OSCP V2 Journey


My Background :

I am working as an Information Security Analyst for over 2 years with experience in Vulnerability Assessment and Penetration Testing in the area of Web, Network, Mobile, Thick Client.

 

Pre-Prep :

I started preparing 2 months before I registered for the OSCP Exam. There are good resources online to start the preparation. I think a good place to startwith the TJNull’s OSCP like machine from both HTB and Vulnhub. Purchased HTB VIP and tried doing most of the boxes mentioned in it. It was a good start to practice the enumeration techniques.

 

Updated list from TJNull’s OSCP like machines :


HTB machines

 

Vunhub Machines

 

After 2 months of working on HTB and Vulnhub, I finally registered for the OSCP. I took 2 months LAB access in April 2020.

 

As soon as i got access,I went straight off to the PDF and the Videos. It took me almost 15 days to complete the PDF, videos and all the exercises with reporting and I was left with 45 days to complete the labs. The last 5-6 days was planned to take screenshots and report. 

I had the target as completing at least 1 machine per day. Due to work, sometimes I couldn’t spend time on labs.

I felt it was better to go with the machines with no dependencies and skipped the AD machines initially.

Once I was done with most of the machines, I worked on AD machines at the end. I was able to complete 50 machines in 40 days.

 

Exam :

I began at 9:30 PM, finished the initial stuff of ID verification and connection check and the proctor scanned my room.

Once my exam started, I started with the Buffer Overflow (25 points) which was a basic BoF machine and worked on my recon on other machines using AutoRecon. Finished it within 1.5hr (It takes time).

By the time I finished the BoF, my AutoRecon scan was completed. Then it was the 10-point machine with was really easy. It hardly took me 1hr to get root.

One of the 20-point machines, the initial shell was pretty simple. But I was stuck at Privilege Escalation. I had already spent 2 hrs. So, I went on with the 2nd 20-point machine.

I had found few attack vectors but the exploits were not working for some reason. I spent almost 2 hrs but I couldn’t get initial shell. I skipped the machine and went to the 25-point machine. In 1.5 hrs, I had the Initial Shell.

I had 55 point so far and had spent almost 7 hrs.

After sleeping for some time, I again started with the Privilege Escalation on the 1st 20-point machine and rooted it in 2 hrs. Then I got root on the 25-point machine in another 3 hrs which was difficult.

I was stuck on the 20-point machine with no initial shell. As I could use Metasploit on one machine, I used it on this and got initial shell. Privilege escalation was really simple which hardly took 30 mins to get root.

I had all 5 machines in 18-19 hrs.


Then I had to take screenshots for all the 5 machines and make sure I had not missed anything.

Finally, after 8 business days, I got the confirmation mail that I had passed.


 Things which might help :

  1. Make your own cheat sheet from all the things which you use for the HTB, Vulnhub and OSCP Lab machines.
  2. Watch Ippsec’s videos atleast 1 per day
  3. Work on Privilege Escalation
  4. Work on Enumeration strategy (This will be the only thing which helps)

Few references for Privilege Escalation :

 

References,

https://book.hacktricks.xyz/

https://sushant747.gitbooks.io/total-oscp-guide/

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/README.md

https://github.com/Ignitetechnologies/Privilege-Escalation/blob/master/README.md

https://github.com/m0nad/awesome-privilege-escalation

 

OSCP Offensive Security Offensive Security Certified Professional OSCP Journey Try Harder OSCP 2020 PWK Penetration Testing

Comments