My OSCP Epic Journey

clarkincnet

So… I’ve decided to go after the OSCP certification and I decided to start a thread to journal my progress, efforts, frustrations, failures and ultimate success. I started this for the CISSP but never completed it (I wish I had stuck with it now in hindsight).

This was not a decision I made lightly and it only came after a few months of consideration and pondering during my wife’s imposed "summer vacation of NO STUDYING". Because I am goal driven, I tend to need a “big goal” to work towards in order to move forward. Without an overall goal or purpose, I tend to start lots of projects and then move on to something else without ever completing anything.

My overall plan is this:
1 – general focused study on “the basics” for 2017 Q4
2 – focused study on eCCPT during 2018 Q1
3 – focused study on OSCP during 2018 Q2

I’ve combed the forums and read the majority of OSCP threads for help in developing a plan. I’ve also read many blogs and articles from people who passed the exam (as well as those who have unsuccessfully attempted it and stopped). Below are the steps and progress I have made since October 1 (almost one month in). I’m not publishing the resources I have not started yet because that list is quite long…

Courses
Cybrary.it Course: Penetration Testing and Ethical Hacking by Leo Dregier
Source: https://www.cybrary.it/course/ethical-hacking/
Status: COMPLETED

Cybrary.it Course: Advanced Penetration Testing by Georgia Weidman
Source: https://www.cybrary.it/course/advanced-penetration-testing/
Status: COMPLETED

Zercool Wireless Penetration Series
Source: https://www.youtube.com/channel/UCX-K9aANFs6FLNNFP176nCg
Status: COMPLETED

LearnPython.org
Source: https://www.learnpython.org/
Status: COMPLETED

CodeAcademy Course: Learn Python
Source: https://www.codecademy.com/learn/learn-python
Status: COMPLETED

PentesterAcademy: Network Pentesting
Source: Network Pentesting
Status: IN-PROGRESS, currently on video 13/83

Udemy Course: The Complete Ethical Hacking Course: Beginner to Advanced
Source: https://www.udemy.com/penetration-testing/
Status: IN-PROGRESS, currently on video 14/113

Books
Nmap: Network Exploration and Security Auditing by Paulino Calderon
Status: COMPLETED (read)

Nmap Network Scanning by Gordon “Fyodor” Lyon
Status: IN-PROGRESS, currently on page 59

Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman
Status: IN-PROGRESS, currently on page 180

Lab/Vulnerable VMs
Kali
Metasploitable2 – learning platform for the tools.
Windows XP, Windows 7, Ubuntu – loaded with various vulnerable software from exploit-db as I’ve followed along in courses and books.
VyOS virtual router – test nmap scans behind router configurations

CyberCop123

Good Luck! I am part way through my 90 days of OSCP, it's really fun but very challenging.

My Advice:

- I don't honestly think you can "read" the Nmap book by Fyodor. You can scan it, reference it, flick through it to get an idea of functionality, but honestly, there's only so much syntax and output you can look at before you just lose track. I'd shelve it until you actively start to use nmap.

- Prioritise the Georgie Weidman book, it's virtually identical to the OSCP PDF and Syllabus. I read about 60+% of it before OSCP and had a great base knowledge when i started the OSCP itself.

- I watched some of the Cybrary Videos. Personally I enjoyed the Leo Dregier ones more than the Georgia Weidman ones.

- Do you know any python or shell at all? If so get a good base knowledge but don't go mental with it... a lot of whta you need to know is basic and is more about taking something and tweaking it a bit.


Don't be afraid to dive into the OSCP as it's an amazing course and I think if you delay it for the sake of doing others as preperation you'll end up wondering why you waited so long. Only delay it for other courses... IF you want to do those other courses first.

...

Vulnhub is definitely a brilliant resource. I wish I'd done more that before starting OSCP.

Good Luck!

tedjames

Impressive list of accomplishments, and all in this month, too! Some of those items are on my list.

That sounds like a good plan, and it's a good idea to build a strong foundation. Good luck!

dr_fsmo

Did you come up with a list of preconfigured vms? I see many people reccommend ones like the Kioptrix series.

clarkincnet

CyberCop - thank you for the great information and tips. I can read python and write well enough to reuse or make edits to someone's code, but I'll never sit down and write my own complicated program from scratch. I want to make sure I understand the fundamentals, that's why I was looking at breaking up my studies this way.

dr-fsmo - I started a list of vulhub VMs as I read the different threads and blogs. I started with this list and added to it: abatchy's blog | OSCP-like Vulnhub VMs

However, I'm not at the point of starting those - I'm focusing on metasploitable2 just to learn the basics.

BuzzSaw

Welcome to the party!

A couple quick tips:

- It sounds like you have a good networking grasp, but if you don't, take a day or two to freshen up. I've seen a few people around here struggle with the basic idea of ports and such, or the idea of a dual homed system
- Georgia's stuff is good, and the book is even better than Cybrary. Make sure to read that one
- Add the Hacker Playbook (2) to the list .. It gives some good examples of various codes and stuff

clarkincnet

Thanks! Hacker Playbook 2 is on my shelf... I will read after finishing Georgia's book.

clarkincnet

Just a quick update. I worked through several Pentester Academy lessons, spending time documenting my notes for the exploits. I'm trying to understand the why as well as the how. I took and completed a Burpsuite class from Udemy. I also completed 26 lessons from the Udemy Pentest course (almost finished as some labs are not applicable). I also finished reading the Fyodor NMAP Scanning book late Saturday night. I agreed with CyberCop's thought that it would be a difficult read (after all, how do you read switch information and actually retain anything...) but I was surprised at how well some of the concepts came together for me. There were certainly sections where my mind melted and others I had to skip because it was reference material or simply didn't apply to my purpose, but when I finished I fell like I have a firm grasp on the how and why - I just need lots of practical experience instead of simply "let me follow along in my imperfect lab and try that too". If nothing else, I now know where things are and I know to look for connections I didn't know existed before.

I may change my study plan. I was looking at eCCPT for the purpose of helping me learn before attempting the OSCP. I've been looking at virtualhackinglabs.com and for the price, that seems like a viable option. It's only been out for awhile, so I know I'd be part of the "live beta launch crowd" but it might be worth it - you can't argue with the price...

I'll work on the Georgie Weidman book this week, Pentester Academy lessons (practicing along with my lab machines), and (maybe) test drive the virtualhackinglabs.com labs... I have The Hacker Playbook2 to switch between as I read and practice.

Courses
PentesterAcademy: Network Pentesting
Source: Network Pentesting
Status: IN-PROGRESS, currently on video 17/83

Udemy Course: The Complete Ethical Hacking Course: Beginner to Advanced
Source: https://www.udemy.com/penetration-testing/
Status: IN-PROGRESS, currently on video 40/113

Udemy Course: Burpsuite
Source: https://www.udemy.com/burpsuite
Status: COMPLETED

Books
Nmap Network Scanning by Gordon “Fyodor” Lyon
Status: COMPLETED (skimmed a few chapters like compiling nmap, deep magic on how nmap scripting works, and the reference guide)

Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman
Status: IN-PROGRESS, currently on page 180

McxRisley

Vulnhub is still a decent place to learn but there is a much better place now called hackthebox. I HIGHLY reccomend it, I'm not a huge fan of the community there since most are OSCP hopefuls and treat the site like its the OSCP exam, meaning a lot of people aren't very helpful or willing to help others learn. If you can make it through all of the easy and intermediate boxes on there, you can pass the OSCP.

clarkincnet

Thank you! Great tip!

clarkincnet

I started the virtualhackinglabs (VHL) this week. It comes with a 200+page pdf and access to 30+servers. I made my way through about 42%of the lab book (they have a percent counter for your progress) and have slowed down now that I’m in the exploit part of the course. I haven’t started on any of the lab computers except to enumerate Lucky (I was testing the speed of nmap in the labs). So far this tracks pretty closely with Georgia Weidman’s book.

I also took the challenge and gained access to hackthebox. I haven’t done much there except poke around. I focused on the paid time I have with VHL.

I’ve read more from the Georgia’s book and completed some more of the Pentester Academy course.

jamesleecoleman

Thanks for posting about VHL! I'm really interested in it and I hope that it'll help with whatever pentesting course I'm doing.

clarkincnet

I'm 67% through the coursework in VHL. I've told myself that I was going to finish the course ware before starting on the labs. However, I've enumerated three servers as I've followed along with the labs. I'm pretty sure I know how to handle James, and I was testing my grasp of the web material and I ended up with a low-privilege shell on Lucky. I ended up going to pickup pizza for the family and during the drive, when my mind was somewhere else, it suddenly dawned on me what I needed to do to root Lucky.

So far, I've been impressed with VHL. It has given me a methodology to fit what I've been learning into. The course ware is built so they teach you a principal and then its up to you to research how to apply it. They have hints for the easier servers to help you along but I'm not planning on using those unless I'm really stuck. They could really benefit from having an IRC or forums or something.

I've put most of my free time this week into this course, and have gotten further than I thought I would. I will not make much progress this weekend.

clarkincnet

Between work and family obligations the last week, it's been hard to find time to dedicate to this. The time I have had, I've spent head down in the labs. I've rooted two servers and have learned a ton along the way. Lessons like, don't over complicate things and keep it simple (stupid). When I rooted my first box I jumped up and did something I've never done before - spontaneously broke out in the "I got root" dance... Funny how I never knew I had that capability inside me until I caught myself singing "I got root" while gyrating my hips and moving my hands in little circles in front of me...

I need more Mt. Dew.

VHL Rooted: steven, mantis

clarkincnet

I popped another box before heading to bed tonight. I'm documenting the boxes as I go, which is good because I had to go back to steven today to verify I could replicate the multi-part exploit. I also finished reading the lab book.

This is very much a research your own way through course. They added another server to the lab, so it's up to 33 boxes now.

VHL Rooted: steven, mantis, john

clarkincnet

I have a limited shell on lucky but after several attempts yesterday at cracking it, I'm not feeling like a trip to Vegas.


I upgraded the Kali distro yesterday as well. I didn't have this high on my list of to-do's, but after some unrelated research, it seemed like the easiest way to see if some latent issues would be resolved. Way easier than Windows...


I also found out what the /bin/bash^M: bad interpreter error message means (thanks Windows...). Sed came to my rescue and cleaned up Windows character return: sed -i -e 's/\r$//' enum-linux.sh


Enumeration, Enumeration, Enumeration... that seems to be my biggest repeating lesson...

Hornswoggler

Keep hacking away!! The books and videos and hacking courses are great... you picked some good ones, but at the end of the day you have to hack. Popping shells and getting root is the OSCP yardstick so keep working those virtual labs and vulnhubs!! I didn't do enough vulnhubs before my PWK course but I learned a ton from the ones I did.

clarkincnet

Another day - still no lucky... I read up on enumeration techniques (https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) and several other sources recommended throughout the OSCP posts. I have lots of data about the machine and applications but nothing jumping out on what to do next. There's no forums or IRC for VHL so I'm going to just move on (for now).

One good thing is I (think) I finally have a method to keep my notes. I'm using OneNote and I've gone slowly from complete chaos to starting to get things organized.

I've learned more in the last two weeks in the labs than I have previously. Tomorrow is a new day!

tedjames

That enumeration blog is a fantastic resource! Thanks for posting it.

joneno

Hi Clark - Did you get a chance to complete the OSCP?

clarkincnet

Back again.  My last post on this topic was November 2017.  Wow.  I fell off the OSCP train due to work and then nailed a few other certs along the way.  I'm back again and have been working on it as a hobby lately.  I wanted to brush up on my linux skills - pushed through overthewire bandit level 10 this afternoon while waiting on something else to finish.  I hacked through Metasploitable2 over the last week and remembered how fun this is. 

yoba222

You ever get further in VHL?

clarkincnet

Nope.  It was a good resource I believe.  I'm not opposed to trying it again.