Finally starting the OSCP!

Hey everyone! As of last night I have completed my registration and payment for the OSCP. I signed up for up the 90 day lab package to make sure that I get the most out of the labs before I sign up for the exam. In the following paragraph I wil give you guys a bit of background information about myself so that those of you thinking about signing up can get an idea of what my experience is and hopefully it gives you the confidence to sign up as well!
I have a bachelors of science in Information Technology, I learned a little bit in college but not as much as I could have because at the time I was in a pretty active band and we were playing shows all the time and that was my main focus. When I graduated I found it very hard for me to find a job (probably because I didnt take my college seriously until the end) in the area where I live. Luckily, one of my best friends(who is much older than me) is the CIO of a company in a town near where I live. He was kind enough to allow me to come and sit in his office and give me tasks to do and watch him do some things so that I could get some experience(an unpaid internship). Fast forward 8 months and I finally landed a job for a company working at the local hospital as a tier 2 service tech and rollout technician. Basically me and one other guy where responsible for the hardware on every single machine the hospital owned(the number was over 2000). We also ended up doing software and application support eventually due to our company willing to do anything and everything the hospital asked of them. Fast forward 8 more months, after talking to a contracting company I was told that if I could obtain my Security+, that I would have a job. I spent the next month studying my ass off, because at this point I hated my current job and wanted to leave as soon as I could(I can provide more details on this if you wish to know). After a month of studying I went and took my test and passed. I landed a job as a Remediation Analyst for a DoD/Navy contracting company. I knew basically nothing about what I would be doing when I started, I was told that I would be provided training on my first day of work. The training never happened, half way through my first day I was thrown to the wolves. I was assigned to work on a huge project that needed to be completed ASAP but yet I knew nothing about what I was supposed to be doing and I started to panic. To my relief upon expressing my concern to my team lead I was told not to worry and that I would sit with 2 other analysts and watch them perform the scanning, patching and STIGing of a machine and then I would get the chance to work on my own. This turned out to be one of the best experiences of my life because this trial by fire helped me become one of the best Remediation Analysts here. If you needed help with anything, problems with scans, patches not applying, STIGS or troubleshooting, I was your guy. A few months after the project was over things kinda went into auto-pilot mode and time was flying by and I became bored. So I decided it was time for me to move up. I talked to upper management and I was told there were positions but the one I wanted required the CASP. So I proceeded to spend the next 3 months studying my ass off abnd passed the CASP. I went back to management and after a few months of waiting I was finally given an Authorization and Acreditation Analayst job and that is still my current job.
Now that you guys know my work background I'll list a little bit of my skills and proficiency level:
Linux: Basic - intermediate
Windows: Advanced
Networking: Intermediate
Python: Basic
Bash: Basic
Assembly: Barely even basic
Shellcode: Almost none
Web Hacking: Basic
Wi-Fi Hacking: Intermediate
My goal is to root ALL lab machines before siging up for the exam. If I am unable to root all of the lab machines before my time runs out, I will purchase additional lab time.
My start date is Decemeber 25th(Merry Christmas to me!
).
While I am waiting for my course to start I am trying to pick up as much knowledge as I can through reading and crawling through forums.
List of current studies:
Learn Ethical Hacking from Scratch (Udemy course)
Advanced Penetration Testing and the accompanying book (Cybrary course)
Hacking: The Art Of Exploitation 2nd edition
I will do my best to fully document my journey into the depths of the offsec labs. Not gona lie, I am getting a bit nervous about the course but I keep telling myself that I can and will do this(just like I did when I was studying for the CASP).
I hope that was enough info for you guys for now!
I have a bachelors of science in Information Technology, I learned a little bit in college but not as much as I could have because at the time I was in a pretty active band and we were playing shows all the time and that was my main focus. When I graduated I found it very hard for me to find a job (probably because I didnt take my college seriously until the end) in the area where I live. Luckily, one of my best friends(who is much older than me) is the CIO of a company in a town near where I live. He was kind enough to allow me to come and sit in his office and give me tasks to do and watch him do some things so that I could get some experience(an unpaid internship). Fast forward 8 months and I finally landed a job for a company working at the local hospital as a tier 2 service tech and rollout technician. Basically me and one other guy where responsible for the hardware on every single machine the hospital owned(the number was over 2000). We also ended up doing software and application support eventually due to our company willing to do anything and everything the hospital asked of them. Fast forward 8 more months, after talking to a contracting company I was told that if I could obtain my Security+, that I would have a job. I spent the next month studying my ass off, because at this point I hated my current job and wanted to leave as soon as I could(I can provide more details on this if you wish to know). After a month of studying I went and took my test and passed. I landed a job as a Remediation Analyst for a DoD/Navy contracting company. I knew basically nothing about what I would be doing when I started, I was told that I would be provided training on my first day of work. The training never happened, half way through my first day I was thrown to the wolves. I was assigned to work on a huge project that needed to be completed ASAP but yet I knew nothing about what I was supposed to be doing and I started to panic. To my relief upon expressing my concern to my team lead I was told not to worry and that I would sit with 2 other analysts and watch them perform the scanning, patching and STIGing of a machine and then I would get the chance to work on my own. This turned out to be one of the best experiences of my life because this trial by fire helped me become one of the best Remediation Analysts here. If you needed help with anything, problems with scans, patches not applying, STIGS or troubleshooting, I was your guy. A few months after the project was over things kinda went into auto-pilot mode and time was flying by and I became bored. So I decided it was time for me to move up. I talked to upper management and I was told there were positions but the one I wanted required the CASP. So I proceeded to spend the next 3 months studying my ass off abnd passed the CASP. I went back to management and after a few months of waiting I was finally given an Authorization and Acreditation Analayst job and that is still my current job.
Now that you guys know my work background I'll list a little bit of my skills and proficiency level:
Linux: Basic - intermediate
Windows: Advanced
Networking: Intermediate
Python: Basic
Bash: Basic
Assembly: Barely even basic
Shellcode: Almost none
Web Hacking: Basic
Wi-Fi Hacking: Intermediate
My goal is to root ALL lab machines before siging up for the exam. If I am unable to root all of the lab machines before my time runs out, I will purchase additional lab time.
My start date is Decemeber 25th(Merry Christmas to me!

While I am waiting for my course to start I am trying to pick up as much knowledge as I can through reading and crawling through forums.
List of current studies:
Learn Ethical Hacking from Scratch (Udemy course)
Advanced Penetration Testing and the accompanying book (Cybrary course)
Hacking: The Art Of Exploitation 2nd edition
I will do my best to fully document my journey into the depths of the offsec labs. Not gona lie, I am getting a bit nervous about the course but I keep telling myself that I can and will do this(just like I did when I was studying for the CASP).
I hope that was enough info for you guys for now!
I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
Comments
If you have a budget available, the following books could be of great help:
https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/ref=sr_1_1?ie=UTF8&qid=1481807873&sr=8-1&keywords=web+application+hackers+handbook
https://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Fourth/dp/0071832386/ref=sr_1_5?ie=UTF8&qid=1481807894&sr=8-5&keywords=ethical+hacking
https://www.amazon.com/Ethical-Hacking-Penetration-Testing-Guide/dp/1482231611/ref=sr_1_9?ie=UTF8&qid=1481807894&sr=8-9&keywords=ethical+hacking
https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566/ref=sr_1_12?ie=UTF8&qid=1481807894&sr=8-12&keywords=ethical+hacking
Have fun with the course!
I have been going through the "Assembly Primer for Hackers" video series today and have learned quite a bit about assembly. I still have a couple videos of the series left to finish but I have a lot more confidence about assembly now.
One last note, I am also going to continuously post my skill proficiencies to keep you guys updated and I am going to add a few more skills to the list just to give an even better idea of what I do and dont know.
Linux: Intermediate
Windows: Advanced
Networking: Intermediate
Python: Basic
Bash: Basic
Assembly: Basic
Shellcode: Almost none
Web Hacking: Basic
Wi-Fi Hacking: Intermediate
Burp Suite Techniques
File upload- basic uploads to by-passing client and server-side filtering
Code Execution - basic to advanced techniques
Gaining shell access from Local File Inclusion
SQL Injection through manipulating the URL after it has been picked up
Manipulating the User Agnet Params to include a reverse shell encoded in base64
XSS
There are also some lectures on BeEF but I have been unable to get it working properly. Some searching online told me that its been a common issue as of lately and may have something to do with the newest version of ruby. I am currently talking to Zaid(the course intstructor) about troubleshooting and fixing this issue. This is another HUGE benefit of these courses, they include a Q&A section and the instructor is very good at responding and being helpful to the students.
I rooted all the machines in the labs (2 months) and before start of my course I did around 12-15 VMs solely with the help of walkthroughs to get an idea as to how to approach a machine, what should I be looking for, what I could be missing out on. There were more than 2 different walkthrough/approach for a single machine so that way I was able to learn a lot. All the best for your course. You'll learn a lot.
From my personal experience, and from what others have said, the course pdf/videos is about 10% of what you need to break the boxes in the labs/exam.
I'm into my 5th month, and it's going pretty slow. (but that's relative, some people do this course in 30 days, some nine months) It all depends on how much background you have and how much time you can dedicate to it each night. I'm lacking in both. But I'm still going to "try harder".
PDF: 46/375 pages
Videos: 11/149 videos
PDF: 145/375
Videos: 49/148
PDF: 165/375
Videos: 61/148
PDF: 195/375
Videos: 76/148
Thanks for posting these updates in great detail. I'm aspiring to take this exam, while still juggling work and my grad degree. This insight to the process is truly helpful with gauging the waters.
I'll start with the file transfers section, while the exercises in this chapter are not required for your report I would HIGHLY recommend that you do all of the exercises as understanding and being able to apply these methods is a necessity for the coming chapters and for real life scenarios. I'm going to skip over the privilege escalation chapter here because it was pretty straight forward and I didn't have any issues with it.
The next chapter is client-side attacks and this one was a tough one due to many technical issues that arise during the exercises. One important thing that I learned from this chapter was how to troubleshoot errors and track down the cause, wireshark is very useful for the type of trouble you will have here. Notice I said "you will have", yes I am saying that without a doubt you will have problems here and I think this is part of offsecs plan. Also this chapter will be the first test of your file transfer abilities, again I would suggest you become very familiar and comfortable using the various file transfer methods you are shown(FTP has been my go to method every time).
Next up is the web application attacks chapter. This chapter is absolute hell for some people, just doing a quick surf of the student forums will show this. I myself didn't really have much trouble with this chapter other than the LFI section, I would accredit this to the Udemy courses I have done previously. I can't divulge every detail about the LFI section but I will tell you that it is very unique and while in most cases LFI vulnerabilities are typically not that hard to pull off this one in particular had a twist to it that made it a bit difficult for me to figure out. Once again your file transfer abilities are tested even further in this section. That's all I have for now, I'll be back as soon as I can with another update.
PDF: 280/375
Videos: 101/148
Now it has been awhile since my last post and I'm sorry for the delay. I have been very busy finishing up the course and also my 2 week vacation is over and I started back at work this week
I have FINALLY finished the pdf and the videos. I have 3 exercises left to finish, 2 of them being ones that require you to do certain things in the labs and the other one is the dreaded port forwarding and ssh tunneling section(more on this later). Overall the course material is excellent, it is the best material I have ever seen for this type of stuff and it is also the most unique. Throughout all of the exercises, I feel that offsec really worked hard to make these a challenge. I honestly think that they sat around when drawing up the course and googled every topic included in the materials and then said "Ok now that we know what our students will find on google, how can we design exercises in which they wont be able to find a direct answer or demonstration of the exercise." I did A TON of googling throughout the course and slowly but surely would inch my way towards a solution but never finding a single article that covered the exact scenario. This is part of what makes this course amazing and a good learning experience. You need to learn to research and figure things out on your own.
Now back to what I said previously about port forwarding and SSH tunneling, this section has several exercises and one of them is very painful and difficult. I managed to finally solve this exercise after a total of 5 hours of working on it, this was the most time I spent on any exercise in the entire course and I am very happy that I was able to get it to work. After I finished that exercise, I decided that I would move on to the next section because at that point I was fed up with SSH tunneling.
With the pdf/videos and majority of the exercises finished, I have now moved onto the labs and oh my..... IT IS FREAKING FUN! I am currently 2 for 2 in the labs right now. The first box that got system on and retrieved the proof.txt was Alice. This machine was some of the low hanging fruit that I identified in my initial scan and through some of the course exercises. In all honesty, this box took me a total of 5 minutes to finish (yes you read that correctly 5 minutes) LOL. The next box that I finished up last night was Mike. This one wasn't one of the low hanging fruit, in fact it was the opposite. This box was unique and from looking at the forums was giving a lot of people some trouble, but I wanted to test myself. It took me around 4 and a half hours (I think) to finish this box and the excitement I got with every step I made towards finishing it was immense. Again I didn't really find this box to be difficult, it was more a matter of figuring out how a few things worked.
Now my fellow readers/OSCP future candidates, I am going to give you the most valuable piece of advice( well at least it has been for me)that you will ever get while doing this course or searching the entire student forum........RDP EVERYTHING!!!!!! You should make this a staple of your privilege escalation process. I am not going to give out the full details on how to do this and make it work as that would take the fun out of learning the process (I know I sound like an offsec admin now lol). The only hint I will give you for this process is, RTFM. That should be all you need. Now as a disclaimer I know that there are plenty of other ways to get into a box and this will not always work or be the best way but definitely keep it in your thoughts when trying to escalate privileges.
<rant>I have been spending around 3-4 hours a day after work and plan to spend 10-12 hours a day on the weekends, I also have a newborn daughter that was born almost 2 months ago. So for those of you thinking you don't have time or any of that nonsense, you have time. Think about it, a guy who works 9-10 hours a day and has a newborn at home has the time for this course. This is one of my biggest pet peeves, if you really want to do something, you will make time for it. Yes I don't get a ton sleep and yes I am tired some days BUT I make it happen. I have goals and nothing will stop me from achieving them. I will do whatever it takes to reach my goals. This is something those of you thinking you don't have time should consider</rant>
Ok, now that I got that off of my chest, I'll be diving back into the labs tonight after work and hope to at least pwn 1 more box tonight.
Boxes attempted: 2
Boxes Pwnd: 2
Pwnd Box Names
Alice
Mike
Next: CCNP (R&S and Sec)
Follow my OSCP Thread!
Pwnd Box Names
Alice
Mike
JD
Barry
Phoenix
Bob
Also on a side note, I had a phone interview yesterday with a contracting company that has several positions open in a few areas and it VERY well. Of all the options we talked about, I told the recruiter that I was most interested in one of the junior level red team positions. It sounded like they were needing people ASAP, so fingers crossed that I get the job. That's all I have for now, stay tuned!
Pwnd Box Names
Alice
Mike
JD
Barry
Phoenix
Bob
Payday
(Another that I cant remember but will add it when I get home and check my notes)