My way to OSCP

“OSCP is a journey, not a destination”

Hello friends, I recently completed my OSCP certification and want to share my experience with all of you, I took a 1 month lab and completed 43 machines.

Before Registration

So my journey started in nearly October 2018 when I registered on Hackthebox Penetration testing platform, and in nearly March 2019 I came to know about OSCP from one of my friend Krishnapal Sharma, in nearly May 2019 when I completed 23 boxes on Hackthebox, I thought to go for OSCP now so I started reading blogs of other peoples on OSCP and started preparing according to that.

After Registration

Finally on 21 May I registered for OSCP and took 1 month gap before lab starting time, my lab was scheduled on 23 June, in that meantime I started doing Vulnhub machines which helped me so much in the lab, I made list of both Hackthebox and Vulnhub machines for OSCP, My list:

HACKTHEBOX: hereVulnhub : here

So I completed nearly 40+ machines during that time and took a 4 days break before lab

In PWK-Lab

On the first day, My lab timing is 5:30AM so I woke up at 5:00AM and just took a shower, I was very nervous at that time, at the correct time I got the VPN connection and credentials, that time I downloaded the study material and took a quick look at the pdf after that I started doing the lab at 7:00 AM. Daily I start at 6:00AM to 8:00PM for lab then from 10:00PM to 12:00AM I read the study material and watch videos, I followed the blog of Arvandy, for the series of machines and completed 43 machines overall, below is the list of machines according to respected day:

Day 1. Alice, Phoenix, Mike, Bob, RalphDay 2. Alpha, Beta, Bethany, DJ, CoreDay 3. Pain, FC4, Dotty, BarryDay 4. Edbmachine, Helpdesk, Oracle, KrakenDay 5. Sean, Timeclock, HotlineDay 6. Niky, Jeff, Internal, PaydayDay 7. Carrie, Leftturn, SusieDay 8. Kevin, Mail, Pedro, JDDay 9. Gamma, Tricia, Pi, TophatDay 10. Joe, SherlockDay 11. Mario, LuigiDay 12. Gh0stDay 13. SufferenceDay 14. Humble

Useful links:

  • For other important links please refer to Krishnapal Sharma Blog here

After that I scheduled my exam on 9 July at 7:30 AM, but one important thing, Buffer overflow which is very important so in 2 days i completed the SLMail, Vulnserver by offsec, WarFTP and RM2MP3Converter for practice

Reference for bof:

  • Penetration Testing book By Georgia Weidmen

On Exam Day

I was very unsure about the exam before the day of exam, on the day I woke up at 5:00 AM and took a shower after that had breakfast and setup my room for examination then at 7:15 AM I connected my machine to offsec ScreenConnect and Webcam and completed the steps, as I did some Buffer Overflows 2 days before so I was very sure about it and started from the 25 number bof machine which took 1 hour for me, in between that there was a problem I faced which then solved when I completed the whole steps twice

It was 8:30 AM and I started My second Machine which is 10 point machine which took almost 30 minutes to complete and there is no privilege escalation in that

At 9:00 AM I was feeling good but due to my machine is very outdated so it was taking very long for nmap scan so I took a 10 minutes break when the scan is in process and after I came back started the 20 point machine which took 1 hour for me to complete, the shell was little bit tricky but the prevesc was straight forward.

at 10:10 AM, I took another break of 20 minutes after at 10:30 AM I get back to the seat and started the other 20 point machine and got shell in nearly 30 minutes but than the strange part came, after shell I took a break and had lunch, when I get back to seat started enumeration, from 12:00 PM to 7:00 PM I was stuck at same place, after that I left the machine and took a break for dinner.

After this I left the 20 point and started enumerating the 25 point machine at 8:00 PM , where I got shell in 45–60 minutes and in enumeration found the key point to root in 10 minutes but there is some exploit modification so at 12:00 AM I thought to take a break to sleep for some time, but I was unable to sleep because I was thinking about the machine, in nearly 1 hour a thing strick my mind, something which was required for that, and I woke up back to the seat and in 10 minutes escalated it for root at nearly 2:00 AM.

Made a report till 3:45 AM and then closed the connection and sleep, another day I woke up at 10:00 AM and completed my report and submitted to offsec, due to some problems my result was delayed but on 27 August I got the mail of completing it.

Tips for Exam:

Just keep calm, like a normal day of Pentesting, in stress or nervousness the things will get more complicated for you. Start sacnning all the machines in starting will save so much of time. The things you learned in lab are more important than the certificate you will get, so focus more on lab.




Security Researcher | OSCP

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The Call Stack and Memory Heap explained.

Becoming a Technical Writer at Google

Power BI Row Level Security and Dynamic RLS

How and why to use a function to configure New() in Golang

GitLab VS GitHub

How to run periodic tasks in Celery

How to use #each_with_object in Ruby, when to use it , and when not to!

Lab Technician, Lab Attendant — 7 Posts

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vaibhav Joshi

Vaibhav Joshi

Security Researcher | OSCP

More from Medium


An overview of Scallop’s Achievements in January and February 2022

CONNECT Live AMA Summary

Jail: my first day.