So today I passed the
OSCP exam. It was a long road but totally worth it, so I decided to share the story about this lovely journey to get the
OSCP certificate and some of the mistakes I made and hope that you won’t make the same mistakes :).
The first thing I want to talk about is how to organize the work, a lot of people don’t know what to do .. should they start with the labs or should they watch the video or read the PDFs first.
For me I think the first thing you need to do is to resist the urge to start with the labs before completing the videos and exercises, I know it’s tempting, you see the boxes and you think .. damn I gotta get in there .. well, don’t.
It’s just my opinion and you can neglect it if you want but here’s the steps I think anyone should take:
- Watch the video of the Module
- Read the topic from the PDF.
- Solve and document the answers of that module.
A lot of the exercises will help you get into some of the lab machines and will spare you the need for any cheat sheets or Googling stuff.
Once you finished that you can start with the labs, and this is how I think you should it, again it’s just my opinion and it’s O.K. if your brain is wired in a different way but still you need a strategy and known steps so you don’t miss any thing.
- Setup your IRC client so you can easily connect to offsec irc channel.
- Before you start use !Machine_Name in the irc to get a hint on the machine for example !bob will get you info about bob and beware sometimes the hints are only useful for privilege escalation after getting into the machine.
- Install keepnote and create a note for each machine (it’s boring to create all these empty notes but trust me it’s worth it and later you can keep all needed information).
- Gather as mush information as you can, you already did that if you solved the exercises, you already have dns, snmp, smb … etc.
- Run a vulnerability scanner to get the low hanging fruits in the labs (and only in the labs don't use vulnerability scanner in the Exam).
- Be careful scanners doesn’t show everything, sometimes even a vulnerable machine with a very well known vulnerability.
- Get the easy boxes first, you know .. the ones where you will simply run an exploit and get the machine.
- when you get into a machine spend some time looking into what it contains .. files, installed applications,other machines connecting to it .. sometimes information from a machine will help you getting more machines.
- Always try to think out of the box some machines can be owned by putting some little pieces of a puzzle into place “some info from here or there that will lead to another info and so on ..”.
- If you reached a point where you can’t figure out your way try to clean up your mind or even try to get into another machine and leave it to another time when you are able to get more ideas.
- Sometimes the solution is much easier than you think so don’t forget trying the easy way.
- Once you get into a machine always take screenshots and always remember to document all your progress so later you have all the information needed for the report.
Now .. a lot of people ask what can help me with OSCP and should study first, OSCP videos and pdf is more than enough to get you going with the labs but if you want to save some lab time you should get your hands dirty with the following topics.
- Web attacks and how they work.
- Exploit writing and how to modify exploits, you can use the following resources to learn from:
- Exploit research megprimer by vivek from security tube : Here
- Memory corruption 101 from trailofbits : part1 and part2
- Privilege escalation for both windows and linux
- Linux privilege escalation from g0tmi1k Here.
- Linuxprivchecker is very helpful script : Here
- Post exploitation is extremely important : how to collect data from the machines, pivoting and so on.
- Metapsploit framework you can find a very good video series Here.
About the exam:
- The exam is as hard as the hardest machines on the lab so you need to get those first.
- You don’t have to finish all the lab machines before the exam.
- Knowing you’re ready is like falling in love .. you just know you are .. you have the feeling that you can do it.
- They will tell you all what you need even the points you can get from each machine and the points needed to pass the exam.
- Organize your time and get a good sleep before the exam.
- You don’t have to deliver the answers for the exercises or lab reports but it’s highly recommended since they can help you pass if your exam challenge report is not sufficient (for me I didn’t provide the lab answers which was risky but the report was gone due to a bug in libreoffice so use reliable software for documentation .. sorry libreoffice but I would have been screwed if I haven’t solved enough in the exam).
- Document every thing and take the necessary screenshots.
- For people who live in the third world like me .. make sure your Internet connection is solid and that you have an alternative connection if the line went down (this happened to me luckily after getting 4 out of 5 machines which was sufficient to pass the exam so thank god for that).
After the exam they will give you access to special forums where you can get information about any machine you couldn’t get in the exam or labs .. it’s awesome .. I can spend the whole day in there.
If you have any questions (not regarding specific machine since we shouldn’t answer that) you can contact me on my twitter @fady_osman and I will put your question and answer as part of this post so it can be more helpful to people trying to get the OSCP certificate.
And finally .. never give up and
try harder 🙂