Rob's OSCP Journey

I decided to invest into the OSCP a few months ago. My decision was based on the fact that the OSCP sounded like a badass certification that renders respect. A lot of anxiety was building up during the six weeks prior to my start date (before you get access the materials and labs). I have little offensive experience so I was torturing myself with doubt. "Will I grasp the material? "Are my Linux CL skills sufficient?" "Am I going to fail and be an uber noob?"

I received my welcome e-mail and instructions for connecting to the lab 2 weeks ago. It felt like Christmas morning circa 1995. The course instructions are clear. The videos are well organized, and the accompanying PDF document is spot on. So far I've spent 22~ hours going through the course materials and poking around in the lab-- about 1.5 hours per day.

The course outline is very logical. The content takes you on a ride that starts at a 10,000 foot elevation. But like a skydiver, you quickly come crashing down into a deep technical ground, where you'll be learning about buffer overflows from the perspective of the EIP register.

Recently, I encountered my first, "Crap! I'm stuck part." This is when I decided to logon to the forums and seek the knowledge of those are far more leet than myself. I soon discovered that I was this close to poppin' my first box for way too long. What did I discover? Simply revert your target machine prior to exploit. So I logged onto the student portal and reverted my target machine. I waited a few seconds. *pop*. Escalated privs on my first target (Yes, yes, I used Metasploit

).

Tip #1: Use the forums. You won't get any discrete answers. But, you will likely get an idea of what you might want to try next.

Lastly, I perceive that there are generally two schools of thoughts from those who are on the OSCP forums. The first school of thought is centered around, "Go through all of the course materials before jumping into the labs." On the other side of the spectrum, many advise, "Jump into the labs earlier. Try to apply what you're learning as soon as possible".

I subscribed to the second approach. I watch the videos, frequently pause, ALT+TAB over to my VM, and immediately start applying what I'm learning-- like sweeping and scanning with Nmap when the videos discuss it.

Tip #2: Use KeepNote. Love KeepNote! Everything I'm learning I translate into notes and CL snippets into my KeepNote. I organize my pages/sub-pages by phase: recon, information gathering, exploit, etc... and I have pages for each target I'm targeting.

That's it for now! I'll be focusing on the remaining videos this week. Hopefully I can pop another box soon.
Quick shout out to the following:

invictus_123: awesome advice about looking at OSCP forum threads organized by target. It's a good way to gather extra information pertaining to your target: http://www.techexams.net/forums/security-certifications/116615-starting-oscp-31-1-16-a.html

Slyth: awesome list of external resources that are good supplements to the OSCP: http://www.techexams.net/forums/security-certifications/118455-oscp-started-3-12-16-a.html.

Find more posts tagged with

Comments

Slyth

Welcome Rob! You will get addicted to labs very quickly and learn new things every host. My advice is to always revert the host prior to scanning it at all, then go at it. Every now and then a revert is needed due to an exploit that wasn't clean. If your sure its the right one and should be working always revert

core22

Hey Rob, Slyth... I too started this month. I'm going through the videos; pausing to take notes and go into the lab to do what they do. Then at the end of that section, I read the corresponding part in the PDF, take more notes, and do the work in the lab again, this time documenting it for the exercises. Then onto the next section to repeat the process. I've not yet started to pop any boxes - I wanted to give it a full 30 days of digesting the study materials first, then take the next 2 months to have fun in the lab. I initially felt this is a good plan for me, but then I read about folks that are rooting multiples in the 1st week, and begin to question my plan. Even though some of the material is review, much of it is new and I'm learning from it. Most of all I'm having a blast doing it.

Slyth

Hi Core22! Welcome! It all depends on your background and experience. Based on my experience with the course material i learned a bit from the videos but the PDF seems like a repeat so i skimmed through it and just hitting the exercises. None of the stuff taught in the course was really new to me, but thats not the same for everyone. Take it at your own pace, dont let others that are rooting hosts on their first week discourage you from your way of learning. Once you start the labs you will learn much more than what the PDF/Videos teach you, but you will also be referring back to them often. Make sure you can quickly go through your notes and you should be ok!

Sch1sm

core22 wrote: »

I've not yet started to pop any boxes - I wanted to give it a full 30 days of digesting the study materials first, then take the next 2 months to have fun in the lab. I initially felt this is a good plan for me, but then I read about folks that are rooting multiples in the 1st week, and begin to question my plan. Even though some of the material is review, much of it is new and I'm learning from it. Most of all I'm having a blast doing it.

I don't think there's any point in staying away from the labs, you're limiting your time to 2 months instead of 3 and I'll bet by the time you lab access runs out you'll wish you had used that first month. At the very least do some scans, have a poke around. The pdf just gives you a light guide to most things, once you start doing the labs you learn much more than the pdfs teach you anyway.

Robicus

core22 wrote: »

Hey Rob, Slyth... I too started this month. I'm going through the videos; pausing to take notes and go into the lab to do what they do. Then at the end of that section, I read the corresponding part in the PDF, take more notes, and do the work in the lab again, this time documenting it for the exercises. Then onto the next section to repeat the process. I've not yet started to pop any boxes - I wanted to give it a full 30 days of digesting the study materials first, then take the next 2 months to have fun in the lab. I initially felt this is a good plan for me, but then I read about folks that are rooting multiples in the 1st week, and begin to question my plan. Even though some of the material is review, much of it is new and I'm learning from it. Most of all I'm having a blast doing it.

Great question! I pretty much agree with Slyth and Sch1sm-- there's multiple ways to approach poppin' a target; there's multiple ways to approach how to handle, digest, and learn from the OSCP journey.

I will say that I have similar feelings to you: All of my experience is on the defender side, so a lot of this is new to me. Also, I felt a little pressured to jump into the labs and try get a couple of boxes based on what others' experiences. This was at the cost of me skipping ahead in videos/exercise, and probably taking longer than I should have to get my first two boxes. So, I'll probably focus more on the content/exercises before getting too far ahead of myself again.

Cheers!

MrAgent

Good luck to all of those tackling this course and exam. Keep us updated and let us know how it goes!

jm0202

Escalated privs on my first target (Yes, yes, I used Metasploit

). <--- bad idea

core22

Robicus wrote: »

Great question! I pretty much agree with Slyth and Sch1sm-- there's multiple ways to approach poppin' a target; there's multiple ways to approach how to handle, digest, and learn from the OSCP journey.

I will say that I have similar feelings to you: All of my experience is on the defender side, so a lot of this is new to me. Also, I felt a little pressured to jump into the labs and try get a couple of boxes based on what others' experiences. This was at the cost of me skipping ahead in videos/exercise, and probably taking longer than I should have to get my first two boxes. So, I'll probably focus more on the content/exercises before getting too far ahead of myself again.

Cheers!

Figured I'd mix it up a bit and get out of reading/video mode. Ended up popping 4 boxes between yesterday and today. Progress

Slyth

Very nice Core22! I did more of a scim through everything and hit the labs, my friend did the same as you actually. He got through a fair bit of the PDF/Videos and poked at the labs for a few hours and got 2 box's. Just by going through the PDF/Videos and doing the exercises you should pop at least 1 box. Congratz!

NotHackingYou

Thanks for posting this! I am starting next week. Have you run out of reverts for the day yet?

Robicus

core22 wrote: »

Figured I'd mix it up a bit and get out of reading/video mode. Ended up popping 4 boxes between yesterday and today. Progress

Dude-- that's what's up! You're ahead of me! I've only targeted and popped 2 boxes so far. Did you use Metasploit and/or public exploits?

@CarlSaiyed: Very awesome. I'm sure you will have a blast. I personally haven't run out of reverts yet. It may become an issue once I really get more into the lab space.

Slyth

Carl I have ran out of reverts 1 time. Some box's are very temperamental with an exploit(when not using metasploit) and not all hosts have auto service recovery setup. Other than that an admin can give you another 8 if you ask, so its never been an issue. I always revert right before i scan something.

core22

Metasploit first, looking around and looting what I can, then working on non-Metasploit. Just found one of the other networks today as well, now to begin digging around...

Robicus

Awesome, man! Thanks for the update. I've watched probably about 75% of the videos thus far, while taking respective notes. I'm now going back to the beginning of the PDF document and completing the exercises and documenting my answers in the OSCP recommended report template. I suppose my documented lab exercises will eventually be situated into an appendix section of my eventual lab report.

Core: It sounds like you've been working through the exercises, too. Have you been formally documenting them?

Other note: I've stumbled upon the free courses offered on Pen Tester Academy. They have a course on Metasploit. I've been watching the videos as a supplement to the OSCP. I realize that Metasploit can be of little to no use during the OSCP certification, however, the Pen Tester Academy videos are very well done, and explain a lot of concepts in a more digestible way, in my opinion.

Here's a link if anyone is interested:
Pentesting with Metasploit

core22

I've been documenting all exercises, even those they said are not required. Figure it can't hurt, and it gives me a reference point if I need to go back and research something.

Update - 1st box popped without Metasploit. Found some code via a Google search, then yesterday while looking for loot I found a 2nd way in. Having a lot of fun!!!