked on my recon on other machines using AutoRecon. Finished it within 1.5hr (It takes time).

By the time I finished the BoF, my AutoRecon scan was completed. Then it was the 10-point machine with was really easy. It hardly took me 1hr to get root.

One of the 20-point machines, the initial shell was pretty simple. But I was stuck at Privilege Escalation. I had already spent 2 hrs. So, I went on with the 2nd 20-point machine.

I had found few attack vectors but the exploits were not working for some reason. I spent almost 2 hrs but I couldn’t get initial shell. I skipped the machine and went to the 25-point machine. In 1.5 hrs, I had the Initial Shell.

I had 55 point so far and had spent almost 7 hrs.

After sleeping for some time, I again started with the Privilege Escalation on the 1st 20-point machine and rooted it in 2 hrs. Then I got root on the 25-point machine in another 3 hrs which was difficult.

I was stuck on the 20-point machine with no initial shell. As I could use Metasploit on one machine, I used it on this and got initial shell. Privilege escalation was really simple which hardly took 30 mins to get root.

I had all 5 machines in 18-19 hrs.


Then I had to take screenshots for all the 5 machines and make sure I had not missed anything.

Finally, after 8 business days, I got the confirmation mail that I had passed.


 Things which might help :

  1. Make your own cheat sheet from all the things which you use for the HTB, Vulnhub and OSCP Lab machines.
  2. Watch Ippsec’s videos atleast 1 per day
  3. Work on Privilege Escalation
  4. Work on Enumeration strategy (This will be the only thing which helps)

Few references for Privilege Escalation :

 

References,

https://book.hacktricks.xyz/

https://sushant747.gitbooks.io/total-oscp-guide/

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/README.md

https://github.com/Ignitetechnologies/Privilege-Escalation/blob/master/README.md

https://github.com/m0nad/awesome-privilege-escalation

 

OSCP Offensive Security Offensive Security Certified Professional OSCP Journey Try Harder OSCP 2020 PWK Penetration Testing

Comments

Post a Comment

Popular posts from this blog

INSTALL TIGHTVNC ON KALI LINUX RASPBERRY PI

-
Image
Install TightVNC server using the following command apt-get install tightvncserver Run VNCserver to generate the configuration files. vncserver :1 VNC sessions are not linked to Linux user authentication.It is just protected by a password.So, it is better to change your password. Change your password using vncpasswd Run the command to check the VNC connection netstat -tupln Use a VNC application such as VNC CONNECT and login using the PI's IP Address. Download the  VNC CONNECT   To run VNC over SSH, we can create a SSH tunnel. Start your VNC server vncserver :1 -geometry 1280x800 -depth 16 -localhost -nolisten tcp -locahost option will ensure VNC port is listening only on local interface. -nolisten tcp - X Server will not listen on the network. Now, create a SSH tunnel  ssh -L 5901:localhost:5901 -N -f <user>@<ip> Any connection to this port will be tunneled by SSH. ENABLE AT STARTUP To...
Read more

ENABLE AUTOSTART FOR X11VNC

-
Image
ENABLING AUTOSTART FOR X11VNC ON KALI LINUX RASPBERRY PI TO INSTALL VNC check my last post INSTALL X11VNC ON KALI LINUX RASPBERRY PI   O nce you've started the service, it'll run until you stop it or reboot. To Autostart it during BOOT , follow these steps. Create a file "sharex11vnc" in the directory /usr/local/bin Open a terminal, type cd /usr/local/bin this will take you to that directory. To create a file, type nano sharex11vnc Enter the following,   #!/bin/sh x11vnc -ncache 10 -auth guess -repeat -nap -loop -forever -rfbauth ~/.vnc/passwd -desktop "VNC ${USER}@${HOSTNAME}"|grep -Eo "[0-9]{4}">~/.vnc/port.txt # comment this out if you dont want a pop up telling you which port you're using zenity --info --text="Your VNC port is 'cat~/.vnc/port.txt'" press Ctrl+x then press "y" then hit Enter . This will save the file. This script will run the x11vnc during boot. Once t...
Read more

INSTALL X11VNC ON KALI LINUX RASPBERRY PI

-
Image
Once your PI is  configured, update it.  apt-get update  apt-get upgrade After everything is updated, install x11vnc by typing apt-get install x11vnc  After it is installed, set up a password to connect to your PI. Type, x11vnc -storepasswd Enter your password and press enter and you're done. To connect through vnc, first you need to start the service.Type the following command to start it. x11vnc -ncache 10 -auth guess -nap -forever -loop -repeat -rfbauth /root/.vnc/passwd -rfbport 5900 -noncache Use a VNC application such as VNC CONNECT and login using the PI's IP Address. Download the VNC CONNECT   https://www.realvnc.com/download/vnc/ CHECK MY   ENABLE AUTOSTART FOR X11VNC    TO AUTOSTART IT DURING BOOT
Read more