Skip to content

My OSCP Journey

A short glimpse of my journey of trying harder and getting that coveted OSCP.

OSCP Cert

Why and how it all started?

My journey to cyber security started during the Covid restriction. Around this time, I came across a lot of bug bounty posts, videos, and news on security breaches which got me interested in cyber security.

With nothing in particular to do during the boring days of lockdown, I started researching on how to get started in this field. I joined various community and talked with people who were already thriving in this field. One of them being Digital Overdose on discord. One of the mods in that channel suggested me to try for OSCP, and I figured why not without actually knowing what was in the store for me.

After some research (and pestering my parents to fork out the fund) began my preparation.

The preparation

I only had some basic knowledge of networking, tools, vulnerabilities, and Linux. I was using THM extensively (profile at the end of this section) to learn the very basic stuff. After getting comfortable with Linux and some security concepts, I began looking into some of the vulnhub boxes. Besides THM, I used the following resources:

Linux

Web

Study plan!

I created a study plan with a friend and decided to tackle certain number of boxes per week. List of Vulnhub boxes we did.

  • Kioptrix series (1,2,3,4 & 2014)
  • Pwnlab
  • Development
  • Mercyv2
  • Symfonos series (1–4)
  • Misdirection
  • Sar

Then some retired(easy) machines on HTB as well as Proving ground from @Tj_Null’s list.

PWK Lab

After some preparation, I finally decided to sign up for the official course. I took one month of lab which started on Sep 12. It came with 800-page PDF and 12+ hour of video. The video content was too dry for me to go through, so I skipped the videos and only referred to PDF when needed. I didn’t have much trouble with lab machines, as I had practiced a lot (HTB and Vulnhub) and developed a decent methodology that worked for me. I cracked about 50–55 machines in total. Almost all machine from public subnet and 5 from IT. Didn’t pivot into other networks as my experience with lab was very bad. It had a ton of technical problems and unstable most of the time.

Post lab/final prep

After my lab time ended, I scheduled my Exam for Dec 2. Most of time before my exam day was spent on HTB (did about 20+ machines from it, retired as well as active ones, Rated Easy & Medium) and Offsec Proving Grounds. It's one of the best resources out there to prepare for OSCP IMO. Did about 55 machines (mostly rated intermediate) from the proving grounds before my D-day.

Proving Grounds machine, that I attempted or completed:

  • Nickel
  • Slort
  • Authby
  • Jacko
  • Meathead
  • UT99
  • Medjed
  • Algernon
  • Billyboss
  • Butch
  • Kevin
  • Metallus
  • Shenzi
  • Hutch
  • Fish
  • ClamAv
  • Wombo
  • Payday
  • Fail
  • Nibbles
  • Banzai
  • Hunit
  • Dibble
  • Zino
  • Hetemit
  • Peppo
  • Postfish
  • Malbec
  • Sybaris
  • Walla
  • Nukem
  • Roquefort
  • Pelican
  • UC404
  • Nappa
  • Snookums
  • Zenphoto
  • Sorcerer
  • Quackerjack
  • Webcal
  • Apex
  • Surf
  • Interface
  • Bratarina
  • Internal
  • Clyde
  • Vector
  • Shify
  • XposedAPI
  • Helpdesk
  • Twiggy
  • Hawat
  • Cookiecutter
  • Sirol
  • Panic
  • Heist
  • Chatty
  • Muddy

The D-Day

My exam was scheduled to start on 6:45 am. Connected to proctoring software and went through some procedures. Started my scan on around 7:15. My game plan: BOF → 25 → 20 → 20 → 10.

I was done with BOF within first 45 minutes (Tryhackme BOF room FTW). Then I attempted 25 pointer. I got side-tracked because of rabbit hole for some time. But was able to get root on it by 12pm, now I had secured 50 points in first 6 hours.

At 12 hours mark I had 80 points (one 20 pointer remaining, I felt like I knew the attack vector but couldn’t exploit it). Instead of tackling the last machine, I started preparing my report as I didn’t want to miss crucial screenshot resulting in incomplete report and failing because of it. For report, I used whoisflynn’s report template. By the time I finished writing report I had about 2 hours left before my conection to exam environment expired.

I only took small break and was awake for straight 22 hours at this point. But I still went for the remaining 20 pointers and was able to get root at last minute of the exam (it was the easiest machine of the bunch, turns out I was just complicating it).

Then I updated my report, proof read it 4, 5 times before submitting the report. Got my result after 3 days on 5th dec and was officially OSCP certified. I was awake for almost 30 hours by the time I submitted my report and went to sleep. I do not recommend doing this at all. Exhaustion will result in tunnel vision, and you might miss obvious exploits or vulnerability. Which I did experience on one of the 20 pointers. So definitely take a lot of breaks and don’t be afraid to start over.

Additional Resources and Tips

Big Changes to OSCP Exam

OSCP Exam Change | Offensive Security (offensive-security.com)

According to Offsec:

The new exam structure will become available for students beginning on January 11, 2022. All scheduled exams for January 11th onward are subject to the new structure.

OSCP exam format is set to change which will include 40 points AD and 3 20 points machines. BOF is now low privilege vector worth 10 point instead.

Resource for AD.

Practical Ethical Hacking — The Complete Course | TCM Security, Inc. (tcm-sec.com)

TryHackMe — Throwback — Attacking Windows Active Directory || Part One — YouTube

WADComs

Machines to practice AD

  • Forest
  • Resolute
  • Cascade
  • Traversex
  • Monterverd
  • Sauna
  • Sizzle
  • Multimaster
  • Heist
  • Hutch
  • Vault

Whats next?

This is just a beginning. My small step towards cyber security. Keep in touch to know what I am up to, or if you want some help for your own OSCP preparation.