My journey to OSCP - Part 2: I did it!!

t17hhat17hha Member Posts: 52 ■■□□□□□□□□
After the joys of completing the eCPPT I changed focus to the OSCP. I decided to spend a bit of time going through the material prior to starting the labs, this went on for a little longer then anticipated as I ended up starting my 30 day of labs in mid-November.

The material surprisingly hadn't changed that much from 2011, I started off documenting all the commands in Excel and creating my mindmaps based on the material I had access too. After the eCPPT, I definitely felt better prepared and more confident. In all honesty, probably due to feeling like I couldn't take much more, I didn't watch any of the video content and only briefly went through the pdf. I would not recommend this to others, it would be an idea to go through everything so your familiar with it all.
My goal for the labs were to at a minimum tackle one machine a day so by the end I would have close to 30 machines compromised. As we all know, nothing goes to plan and knowing myself I seem to get bored fairly quickly for some reason! Anyway, I started off fairly well as in the first few days I was ahead of my target and sitting on approx 5 machines utilising some of the basic enumeration and exploitation. Metasploit was very helpful, I decided after each metasploit exploit I would look to do compromise the machine manually, this worked well and I would advise doing the same.

I seemed to be ahead of my target for compromising machines and half-way through my 30 days I had compromised approx 18 machines. I felt at this point, and considering the exam was fairly cheap, to have my first attempt at the exam. I booked in my exam on around day 22 of the labs so it gave me some time after the exam in the labs in the event I failed, I had compromised approx 24 machines by the time I started the exam.


On this occasion, I was feeling very anxious as I knew I had a lot less time then eCPPT. I had decided beforehand that I would spend approximately 3 hours per machine and then utilise the remaining time to focus on the machines I had not exploited. I started on the first machine which was a BO, considering I found it fairly straight forward on the eCPPT and the concepts were the same, I was making very good process until I git a brick wall after approx an hour when my exploit was not working. After going back through the pdf I realised a silly mistake as I did not read all the material especially on what to look for when testing exploits (sorry can't say anymore but probably obvious). Even though I felt I was doing this right my code was still giving me errors, after a little while I discovered the silly mistake I had made!!!! Python v2 and v3 have some slight differences such as brackets! Well, I changed the code and run the exploit and it worked like a charm, machine 1 down in approx 2.5 hours (should've been a lot quicker if it wasn't for my stupidity).

I quickly obtained a shell to machine 2 which was fairly basic but after spending another 4 hours or so I could not get root. I decided to move onto the remaining machine and also held the one metasploit attempt in my pocket. I found another machine which I was able to compromise with a limited shell fairly quickly and using a public exploit I obtained root within a couple of hours. I was feeling fairly confident now as I was approx 7 hours in and I had 2 full compromises and one partial shell.
I then looked at the remaining targets and realised one of them was a good candidate for metasploit, I found the correct module and ran the exploit and managed to obtain root SYSTEM privileges straight away, perfect!

At this point I had done approx 8-9 hours straight and had 3 roots and 1 limited shell. I began to focus on the last machine, I managed to get a limited shell (not 'limited' as I would've liked which I discovered later) and then hit a brick wall. I felt I may have had enough points but was too tired to carry on so decided to focus on some reporting and then hit the sack.
I woke up in the morning with an hour left before my exam lab was going to close and discovered I needed to get an actual limited shell to one of the machines, luckily I did this in time before the lab closed. I did feel like I may have not done enough as wasn't sure how the points would be allocated but decided to focus on the report.

My report took approx 6 hours as I had started it the day before. I submitted the report not knowing if I had done enough or not, especially as I did not try and go for the extra 5 points from exercises and lab report.

And then finally, the dreaded email came.....I HAD PASSED!!! I was over the moon, more ecstatic then I had been from passing any other course (that goes for CISSP too) but then felt a little underwhelmed. I had started this journey over 6 years earlier and finally I had completed my goal!

I still had some lab time left but decided I had enough and owed myself some sleep considering the weeks running up to the exam I probably slept no more than 4-5 hours a day! I then slept for the next week or so pretty much and finished 2017 with my OSCP as per my target early in the year.

Please remember, no matter how big or small your goal, always stay focussed as you will succeed but sometimes you need to demonstrate more patience then you are generally able too.

Some pointers:

I think its definitely a good idea to go through all the forum posts for the different lab machines and read up on others exam reviews as there is plenty of helpful information out there.

Don't let the exam scare you, it's definitely possible to overcome it, you need to stay calm, relax and plan how you want to break your time down.

I would recommend, if its possible to do so, having an exam attempt before your lab time expires so to better prepare you for the actual attempt. This seemed to calm me down more so as I was expecting not too pass which probably helped me pass first time round.


  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Congrats and great writeup.
  • datakandatakan Member Posts: 17 ■■□□□□□□□□
    Nice job! Hoping to join the OSCP crowd in a month :)
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Thanks cyberguypr, to be honest, I kind of forgot some bits so tried to remember what I could! It's amazing when you stop working with kali and labs how quickly you forget bits.
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    datakan wrote: »
    Nice job! Hoping to join the OSCP crowd in a month :)

    Good luck datakan, don't be intimidated by the exam and all the best!
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats on getting the OSCP! That's awesome that you never gave up after all these years. icon_thumright.gif
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    Outstanding work! I hope to find out if work is going to pay for mine today!
  • averageguy72averageguy72 Member Posts: 323 ■■■■□□□□□□
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Thank you all for the kind words. I hope it provides others with some motivation and also to realise nothing is impossible.
  • Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    Congratulations! bowing.gif
    X year plan: (20XX) OSCP [ ], CCSP [ ]
Sign In or Register to comment.