From Unknown to Have Something
Hi all here i will share my journey to become an “OSCP”certified holder
My prior experience
I have worked in InfoSec for around 2 years.I felt like doing OSCP would better help me to find and critical thinking when conduct penetration testing.
What did I use to study?
I will go into some more detail about these resources after; however, I used Virtual Hacking Labs, Hack the Box, PWK, Ippsec Videos and Tib3rius’ privilege escalation courses.
Virtual Hacking Labs
you can see my review here.https://medium.com/@macha2230/review-virtual-hacking-lab-vhl-e3481f61276f
Hack The Box
I’m sure the vast majority have already heard of Hack The Box. It’s a great site with many different boxes, ranging from Easy to Insane. Some of these boxes can be very CTFy and most are probably out of scope for the OSCP exam. There is a list compiled by TJ Null, which goes through some OSCP like boxes, I would suggest 90% of these be completed before attempting the exam. Hack The Box is arguably the best when it comes to priv esc as there is lots of variety. To do the boxes on the list you will have to buy HTB VIP, which is around £10 a month.
Ippsec Videos
I think this is one of the most crucial things you can do, watch IppSec’s videos in your free time, even boxes that would be considered too hard for OSCP. You could learn something from a harder box and apply it during your exam. You’ll also be able to see how he enumerates each port/service and add that to your methodology. I would suggest first attempting the boxes before watching the IppSec tutorials, especially for the more OSCP-esque boxes. Best of all it’s free!.
PWK
NOTE: I took the old version of the PWK, they updated the course just after I bought it, so I will be talking about the old version and not the new.
PWK is the course for OSCP from Offensive Security. In the end I only completed around 33 boxes, 2 of which are part of the “Big Four”. Some of the machines in the course were very old so they had multiple ways to get shells. This made it difficult to differentiate what the intended route was supposed to be; however, if that method gets you a shell, then I guess it’s good enough. I tried to avoid metasploit, but I did end up using it on a few boxes.
I didn’t end up submitting the lab report and exercises as there were just too many exercises. However, I would probably suggest doing so if you have the time; those 5 extra points could be crucial.
Tib3rius’ Privilege Escalation courses
These courses are concise and explain the basics of privilege escalation for Windows, it was great to have everything you need in one place instead of various different articles spread across the internet. I would definitely recommend these.
Tools
There are various different tools that can be used to assist you, I will highlight the top 3 for me, but leave it to you to research tools you feel would help you.
AutoRecon
AutoRecon does all the basic recon for you automatically in the background and can save you a lot of time from doing it yourself.
Linux Smart Enumeration
LSE is a Linux privilege escalation script which will help you find basic misconfigurations or things that could be suspicious and help you get root.
PEAS
PEAS are a set of Linux and Windows privilege escalation scripts. Adding these to your arsenal will help make escalating your privileges that little bit easier.
Finally don’t expect to much on scripts i post try to understand manually all the thing works.
