YET ANOTHER OSCP REVIEW
WHY I GOT MY OSCP CERTIFICATION
I am not a kid anymore and I come from many different job experiences, none of which is in any IT field.
One of the reasons I changed so many jobs in so many different unrelated fields is that I get easily bored when get too used at something. I need new challenges, new things to learn.
I always had a passion for hacking, and the more I learn the more it is clear to me that with so much to learn Iím far away from getting used to it. I think many people share this same feeling :).
So it came to me as an epiphany that this was THE JOB. I've been meaning to get a job as a pentester for the past 3/4 years.
I was of course willing to accept any position in order to get into the industry and set a foothold, however whenever I applied for a job I could not even get a reply, let alone an interview.
So I decided to get OSCP certified to show I possessed the minimum skill set required for the job and how serious I am about it.
HOW TO PREPARE
I did quite a few machines on VulnHub.com, I read a LOT of writeups, even made a few myself.
I wasn't sure to be ready to take the course, but I did and in the end I realized you can never be ready for the course, for so many things you will learn along the way.
What you MUST have before enrolling is the will to struggle, the time to do it and the knowledge that it will be not a walk in the park, but an amazing experience, well worth the tears and sleepless nights :)
THE COURSE MATERIAL
Once your lab time begins you will receive a mail with a link to download the course material.
Offensive Security is really serious about its courses. Everything is studied in order to keep your OSCP certification the right value it deserves.
You won't find solution anywhere on the internet about the Lab machines.
You won't find OSCP students giving any spoilers anywhere, but many will be happy to give you little hints to point you in the right direction.
You will receive your course material the day your lab time begins, down to the minute.
The course material consists in a series of videos and a big .pdf courseware, all of those watermarked with your own details, to prevent leakage of them.
I'm pretty positive that if any part of your course were to reach the internet your OSCP certification could be revoked, so keep it safe on usb key, possibly encrypted. My 2 cents advise
OffSec will advise you to use the 32 bit custom Kali distro for the course, again a link to download it will be provided in your email.
Many people will argue that that's not mandatory and in fact it isn't. My experience however will tell you that by sticking to the provided .iso you will save yourself a great deal of frustration.
I did use the suggested distro, however I took the chance of updating it and as a result on a couple of exercises I had to do some troubleshooting since the intended way would not work on my machine
I don't want to imagine using a 64 bit Ubuntu, for example. Besides this is Pentesting with Kali Linux, isn't it?
If you haven't done it yet download the course syllabus to have an idea of the topics taught.
The course in itself doesn't look much, at least to me at first glance. I was expecting the Holy Grail of Hacking to be revealed to me and I must say I was quite disappointed.
I already knew 90% of the techniques described, so after skimming thru the material I went straight to the Lab.
That was a MISTAKE. There is much more than meets the eye. You will value the course only when you actually will try each and every exercise.
After starting the Lab, even though having some success on the first machines, I realized my mistake and went back to the course material.
I can't stress enough the importance of doing the exercises and at the same time taking notes and screenshots. Even better: do your course report as you do the exercises.
The course report isn't mandatory however I did it and I am glad I did, if you know what I mean :)
It will be very time consuming as it will need to be done with all the requested exercises, in a professional manner.
Check your spelling, use a professional tone, be clear and avoid any corner-cutting.
I can count on one hand the engagements I popped a shell with little effort.
The fact is that in most situations you find yourself hitting and hitting a stone wall. It could be just because you overlooked something or because you chased the rabbit down the hole, or another of many common reasons.
So you'll need to step back a little to be able to give one more push and one more.
Remember to #TryHarder!
You will learn that this motto means one simple yet fundamental skill/mindset.
Don't leave any stone unturned. Research each service, enumerate more, and try new troublemaking things.
The worst thing of the wrong approach is that you will still learn something new :)
Time to delve on the core of OSCP.
Within the same mail you got upon your lab start you will also get a link to download your custom connection package, which will grant you access to the Lab.
The Lab is pretty massive. You will find several subnets. Overall there are about 50 targets, the majority of which in the main subnet. You will have a chance to experiment pivoting among other things.
The main objective of the course is to give you the tools and the mindset to be a professional pentester, all the rest is up to you. And the rest is quite a lot!
You will need to research the different services on the targets, understand how they work and how to exploit them.
The machines are unlike a usual CTF. The Lab is meant to resemble a medium-small working network, with some nice twists among the employees.
The usual workflow to pwn a machine will be: scanning, enumeration of each service, identify the vulnerability, find a working exploit and adjust it to meet your needs and the target's environment.
I owned 42 machines before attempting the test.
At the beginning I started to tackle Humble as my 3rd target, needless to say it was a bloodbath. It took me 7 days to get a low privileged shell and another 2 to get root.
Near the end I was pwning a machine per day, so I would say the learning curve is pretty steep, but that of course depends on you and on the chosen targets.
One more thing to note about the Lab is the usage of Metasploit and Meterpreter. It is well known that the use of these and other tools is limited if not prohibited during the exam, however you should not pose yourself too many limits on the use of any tool, after all this is a learning occasion and there's much to learn about these tools as well.
If anything you should try to do attack a target in both ways, meaning with a Metasploit exploit as well as a standalone script. The same goes for the payloads as well.
One last thing: take notes, take screenshots, take more notes, take more screenshots! You'll appreciate the value of this later on in the course but I assure you will!
OffSec provides students with a forum where is possible to discuss the machines and ask and give nudges. I took great advantage of it and I suggest you to do the same.
I feel there's no shame in being pointed in the right direction from time to time, after you hit a brick wall. After all the lab has limited time and wasting too much of it on a machine will be overly frustrating and will limit the learning provided by other machines.
There is a downside however: you'll get used to a safety line that won't be there during the exam, nor I think in real life.
So beware of this.
Personally I used the #offsec channel a little in the beginning, but didn't grow too fond of it. I guess it all depends on how you feel about these types of means.
The bright side is that often G0tm1lk and Muts (among others) will be live on the channel and it's a great occasion to get in touch with your favorite Rock Star :)
As you probably know you will have a 23.45 hrs window to take your test. During this time you'll have a testing lab just for yourself, so no one will bother you or reset a target you're working on.
This also means that the slots available to schedule your test are limited, so you'll need to plan in advance.
You will have a personal panel used to reset your test machines and to provide the proofs of the exploited accounts. Make sure you do it or you will score NULL. You test report will also need a screenshot of the proof along with the IP address, so make a habit to take them always!
OffSec will tell you that during the test you are expected to make time to sleep, eat and take breaks, but c'mon! We all know we'll take the test and fall asleep exhausted in front of the screen.
But that's WRONG! It took me three attempts in order to succeed. You'll need to learn a critical new skill: time management. Your brain cannot perform at peak levels for 24 hrs straight so you'll really need to set a schedule beforehand and try to follow it as much as possible.
That said the test isn't too hard. On my first attempts I was really behind so I gave in after about 18 hrs. The second time I was nearly good, but I worked so much that when I finally took a break I was so broken that didn't wake up in time to try to get my last needed points.
I was devastated :(
As said earlier the third time was the right one!
I want to leave you with a humor note by Muts: click here :)
Good Luck to you all embarking on this adventure by Shell0ck .
Remember to #TryHarder