My way to OSCP
Hello friends, I recently completed my OSCP certification and want to share my experience with all of you, I took a 1 month lab and completed 43 machines.
So my journey started in nearly October 2018 when I registered on Hackthebox Penetration testing platform, and in nearly March 2019 I came to know about OSCP from one of my friend Krishnapal Sharma, in nearly May 2019 when I completed 23 boxes on Hackthebox, I thought to go for OSCP now so I started reading blogs of other peoples on OSCP and started preparing according to that.
Finally on 21 May I registered for OSCP and took 1 month gap before lab starting time, my lab was scheduled on 23 June, in that meantime I started doing Vulnhub machines which helped me so much in the lab, I made list of both Hackthebox and Vulnhub machines for OSCP, My list:
So I completed nearly 40+ machines during that time and took a 4 days break before lab
On the first day, My lab timing is 5:30AM so I woke up at 5:00AM and just took a shower, I was very nervous at that time, at the correct time I got the VPN connection and credentials, that time I downloaded the study material and took a quick look at the pdf after that I started doing the lab at 7:00 AM. Daily I start at 6:00AM to 8:00PM for lab then from 10:00PM to 12:00AM I read the study material and watch videos, I followed the blog of Arvandy, for the series of machines and completed 43 machines overall, below is the list of machines according to respected day:
Day 1. Alice, Phoenix, Mike, Bob, RalphDay 2. Alpha, Beta, Bethany, DJ, CoreDay 3. Pain, FC4, Dotty, BarryDay 4. Edbmachine, Helpdesk, Oracle, KrakenDay 5. Sean, Timeclock, HotlineDay 6. Niky, Jeff, Internal, PaydayDay 7. Carrie, Leftturn, SusieDay 8. Kevin, Mail, Pedro, JDDay 9. Gamma, Tricia, Pi, TophatDay 10. Joe, SherlockDay 11. Mario, LuigiDay 12. Gh0stDay 13. SufferenceDay 14. Humble
Welcome folks! My name is Guifre /gIfɾɛ/ Ruiz, I am a software engineer originally from Spain and currently living in…
Basic Linux Privilege Escalation
Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a "magic" answer, in this…
- For other important links please refer to Krishnapal Sharma Blog here
After that I scheduled my exam on 9 July at 7:30 AM, but one important thing, Buffer overflow which is very important so in 2 days i completed the SLMail, Vulnserver by offsec, WarFTP and RM2MP3Converter for practice
Reference for bof:
- Penetration Testing book By Georgia Weidmen
Buffers overflow ToC Identification First step is to identify the vulnerability. You can debug the app and fuzz it with…
10 Easy Steps to Exploit Basic Stack-Based Buffer Overflow
Exploiting SLMail 5.5 Buffer Overflow
On Exam Day
I was very unsure about the exam before the day of exam, on the day I woke up at 5:00 AM and took a shower after that had breakfast and setup my room for examination then at 7:15 AM I connected my machine to offsec ScreenConnect and Webcam and completed the steps, as I did some Buffer Overflows 2 days before so I was very sure about it and started from the 25 number bof machine which took 1 hour for me, in between that there was a problem I faced which then solved when I completed the whole steps twice
It was 8:30 AM and I started My second Machine which is 10 point machine which took almost 30 minutes to complete and there is no privilege escalation in that
At 9:00 AM I was feeling good but due to my machine is very outdated so it was taking very long for nmap scan so I took a 10 minutes break when the scan is in process and after I came back started the 20 point machine which took 1 hour for me to complete, the shell was little bit tricky but the prevesc was straight forward.
at 10:10 AM, I took another break of 20 minutes after at 10:30 AM I get back to the seat and started the other 20 point machine and got shell in nearly 30 minutes but than the strange part came, after shell I took a break and had lunch, when I get back to seat started enumeration, from 12:00 PM to 7:00 PM I was stuck at same place, after that I left the machine and took a break for dinner.
After this I left the 20 point and started enumerating the 25 point machine at 8:00 PM , where I got shell in 45–60 minutes and in enumeration found the key point to root in 10 minutes but there is some exploit modification so at 12:00 AM I thought to take a break to sleep for some time, but I was unable to sleep because I was thinking about the machine, in nearly 1 hour a thing strick my mind, something which was required for that, and I woke up back to the seat and in 10 minutes escalated it for root at nearly 2:00 AM.
Made a report till 3:45 AM and then closed the connection and sleep, another day I woke up at 10:00 AM and completed my report and submitted to offsec, due to some problems my result was delayed but on 27 August I got the mail of completing it.
Tips for Exam:
Just keep calm, like a normal day of Pentesting, in stress or nervousness the things will get more complicated for you. Start sacnning all the machines in starting will save so much of time. The things you learned in lab are more important than the certificate you will get, so focus more on lab.