This will be my write up on the Offensive Security Certified Professional (OSCP) certification exam and my journey in passing the exam.

Introduction

My journey begins in middle of august 2018, i took up the package for the 90 days Penetration Testing Training with Kali Linux which is the official OSCP certification course by offensive security. Offensive Security PWK

After making the purchase for the PWK package, Offensive Security would send an email stating that you have reserved a seat for the PWK online course. Offensive Security normally starts the course on Sunday. You will need to do the lab connectivity test to test that your connection is satisfactory and your response time is reasonable when connected via VPN to the PWK lab. Once the connectivity test is completed, you then will be able to make payment.

Here’s the important part, On the Sunday at a stipulated time an email will be sent from offensive security to download your course materials which includes the PDFs and PWK Videos. I recommend printing the PDF and bind it into a book as looking through a PDF document is tough. Having a physical book would ensure that you are able to highlight, write down comments and such. The email contains also the VPN lab credentials and the .ovpn file for you to connect to the lab. There is a control panel given to you to revert your boxes, however there is a limit of up to 25 times a day.

Here is how the lab diagram look like. You start from the Public network before pivoting to other network.

The lab diagram courtesy of Offensive Security.

Note Taking Tips

There are many tips and guides all over the Internet to teach you how to prepare your OSCP note taking and such. I took a different method as i am more familiar with git and markdown. Using terminal or any shell you are comfortable with, with git command line installed you are able to push to your repo really quickly and pull them on any computer. If any changes are made, you can fetch all to have the latest revision of the git. How simple it is!

I decided to use a private repo from Github and take down my notes on each boxes i did. Everyday i would write in my diary to say what did i complete and what have i learn.

I would create a checklist of boxes i did in different networks and place a tick beside it once i completed it. At the start you will have no idea what hostname of the boxes you are doing hence you need to start making the checklist one by one.

An example of the markdown inside each labs. You will need to write down the ports open, vulnerability exploited, Vulnerability explanation, Severity and your own writeup with images and your proof.txt. Do note that using a markdown you are able to export to PDF easily without having to compile into a document for submission of lab reports. I use atom a open source editor to write my markdown and export to PDF. atom markdown pdf

An example of the exercise checklist. This is not the full exercise as i did not place some inside.

Also in the lab exercise document. I would write down the question and write my answer in markdown.

I personally use the markdown cheatsheet by Adam Pritchard. It is really useful. I will be uploading the template for notes taking on my github very soon so watch out for it! I have uploaded it at my github here OSCP Template

Cheat Sheet

You will notice during your daily note taking and rooting of boxes. There are so many techniques involve and there are however many techniques that are reused often. I would recommend you to write your own cheat sheet such as different MSFVenom payloads, File Transfer methods(python,wget,powershell,etc), Export PATH, Reverse Shell, TTY Shell, and so on. I too wrote this in markdown which helps me alot as i just need to search in my cheatsheet for the stuff i need to use. i have not use google at all except searching for some other stuff.

During the exam, your cheat sheet is going to help you so much. You must create a flow of how do you start rooting a box. As always it is enumeration enumeration and more enumeration! I have linked below the references i use for creating the cheat sheet. There are more of course!

Exam

On the day of your exam, offensive security will send the email on the dot. You will be given a new .opvn file and also a control panel to submit. Read it all here at the exam guide.

Each boxes will require you to get a root shell or otherwise says so. I will not say more regarding the exam other than you will need to enumerate enumerate and enumerate more.

I successfully completed my OSCP in 40 days with the tips i used above and thank you Offensive Security for the amazing course!

Offsec mantra: TRY HARDER!

Links:
Offensive Security
G0tmi1k Linux Priv Escalation
Pentestlab Priv Escalation
Tonyng Windows Priv Escalation
Pentest blog Windows Priv Escalation
sushant747 Priv Escalation
Fuzzysecurity