OSCP Experience

About me
<><><><>

As a hobby I hacked and tinkered around for fun. But not until 2014 came
around I decided this is what I want to do. So, I made a career change.
This is a shout out to anyone thinking it’s too late to begin doing what you have a
great passion for. Enough about me, let’s get to the OSCP Course & Exam.

Preparation
<><><><><><

Preparations before actually taking the course & exam is essential.
As you will have to be knowledgable in variety of hacking attributes. Here’s a
list of things you should know before taking the course. It’s not complete nor
definitive:

What you should know?
<><><><><><><><><><><
Basic Pentesting Concepts
Knowledgeable in Information Security
Knowledgeable in Networking
Bash
Python
Perl
Ruby
C
Assembly
MySQL
PHP

Low Level
<><><><><
I’ll start from low-level & go higher from there. Starting with Assembly & C,
you will have to be familiar with these two languages. You will not have to
be a master programmer, but you need to be familiar with C language enough to
fix public exploits ranging from public buffer overflow exploits to shellcode
manipulation.
Knowledge of Assembly is required as the exercises will jump into debugging
with Immunity Debugger & EDB buffer Overflow exploitation techniques without
introduction. If this doesn’t sound familiar then study up!

High Level Scripts
<><><><><><><><><>
Python, Ruby, and Perl are the high level scripts will be used one
way or another. This will include adjusting public exploit scripts that don’t work.

Pentesting
<><><><><>
I’de say being familiar with something like Metasploitable can assist and be
very helpful. Working your way around DVWA, Mutillidae comes to your benefit.
The more vulnerable VM’s you’ve owned the better chances you have of passing.

Exercises & Labs
<><><><><><><><>

The exercises/videos and a pentest report of the labs are essential to
complete as they contribute 10 points towards the OSCP exam. Only if completed
thoroughly, and noted. I finished my PWK lab report with the exercises as
the appendix, total of 67 pages!
That might seem like a bit much, but I had a great time learning and pushing
myself to finish the lab boxes. One of the best parts about the lab is that they
have deeper internal networks, so you can receive great practice in pivoting
and ssh tunneling. I have to admit I was humbled and completely frustrated at times.
Simple things I should have I never overlooked, I did. Not enumerating enough before
going into exploitation phase, guilty. This course really helps you organize your
pentesting techniques.

(For Exam descriptions, I will be undescriptive on purpose.)

Exam #1
– Failed

Yup, I failed! Before we go into that, I’de like to summarize the OSCP
exam. Firstly, you have to break into 5 boxes. Minimum points you need
is 70, and various boxes have different points per difficulty. You may use an
msfconsole public module on one box. I won’t go into all the rules as they have it
publicly posted.
How did I fail? 2 reasons, I underestimated the exam, and I
did not manage my time well. I per say, took boxes too “personal” :).
I definitely learned my lesson and was humbled.
Shot to the ego, but I was determined to kick this thing in its ass.

Exam #2

Box 1
<><><
[2 hours]

I had to create a POC buffer overflow for 1 box worth 25 points. This exploit
had to perform a reverse shell back to attacker box, with root. I was able to
do that in about 2 hours, worked like a charm! Took a small break, then onto
Box #2.

Box 2
<><><
[2 hours]
This box was 10 points. It was a web application that had a vulnerability
that allowed me to inject code. Afterwards, getting a root shell was
relatively easy compared to other boxes.

Box 3
<><><
[4 hours]
On Box 3 I used my msfconsole free card. I found a service that was
vulnerable, and I used an exploit already integrated within msfconsole.
20 points was earned, but not before spending 2 extra hours obtaining
a root shell.

Box 4
<><><
[8 hours]
The last box I got points on was this one. I was not able to get a root
shell I tried for hours on end, but this was to no avail. It was 25 points
but I only got a low privilege shell. I’de say my points were 12.5.

Box 5
<><><
[2 hours]
I decided I wanted to focus my time on Box 3 privilege escalation to root,
and Box 4 privilege escalation. Box 3 paid off, box 4 didn’t.

PWK Lab Pentest Report & Exercises w/ Appendix
==============================================
10 points.

(Spare hours spent on napping & eating)

#####
Total
#####

25 Box 1
20 Box 3
12.5 Box 4
10 Box 2
+ 10 PWK Lab Pentest
——
77.5 (This is my guess, they don’t release actual score.)

SUCCESS
<><><><
When I received the congratulatory email from Offensive Security I literally
let out the biggest sigh of my life. It was COMPLETELY satisfying and well worth
the effort I put into it. This has rejuvenated my choice of following my passion
and how much fun this really was. I cannot wait to take what I learned from
this course/exam, and progress my research & career into Information Security.
Mostly, vulnerability assessments!

My current Progress
<><><><><><><><><><

So I haven’t been hacking that much at all! The reason I stepped back from
hacking is I want to become a better programmer. I’m putting a majority of all my
energy into mastering C & ASM. I’ve been trying to get my hands on anyones and
everyones code so I can debug it, and be influenced by different programmers who
have different code structuring techniques. (I am very familiar with High level & Web)
Out of all the hacking I’ve done, literally the most satisfying for me is finding a
Buffer Overflow and circumventing ASLR & DEP, and other protections. I would’ve never
thought that in a lifetime. Controlling the EIP/Stack then getting a shell or priv. esc.
is like a mini-orgasm. Especially, when you create it yourself.

Thanks for reading! I hope this influenced someone to reach for their goals & dreams.

And Remember, TRY HARDER!!