DcodeZer0

┌──[root@dcodezero] └──╼ # Hacker | RedTeam | PenTester | CTFPlayer | HackTheBox

OverView

It was one and half years ago I completed my C|EH certification. Since then my only aim was to gain my OSCP no matter what it takes from me. I was ready to give my complete effort and dedication in order to gain my OSCP. This blog outlines my journey towards OSCP and I’ll be sharing some hints and guidelines at the end of the blog which can be helpful in gaining your OSCP as well.

Background

Before I get started my journey towards OSCP, I am a computer science student, finished my master’s degree. But had no experience in the field of cyber security. I strongly had a passion towards security and precisely towards breaking into things. This is all the mind set required in cyber security industry. My first intension was to get my C|EH, but it has not satisfied me and I wanted more of it. Then I’ve taken OSCP as a challenge to myself and the journey begins now.

The Journey

This journey started about 9 months ago, I took the VIP subscription from Hack The Box and started to hack into some retired easy machines to gain some skill and confidence. But the situation was quite difficult for me and I was unable to get even an initial foothold of any machine. However, within a short period, I was able to get the easy machines pawned. Once I gained confidence in cracking the machines, I slowly moved towards the Active Machines section. Within a period of 3 months I had all the easy and medium machine owned. By the time of 6 months after starting HTB, I almost had about 50+ machines owned. I had also completed the TJNULL’s OSCP machines list. At this point, I was pretty confident that I’m ready for my OSCP exam.

The Plan

Once I gained confidence, I felt like I’m ready for the battle. I came to know that there are 60+ machines in the OSCP lab. My idea was to go with 2 months of lab time and hack into at least 40+ machines. I started my lab access on 2-8-20 and by the time of 1-10-20 I have done 54 machines, which I didn’t expect.

First Month

In the beginning, I was given the access with credentials to log into the forums and the VPN to get connected to their network. The guide lines were straight forward and the map to hack the lab machines was quite interesting to me. This interested me more in doing a lot of machines and I strongly had a feeling that I’m going to learn a lot of things in this two months of my journey. I started to read the material provided my Offensive Security for 3 days and trying to complete a few machines if possible. The material consists of really good content and the videos were a lot helpful.

Second Month

I was pretty much fed up with doing scans manually as it is wasting a lot of my time, then I had to move towards automation. I have written my own scripts to automate the scans to make my work much easier. This way I learned a lot of coding and kind of automating. Slowly I was able to complete the top 5 machines, which made me feel awesome. Slowly the time passed by and now the fun part begins. At this point I almost had all the individual machines compromised and while tackling with the other machines, I was not able to get anything out of these machines. Looking out from the forums I understood that some machines have dependencies and some machines have a chain of dependencies. It took me a lot of time in understanding the dependencies and mapping it from one machine to the other. The overall journey in the lab time was frustrating and fun, I could never forget this ever.

Before Exam

I have registered the exam after a week to the end of my lab access. I tried to relax myself for the whole week and doing the lab report simultaneously. I was able to successfully complete the lab report within one-week and revisited all the machines that I’ve done in the lab. During this process I had made my own cheat sheet so that I can organize and remember the things well. Trust me this was a life savior. Just the day before the exam I was super nervous, my mind was rushing with different thoughts about the exam and keeping my mind stable and cool was literally not possible. After a good night sleep, I woke up with a fresh mind at 7 am, had my breakfast and took a nice warm shower. It was about two and half hours just before the exam…

The Exam Plan

Had to finish the buffer over flow machine in 2 hours at maximum.
Move to the easiest machine i.e. 10 marks machine and finish it in an hour or two at maximum.
Then tackle with the other two 20 marks machines with in a time of 10 hours maximum.
If all goes in the planned way, I should be still having time for the last 25 marks machine.

The Exam Time

I started my exam at 9:45 am sharp. The guide lines are pretty straightforward and I picked the Buffer overflow machine as my first choice. It took me about 4 hours to solve the machine because of some silly and manual mistakes. Next, I went with the easiest 10 marks machine which took me 15 min to compromise the machine with some change in the exploit code. Though BOF took me 4 hours, I managed to solve the 10 marks machine super quick. So according to the plan I was going in the right direction with time. Once I knew that I had 35 marks in hand, I took a small break and had my lunch. I got back to my seat at 2:00 pm and started to tackle with one of the 20 marks machine. An hour and half later I’m able to get the initial foothold of the machine. I tried harder for so much time to compromise the machine completely, but no luck after a really long time. Then I moved on to the other 20 marks and tried hitting the machine for a really long time, but unable to get even an initial foothold out of it.

The time passed by really quick and now the time is 9:00 pm, but still nothing. Realizing that I need to calm down myself, I took a straight 2 hours of break and I spend some time with my parents and felt much better. I had a feeling that I’m going in a wrong loop and I had to break it. This thing is a game changer, I reverted the machine and started it from the beginning. Once the mind is clear and cool, the ideas are rushing in my head and my methodology worked fantastic in gaining the privileged access of the machine. My excitement was to peaks. By the time of 01:00 am, I was having 55 marks in my hand. I was so exhausted at this point, so I went for a quick powernap and headed my way again.

Knowing that I already had 55 marks, now all I need is 15 marks more to clear the exam. So, I started to tackle the other 20 marks machine. Within no time I was able to get the root access of the machine. At this point I had 75 marks, which is sufficient to pass the exam and now the time is around 03:00 am. Now my plan of action is to reset all the 4 machines and start them from the beginning and take screenshots of each and every step possible as screen recording is not possible now. By the time of 06:00 am, I had my screenshots ready. I took another 2 hours to verify all the things and confirm all are fine, I ended my exam at 08:00 am. Oh YES! But wait, the battle has not ended yet.

The Report

It took me 5+ hours to complete the professional exam report and I submitted it with in 24 hours span of time. YES! The battle has finished and now I need to wait for the results to be positive with fingers crossed.

The Output

It took some where about 3-5 days to get a mail from Offensive Security stating that you have successfully completed the Penetration Testing with Kali Linux certification exam and have obtained your Offensive Security Certified Professional (OSCP) certification. This is the moment of truth, I have been craving for months. Now I’m an OSCP, which I’m so proud of.


Tips and Tricks


Two to three months of HackTheBox and Ippsec’s videos

Yes! You definitely need a prior understanding how things work. The best way to learn is to start from the easy machines in HTB, then keep improving yourself.

Easy rated vulnhub machines.

Try to do as many boxes from vulnhub. once the machine is exploited, try to replicate the same vulnerability that you have exploited from the machine on a new machine. Doing so will teach you a lot of stuff.

The TJNULL’s List of OSCP like machines.

As I was talking about it before, once you think you gained confidence doing HTB and Vulnhub machines you can make a mock exam, like taking a few machines from the list and trying to complete them in a time constraint.

Take help from forums and Communities.

Yes! Take help from forums and other communities. There are really good people who can help you out in some way or the other way.

The Cheat Sheets.

This might be funny but trust me, look at the cheat sheets available on google. There are plenty of them where you can find most of the stuff that is required for OSCP and beyond. Read the cheat sheet daily as if you are reading a newspaper every day. This will help you.

Last but not the least.

Use GOOGLE to figure out the things that you have no idea about, even if it is small thing. Using the keywords properly with the help of google will solve your most of your problems.

The Final Touch

I hope that you liked my blog and this blog might help the other who are aiming for their OSCP. In the end I wanted to say that this has been a wonderful journey to me.

You may also enjoy

Game of Active Directory - Part 3 [Recon]

4 minute read

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to pract...