A write up on the path I took to gain my OSCP Certificate. With a few tips that i hope will help you!
I also wanna quickly say a massive thanks to my partner and our kid who have put up with me being in my office, sat at my computer, smashing OSCP for to long! Thanks for putting up with all my shit since day 1 🙂
Before I get started I just wanted to say my writing skills can be god awful and it will probably contain spelling & grammar mistakes left, right and center, so either tell me or move on! I’m Also from the UK so for my Yankee friends out there we do spell things a little different 😉
***Warning: A lot of swearing and gif’s below***
So looking back now since I can remember I have always thought it would be so cool to be a “hacker” you see it in movies the people smashing away at the keyboard, sweat down their face and then with a big finisher, BAM! there in! I wanted to be those people, and for those of you who think its still like that, it really isn’t lol.
Right, little history on me as people always ask, and if your not interested scroll through. I’m currently in my mid 20’s I have always loved technology and shit, never knew I would end up working in IT or Cyber Sec. I was a little shit at school and came out with a C in math and a C in IT and that’s it! i didn’t go to 6th Form, College or University i always thought as a kid them places were for posh twats (your not posh twats, just educated ones) haha.
Where it began
So, one day back in mid 2015 I get a call from this fucking sales guy, his telling me I can become this 3L337 H4X0R (Elite Hacker) by taking one of their courses where you study from home and all this waffle right, he was calling it “Certified Ethical Hacker”. He went on for a good 20 minutes telling me how I can do this course and come out ready to jump in to hacking and earn big money. First time I told him i wasn’t interested and maybe call me back when I had a job and could afford it. He calls me back a month later and I thought you know what i’ll give it a go! after all I always wanted to be a sweaty keyboard smashing hacker haha.
So, now im enrolled and the learning packages come in, there are different modules I had to study and then exams to take at the end when I felt ready, they also included all these labs with it. courses that were included:
- CompTIA A+
- CompTIA Network+
- CompTIA Security+
Me being jobless I thought right lets crack in to this and started on them in the order above, I instantly fell in love even more with computers when I started this course.
Now, months go by and the only certificate I ever achieved was the CompTIA A+, which was enough for me to land my first job, the course ended up getting ignored, but I didn’t care I now had my first job as an IT Technical Support and thought id learn loads now from this with the end goal to become a PENETRATION TESTER. spent a few months there before I left because management was a bunch of stuck up twats. Then spent a few months bouncing around from job to job doing IT Support etc.
Now, its 2017 and i end up moving to the middle of the UK near Sheffield, and start this new job which I was with for a whole year. While there I gained my CompTIA Network+. So now I been doing random IT jobs for the last 2 years and have gained my CompTIA A+ and my CompTIA Network+ sweet lets start looking at IT security now!
Lets start moving to Cyber Security
After so much hunting around I wanted to know how to start becoming a pen tester and with that you start googling what the best course is to take. I found loads, and in the end I found ELearnSecurity, they teach people with no hacking skills the foundations and get them started in to pentesting and taking on the world haha. So, In January 2018 I started the “full” edition of ELearnSecurity Pentesting student v3 (PTSv3 I think the latest now is v5). I studied hard and smashed the labs hard and learnt SOOOOOO MUCH!! I highly recommend this to anyone wanting to start pen testing and not sure where to begin!. did this for a couple months completed the course, took the exam in March 2018 which consisted of a 3 day practical exam where you hack your way through this environment which was a series of computers and servers and had to answer questions about things you obtained or found on the machines, very challenging! I got 92.5% pass so I challenge you reading this to try beat me! 🙂
With the ELearnSecurity Junior Penetration Tester (eJPT) certificate under my belt I thought lets start applying for junior pen test jobs and eventually landed one near me, the interview went really well, I spoke a lot about tools and skills I learned from ELearnSec and they believed the could mould me in to a fine tester. They took me on! having been with these guys a while it was time to start OSCP!!!
OSCP time baby!!! I wanted to do OSCP so much now I was always involved with some type of Cyber Security with these guys and everyone there knew I wanted to be an 3L337 H4X0R. So I started OSCP after one of my colleagues who already owns OSCP was always saying “Just fucking do it! fuck it! youll love it!” haha so I did.
In the beginning of August 2018 i registered for OSCP with 60 days of labs, email comes through asking about current skills levels and knowledge, I answer truthfully and they say something along the lines of “Based on your current level we suggest you learn a bit more”, I said “fuck that just sign me up!”.
I get my email confirmation after I paid and it stated that my course will begin the following Sunday. So now I began waiting and waiting and waiting….
Sunday comes along and on the dot the email comes in!!!
I download the Kali VM, Connection pack and all the learning material. I had booked a weeks holiday in prep for this as well so I was ready to start the learning and the pain to follow haha. I kissed my partner good bye as she knew I will spend endless nights from now on in my office working hard.
I logged in and started ploughing through the material. I was learning how to start all these bind connections and reverse shell connections from server to computer and vice versa, learning bash scripting and creating shit with that, banner grabbing, BOF, enumeration skills and exploitation skills. This course is great! you learn so much in the beginning but Offensive Security have a clever way to only teach you enough about something that once you started using it in the labs you have to start your own research and googling around, you spend a lot of time googling for things as they only teach you the fundementals.
I finished the material in a week! and made start on the labs, it was a grind!!! some boxes are simple some are just fucking insane and frustrating! Some you just spend hours on and slap yourself once you got it and think “how the fuck did I not see that?!”.
Prepare for hours and hours and hours of work, I remember one box took me around 3 weeks on and off till I eventually got it! and it was worth it! the best advice I can give is don’t give up and as always TryHarder. fucking “try harder” them 2 words were the most demoralizing words you hear in your head when your stuck, if you ask someone for help and your stuck at a point that’s so fucking simple and you haven’t worked it out yet you’ll hear “Try Harder!” haha. fuck you Try Harder! lol
The labs are so much fun there are also different networks that you have to try and get in to, but I wont tell you about them you’ll have to find your way to them yourself! I did get in to one of them though 😉
I ended up at the end of the 60 days with under 20 boxes rooted, which compared to others was shit! however I did spend a lot of time on some boxes more than others, which is all worth it in the end!
I had also rooted 2 out of the 4 infamous boxes, Gh0st and Pain! there was so much time spent on them two and trust me if your going to take them on they are extremely hard and you will learn a lot from them! I cant express how much of a pain in the arse they are to complete. There was times I was just like fuck you and this shit course!!!!
But I carried on and worked hard and learnt from my mistakes which is something you will do a lot of when you do the course and embark on this journey to become OSCP Certified.
Exam Attempt #1 (FAIL)
So its the 14th of October and it was time to get in to the exam.
Email comes in exactly on the dot!!! im so impressed with the timings that Offensive Security get these emails in their students inbox.
Now ill be honest the best advice that was given for the exam was to expect to fail the first one! The exams test every single aspect of what you have learnt in the course. I went in to this first exam expecting to fail but would still give it my everything!!
I connect in and start enumerating I see a few boxes with a shit load of ports open on them all. I spent only an hour before I got my first low privilege shell, and then 2 hours later I got my second privilege shell, I thought “oh shit yeah im fucking winning!”, I honestly thought I had it in the bag! I then spent the remaining 20 hours with 2 low privilege shells and not a single root!!! NOT 1 ROOT!!!! I was proper pissed off, I expected to fail but not that fucking hard!!! I thought I worked so hard to have a good chance in the first exam but, nope!
I was pissed but oh well! I did get one thing out of it, and i learnt all my weak areas!
I bought another 30 days lab extension, booked my exam for a couple months from now and got my head in the game. I rooted more boxes and now was around 25 boxes rooted in the labs, learning something new from every new root. After my 30 days was up I spent some time in hackthebox.eu and VulnHub, I practiced, practiced and practiced some more, I worked harder then ever before! I……was…..determined!
Exam Attempt #2 (PASS)
Its the 3rd of February im sat down at 11:00am and PC is powered on, VM is up and running and warmed up. im sitting staring at the inbox.
DING!! the email comes in at 11:45am and I open it up and start downloading the connection pack. I connect to the VPN and run the script that the proctored guys want you to run to test everything is connected properly and all was good.
Now I’ll be honest I wasn’t worried about the exam being proctored, the guys that do it are super cool and a good laugh, while I was waiting for their script to run (1 minute or so) one of them told me a joke which was quite funny, if your reading this now thanks it made me laugh. So, with the exam proctoring stuff connected and working, which also didn’t really affect my CPU or RAM at all! I was ready. So, now they can see me on the webcam and see my screens there happy, we waited a few minutes and then the clock struck 12pm I got the green light from them to start the exam!
Scans away! I set off some big fucking nmap scans that I knew would take a while but present me with some good information. while they was scanning
I sat deep in my chair and staring at my screen through squinted eyes developing the buffer overflow exploit. within about an hour I had a working BOF exploit for the BOF box! I ran it and instantly got a reverse shell!
I documented everything, nmap scans finished and I start looking through the results and then start making a move on to the next box, I went for the next highest point box and after an hour got a reverse shell, another 6 hours passed and I rooted that box, that’s now 2 roots on both the highest boxes in around 8 hours! Winning!
I carried on working on the remaining 3 boxes, after 2 hours I got a reverse shell on one box and the after a couple more hours I got a reverse shell on another box, both shells were Low Privilege shells! In 12 hours I had gained 2 roots on the 25 point boxes and 2 low priv shells on both 20 point boxes. I tried for hours to privilege escalate these windows boxes and got no where, and the 10 point one was so annoying and confusing I just told it to do one and gave up on it lol I thought it would be more beneficial to put whatever time I had left in to the 2 20’s and try get some where.
Time went by so fast!! I went to bed at 4:30am and was up again at 8:00am trying to escalate these windows machines and to be honest I now know looking back I was trying wayyyyyy to hard and the most random shit that got me no where lol oh well. I made sure that the boxes I did get, that I had enough documentation for the report for them.
Before I knew it the time was 11:45 and the proctor person messaged me to say that the exam was over and to close all proctoring sessions down. So I closed everything down and saved my notes.
I cant explain how I felt after all that was done, I collapsed in my chair and just exhaled so hard, I really felt like a gave it my all and hope that I had scraped enough point to pass. I was so tired!
Reporting is reporting, im not sure what you guys want to know. but ill tell you what most people ask or what I have seen been asked about reporting. I used Microsoft Word on my windows machine to write the report. I followed the example report Offensive Security provide you with. I added loads of screenshots for each box, but not to many be sure to read the guides on reporting they send you.
I would say it was around 7 hours later before I proof read it around 6 times, then referencing the guide on how to ship Offensive Security the report it was off! Now the wait began. I sent my report at around 7pm that night and at around 10pm I received an email saying they had successfully received my exam report.
The next few days panned out like this….
Day 4 (Friday) came round and I woke up and got out of bed, every day so far I have checked my notifications on my phone but nothing.
So its 6am and I start getting read for work thinking “Today is the day!”.
I have breakfast, cuppa tea, go jump in the shower and while im getting dressed it happens!!!!
I unlock my phone, click on my email app and see this.
I instantly shit myself! I don’t know how well I did after all I rooted both 25 point boxes and got low priv shell on the other 2 20 point boxes. But hey lets find out….
I clicked the email, it started loading!
I finally did it! after so much hard work I finally passed the exam!
Below im going to leave some good links and things that i think anyone either wanting to start OSCP or start getting in to Pentesting can benefit from.
Advice I would give my younger self:
- Practice makes perfect and always be trying to learn something new.
- Learn Python and Bash scripting languages.
- Save your OSCP notes in 3 different place, for me it was one on the VM one on my windows box and one in my Google drive.
- Learn your BASICS in everything, computers, networking, scripting language, programming language.
- Most of all have FUN and TryHarder, if it was easy everyone would be doing it!
Links to good resources:
ElearnSecurity – https://www.elearnsecurity.com/
Windows PE – http://www.fuzzysecurity.com/tutorials/16.html
CherryTree OSCP notes template – https://411hall.github.io/OSCP-Preparation/
Come drop a tweet and let me know what you thought of the blog or come DM me for some more advice – https://twitter.com/norseman2013