Cracking OSCP!!

Hello reader,
Thanks for visiting here and it feels good to share my journey towards being OSCP certified.

I will write my OSCP adventure based on the questions  I have received when I shared my OSCP result mail with others.

When did you plan to aspire to become OSCP?

The aspiration for OSCP, rather the aspiration to become an Infosec professional, started 4 years back when I entered 3rd year of B.Tech. One fine morning, at 6:30 AM I knocked my friend’s door (Ajith hostel’s room) and told I ‘ll become Infosec professional and he was the first person who respected my decision and motivated me constantly. From that day I never backed out. I still remember I didn’t go home during a month winter vacations to practice on sites like hackthissite.org, hackthis.co.uk etc. In the initial days, I got to know about CEH, OSCP, and other certifications. Offensive Security Certifications seemed like a summit that one should first dare to dream. And I dreamt OSCP all the nights for four years. I wrote word ‘OSCP’ numerous times wherever I could scribble just to keep me motivated. During my college days,  I concentrated more on basics like Linux system administration, Networks, and Scripting. B.Tech Done!! and I asked my father a year permission for OSCP.

Did you do other certifications before OSCP?

Yes, I did CompTIA N+ in August 2016 and joined a company for my financial needs. After 7 months I resigned I did CEH in August 2017. My understanding of certifications in Infosec field is that some of them we gain for our knowledge and some of them we gain for HRs. N+ was basically to present my hold on basics in Networks and CEH for ‘some’ HRs in India.

LinkedIn profile: G L V Prasanna Kumar

What did you do before you signed up for PWK Labs?

First and foremost, I checked my bank balance and resigned from my job and only did the independent consultancy for them for next three months. I had plans to do CEH and OSCP in the next four-five months. I explained my plans to my parents and sister. Even though my parents did not understand what I am up to, they supported me in their own ways to achieve my goals. My younger sister seemed like an elder one to me in those days. Time, Money, Family; I understood more about these during my OSCP journey.

What are the prerequisites to crack OSCP?

As such, there are no prerequisites required by Offensive Security for the OSCP exam. But question yourself these:

  • Can you use a Linux system only in a Terminal to perform actions like managing services, edit a text file?
  • Can you understand a basic C program? Can you write (at least edit) simple codes?
  • Are you familiar with basics of any Scripting language? ( I recommend Python, Bash)?
  • Can you google?

At last, you should have creative thinking, patience and lots of enthusiasm. There are some machines in the lab that require your creative thinking, and some to have patience like a hunter.  Some make you start again from rebooting your machine.

If you are even 50% sure about the questions, yet you have time to work hard, patience to learn, unlearn and relearn you can crack OSCP. I know a few who did OSCP in a year without proper academic background too. I am not discouraging anyone but the latter scenario is not for faint-hearted.

 

What was your preparation before the start of PWK labs?

Before you sign up for PWK Labs, there are certain things that I recommend. Please visit this link A Detailed Guide on OSCP Preparation – From Newbie to OSCP. This link has become the widely accepted in OSCP community for OSCP aspirants. Go through the pre-enrolment section and finish all topics told over there (Buffer Overflow section is very important). Next step should be rooting Vulnhub Machines compiled for OSCP aspirants here Abatchy’s Blog- OSCP-like Vulnhub VMs. That ‘ll do most of your preparation. Next, sign up for Hack the Box and start pwning machines. This was two months before my start of PWK Labs. I got to know about Hack the Box very late. Only a few machines fall under OSCP category and most of them are very advanced. One suggestion I got mid-lab was App Script- Root Me Challenges. That’ll teach you how to exploit misconfigurations.

Other preparations involve creating your own lab environment if possible, this will be very useful to test exploits, concepts during your lab time. Lab Setup should involve at least one Windows Machine (download as the developer from Microsoft), one updated Kali Machine. Even though both are provided by Offensive Security, but this little setup helped me to ease my jobs. And also, some tools didn’t work properly in Kali Machine provided by Offensive Security such as enum4linux.

 

What was my experience during PWK Labs?

I signed up for 60days lab option and it commenced on September 24, 2017.  Remember, you have to book the dates in prior. I got the mail with course material and VPN connection at 5:30 AM. Next two weeks I spent my time in finishing course material and documented exercise in KeepNote. This is debated step among OSCPs. Some recommend to start the lab and some say to start with course material. I go with the latter because you will get stuck in a dilemma to root machines or to complete exercises at the end of the lab if you haven’t rooted all the machines in the lab.

I started to work on PWK-Labs in the third week. And in next ten days, I could only root 8  out of 45+ machines. Later, the graph improved a lot better with 25 machines in 20 days. At the start of my last week of PWK Labs, I rooted all the machines. Those 60days unleashed a hidden potential in me. Trust me, I saw daylight only for  20 hours in those  60days.  Sometimes, I didn’t know if it was day or night. All is well that ends well.

 

I had bookmarked resources that I have used during PWK labs. You can import them into any browser by downloading this My OSCP Bookmarks

Gimme some tips how to proceed in PWK Labs?

These are the following tips I give to any OSCP aspirant regarding labs:

  •  There are four networks in PWK Labs: Public, IT, Dev, Admin
    Start with Public Network and work towards gaining low hanging fruits.
  • Follow a strict methodology which will help even in your professional life. Consider each of the following steps seriously
    • Footprinting
    • Scanning
    • Enumeration
    • Exploitation
    • Post Exploitation Enumeration
    • Reporting
  • Some of the machines in the lab have Nmap installed. Perform Nmap full scan of lab machines from those machines to get faster results.
  • Try default and weak passwords always.
  • Remember to revert machines always. Sometimes, you need to reboot even your system.
  • When using public exploits, read it once to understand what it does and decide if it really works in intended manner on the machine you want to root.
  • Dont hesitate to use Linux Enumeration scripts such as Linux Privilege Checker, Linux Enum script.
  • About the usage of Metasploit, some machines are intended to be exploited using Metasploit.
  • Understand how tunneling works to pivot to machines in other networks using sshuttle, ssh+ proxychains.
  • Some machines do have credentials that provide you direct access to other machines. Always have a habit of noting down passwords and also dumping passwords from rooted machines.
  • Some machines talk with other machines. Those communications are very important.
  • Always remember, errors are hacker’s hints.
  • Take Screenshots in fullscreen. You can always crop it to your needs later.
  • While reporting keep all the commands you have used and URLs you have used in text format, even if you have pictures of them. It ‘ll be very useful for re-exploitation of the machines.
  • Dedicate at least last 3 days for reporting, if possible.
  • When you are in doubt, visit Offensive security forums.
  • TRY HARDER!!!!

What should I do after I finish Labs?

First and foremost, prepare your lab reports (machines and exercises). I have reported only 12 machines in my Lab report. Next, go take some rest. I finally enrolled for OSCP exam for Dec 18, 2017. During my waiting period, I worked on Buffer overflow by downloading vulnerable software like MiniShare, FreefloatFTP. Read Vulnhub, Hack the box machines’ write-ups. I went on a trek a week before my exam. Also, keep a report template ready for the exam.

How did your OSCP Exam go?

One day before my exam, I stocked Maggi (noodles), Redbull (caffeine energy drinks) and all things needed to keep me awake for next 48 hours. Due to anxiety, I couldn’t sleep that night. Sad but most OSCP people fall into the same category.

I got the VPN connection at 12:30 AM IST. I opened five workspaces for each machine in ‘Terminator’ in Kali Machine dedicating each to a machine. I connected to exam network and scanned all the machines. Within next three hours, I rooted a machine for 20 points. Next one hour went in solving buffer overflow machine. To be noted, confirm bad characters twice while solving buffer overflow based machines. By then, I achieved 45 points. In next 7 hours, I rooted one ten points machine and another twenty points machine. I felt good to get 75 points in 10 hours. Next 4-5 hours, I worked on 25 points machine. I finally rooted it. Again,

I slept for a couple and started to write the report. Meanwhile, the first 24 hours of the exam got finished. I finally compiled all the necessary things in the report and checked it multiple times for any errors. I mailed the lab report and exam report in .7z compressed format at 6:30 PM IST on Dec 19, 2017. Now. the anxiety for the results started.

Words about the result?

I got it after two days after I emailed my reports stating that I was successful in passing the exam.

Thanks and Credits?

I thank my parents, friends and all others who supported me in this endeavor, a truly gruesome and challenging one.

Further Plans?

EWPTX , EWDP, OSCE

Important Links?

 

 

 

 

 

 

 

 

 

15 thoughts on “Cracking OSCP!!

  1. Great……….Man…………..Inspiring throughout the core of heart………….Wish you every success in future ahead

  2. Thanks for the write up. You may want to check your bookmarks and remove a certain link that you don’t want the world to have though 😉

Leave a Reply

Your email address will not be published. Required fields are marked *