Another journey to OSCP

“Every battle is won or lost before it’s ever fought.”

TL;DR useful resources at the end of the post.

The story begins in January, 2018 when I got a cyber security internship. At that time I was still in college and had no idea about cyber security (I did try to hack Wi-Fis and crack windows passwords when I was in school just to be cool 😅 but failed miserably). So after working for around 3–4 months I found out how interesting and vast this field was and decided to pursue this a full time career.

Sometime during my internship I came across this certification OSCP which was way out my league then. After reading various articles on the internet I got to know about the learning paths and strategies. I started with Hack The Box but I could barely solve the easy machines even with hints from Reddit and Telegram groups. So I started learning the very basics. I followed abatchy’ OSCP preparation guide. I also solved vulnhub machines in my free time just to get a hang of the methodology.

Fast forward October, 2019 I had a full time job as a Security Consultant and had already done my CEH (because it was easy and HRs love it). I had solved around 40 machines on HackTheBox and several vulnhub machines. I was quite confident taking up new machines and tried to solve them without looking at hints/walkthroughs. I was well versed with basic stack based buffer overflows but I was not sure if I was quite ready. Nevertheless I took the plunge and started my lab from November.

For the next two months I was extremely serious with the preparation. I studied whenever I got time - while travelling to office and after returning from office. I joined the discord group InfoSecPrep. The members there were always very helpful. I had completed almost all the hosts on the public network within one and a half month. The machines in the lab were easy and I knew that the exam machines are a lot harder so I decided to practice the OSCP like machines on HTB by TJNULL. At that point of time I had already identified my two key weak points and decided to work on it.

1. Windows privilege escalation: I was not quite familiar with windows priv esc and found that the best way to learn windows privilege escalation was through the lpeworkshop by sagishahar. I downloaded the latest windows server and practiced exploiting all the vulnerabilities on the fully patched machine.
2. Escaping rabbit holes: I was constantly falling in rabbit holes so I used to set up time limits on the attack vectors and after a certain time I moved to the next possible exploit path. Rabbit holes are just a part of the learning process.

14th December 12:30AM (D-Day): As the exam was starting at night I decided that I would sleep the whole day but barely slept for 3–4 hrs because of the excitement. 6 hours into the exam and I already had 67.5 points (25+20+10+12.5). Now only thing remaining was the privilege escalation of a 25 marks machine and a complete 20 marks machine. I slept for an hour and started with the 20 marks machine as I assumed that it would be easier. After working on it for around 5 hours I could not get any foothold on the machine. I started with the privilege escalation of the 25 marks machine got it within 2 hours. I had 80 points and decided to take a break for 3–4 hours. I used OBS to record my screen during the whole exam so that I could take screenshots later. I completed a very draft report by late evening. Re-exploited some machines to take better screenshots and then finally tried the last machine for another 2 hours after which my exam ended and the VPN connection was closed.

I started polishing the final report the next day. Worked on it the whole day after I finally sent the report in the evening. I did not make the lab report because I did not think it was worth all the effort for 5 marks. The next day was worse. I was refreshing my mail every 5 mins. Somehow the day ended and early morning next day I got the mail that I passed. I was very excited and just wanted to scream and run 😆. I gave the generic status #itriedharder and showed off the acclaim badge on LinkedIn.

After spending a fortune on OSCP, I preferred spending my year end break in an economical way at home with my family. Currently I am learning Active Directory pentesting and maybe I’ll do the OSCE sometime later. Connect with me on LinkedIn here.

Below mentioned are few of the resources/tools which helped me prepare for the lab and exam:

1. Ippsec (HE IS GOD 🙏)
2. The Cyber Mentor Buffer Overflow playlist
3. Linux Privilege Escalation by Tib3rius
4. Total OSCP guide by sushant747
5. lpeworkshop by sagishahar
6. https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
7. http://futureoscp.blogspot.com/2017/10/usefull-oscp-material.html
8. https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
9. https://www.fuzzysecurity.com/tutorials/16.html
10. https://github.com/sagishahar/lpeworkshop
11. https://github.com/Tib3rius/AutoRecon