OSCP Exam Review

Why OSCP?

I chose to sign up for the Pentesting with Kali (PWK) course to improve my pentesting skills while displaying to potential employers I was capable and willing to start my career as a pentester.
After I enrolled I knew I was ready for the next challenge!

image description

After many hours of perseverance, honing my skills and satisfying a sense of limitless curiosity, I passed my OSCP exam. It was indeed WAY more rewarding to achieve this certification, even more than my bachelor degree. This is because it challenged my thinking, and pushed to work harder through times I wanted to give up.

A quote by Swami Sivananda accurately sums up the feeling of passing the OSCP exam:

"The harder the struggle, the more glorious the triumph."

Since there are already many reviews of passing the OSCP exam, I wanted to take another path and provide assistance to what you should expect of yourself.

image description

What is expected before you get the course notes from Offsec?

It is advised you have a grasp of the following skills:

  • A solid understanding of TCP/UDP networking You have a understanding of how packets are sent and received over the internet
  • You should feel comfortable on the command line both Windows and Linux environments.
  • Sign up to PentesterLab and complete Web For Pentester I & Pentester II
  • To attempt Vulnhub.com hosts and read the walkthroughs that other people have submitted on the site.
  • In particular, I recommend the hosts from the Kioptrix series
    These should give you an idea of what will be expected of the course
  • If you still have time: OverTheWire

What books should I read?

These can be read before, during, or after the exam

  • Hacking : The Art of Exploitation 2nd Edition (Jon Erickson)
  • The Basics of Hacking and Penetration Testing 2nd Edition (Patrick Engebretson)
  • Pragmatic Thinking and Learning – Refactor Your Wetware (Pragmatic Programmers) 1st Edition (Andy Hunt) (highly recommended)
  • The Hacker Playbook 2: Practical Guide To Penetration Testing (Peter Kim)
  • The Web Application Hackers Handbook 2nd Edition

You've received the email to start PWK: what to do first?

  • Exercises

It is essential you get all the exercises completed. Not only because with completion of ALL exercises and 10 Lab hosts will contribute to the bonus 5 points, but it's the foundation to your understanding of the course and sets you up for potential hosts in the labs.
Additionally, if you get this done in your early days in the course, you wont need to go back and do it again, especially if you really need those 5 points to pass the exam!

After completing the exercises, It's lab time! What should I be aware of?

Imgur

You will have access to many lab machines of different variations.
In order to get the most out of your time in the lab, I have observed a few things that I found useful during my time which might be of benefit to you:

  • Automation

Anything that can be scripted should be scripted.
I would suggest you to write your own script/s. Whether you script it in bash or python, you will know exactly what is being run and not run. If you need inspiration, the scripts I used are attached to my Github Account that can be cloned for testing.

  • Enumeration

With experience you'll begin to identify what runs over the each port. This will allow you to quickly assess what should be running on a default Windows and Linux host. However, if you don't find what you need to progress from a vulnerability to an exploit to a shell, you will need to go back and enumerate harder.

  • Methodology

Sure it's fun to identify an exploit and obtain a reverse shell, but was there an easier way inside?
Developing your methodology will allow you to be able to stay on track and not get lost with the abundance of information required to get the next step or completely overlook multiple possible entry points on a host.
A high-level methodology will consist of:

Information gathering -> Enumeration -> Vulnerability Analysis -> Exploitation -> Enumeration -> Post Exploitation

  • Mindset

You will get stuck. It's the nature of the course. You've reached a point, where the questions you are asking are just not enough.

image description

what do you do?

Learn to take proper documentation that outlines the attack vectors attempted, and how long you spent on them. This will hopefully minimize time spent attempting rabbit holes.

In my experience, I heard the anagram 'K.I.S.S' which means: 'keep it simple stupid'. Someone would say to me usually after I had attempted to string out a crazy exploit that I had been sure would work. Once I listened, It became clear I had overlooked a simple entry point.
So after it was memorized, it became a anchor point for when I gotten myself stuck to make sure I identified the easiest vector. Which was helpful in both the labs and in the exam.

Lastly, a willingness to see every failure as an opportunity.
A quote I found inspiring was by Thomas Edison

"I didn't fail. I just found 10,000 ways that didn't work"

You've finally decided to attempt the exam. What now?

  • Time Management

As you start your exam, If you're not running your enumeration scripts while working on the first exam host, then you're not doing it right. The mental energy you have while in the exam will be at it's peak when you start. As you wind through the exam it begin to slow down. Nutrition, hydration and coffee/stimulants will keep you going, but when you're at 18-20-22 hour point, it will be inevitable to be trying the same exploit vector 5-10 times wondering why it wont work. Sleep is the only thing that would help in that situation.

Quickly on the subject of sleep, making the choice to hit the hay can allow your subconscious mind to unpack the conscious thoughts. If you get to the 12-14 hour mark and you're not sure if you'll pass, have a sleep for a few hours, and continue. A second wind can be all you need to identify the vector you overlooked.

  • Automation

I'm discussing this area again for it's mere importance.
Your script/s should be top notch at this point from the experience and development in the labs.

  • Documentation

Make sure you completed the lab and exercise report. To leave it to the day after your exam is just a recipe for errors. I spent the last 2 weeks before my exam editing and updating this report just so i knew it was ready. This is only if you need the points.

It is recommended that have documentation set in their own categories. This can be done in KeepNote in Kali Linux. It kept everything in the one place so I wasn't digging for escalation methods for Windows or Linux.

  • Music

I would advise having background music. I prefer trance music, but something you enjoy with a steady beat will do fine. However, perhaps it would be best to stay away from unfamiliar music with lyrics, which requires the brain to advert attention from the exam and onto the lyrics sung in the song/s. Otherwise, any other particular genre of music will keep you with an upbeat feeling and generally in a good mood.

  • Distractions

Minimizing any distractions while attempting the exam is crucial. It is identified that distractions can stop your focus to an average of 20-25 minutes. This can be anything from social media to checking emails on your mobile phone to wondering what you'll have for dinner (if you didn't prepare).

image description

  • Food

I suggest you eat nutritiously prepared food during this time and in regular intervals. It is stated that the brain utilizes about 20 percent of all total energy consumption for the human body under normal functioning. During the exam, I'd expect that to increase exponentially, so without adequate nutrition expect your performance to decrease.

  • Strategy

Out of the exam machines you will receive for that day, it would be advised to decide in what order you'll be attacking the those machines BEFORE the exam day. Everyone is different. Some go for the hardest hosts first, others go for the easiest.

If at some point you get stuck, have a short break for food or a short walk and return by rotating to another machine. The break away from exam will help with tunnel vision and resume your abstract thinking. I have heard that some prefer to have a shower, and while relaxing remember an attack vector they hadn't tried, hence the term "shower thoughts"

Otherwise, it could be a security tool/s you didn't know existed. Sometimes this can be the difference between 5-10 minutes on a host or many hours. I would suggest checking out all the relevant builtin Kali tools for the stage of your attack vector.

Lastly, I would recommend having the last couple of days off to relax and unpack your mind before the exam. Make sure everything is completed right up to the exam, because if you're under the stress of passing, anything additional on that and you'll just end up making life harder. Especially if you're juggling life responsibilities.

You didn't pass the OSCP Exam?

Don't be defeated if you don't pass the course. Get back up and and prove to yourself you really want to pass. Identify what didn't work out, learn those areas and re-book it as soon as you can.

In my experience, when I saw the email come in telling me I didn't pass, I saw it as an opportunity to work on my weaknesses.
So learn from your mistakes and don't make them again.

image description

Summary

Hopefully these words have served you well, and set you on the right path.

-t911