Penetration Testing with Kali Linux OSCP Review and Course, Lab experience — My OSCP Review :Try Harder! ;)
Introduction:
Gaining the OSCP certification is a challenge
like no other. After my experience with the OSCP exam course from Offensive
Security, I decided to go ahead and write an OSCP Review. I registered for this
course in July 2015 and choose 90 Days lab. Within a week I received Mail from
Offensive Security regarding VPN Access, Course Material all etc.
OSCP is a combination of Network, System &
Web Hacking also a medium part of Exploit Writing, where you have to write an
exploit for a particular vulnerable software.
Who am I:
For those who doesn’t know me .My name is
Narendra Bhati, working @Suma Soft Ptv. Ltd. As Security Analyst. I have 3+
years of experience in Application VAPT. I am also bug bounty hunter and doing
it from last 3 years. Yes lots of money ;) apart from salary.
I quickly completed my course material like
videos and pdf and it tooks me 3 days to watch it completely. 1st day in my lab, I was able to root 3 machine and I
was like King of hackers :p but in actually not. Time by time I learned that
the lab is made to hacked but its not easy as I was thinking in starting after rooting
3 machines on 1st day.
In lab I faced different kind of scenarios
where only Offensive Security Guys can provide because it’s totally related to
real world attacks and approach. I must After lab exercise there is new
thinking or you can say style of attacking is getting developed in my mind (
Really ;p )
In the lab machines, I spend more then 7 days
on a several machines to get root access of it, yes it is true. You really need
to work hard. At the end of my Lab, I was able to root almost all machines hmm
;)
The Judgement Day - 1:
After around 3 months, I decided to give my OSCP
exams. I chooses Nov 2015,4:30 PM time slot.
At sharp 4:30 I got the mail from Offensive
Security with exam details, VPN Access and all. First I started my hand on
lowest marks machine and within 15 minutes it’s done. I was like BOSS ! :p
After this machine I got second machine after
5 hours and later on it was all dark. After cracking two machines I was getting
nothing. I was thinking where the hell I am missing something or doing any
mistake. 50% time was gone I got my hands on only 2 machines with around 25%
marks which was not enough to get Pass, at least you need 70% marks to achieve
the OSCP Certification.
Rest of the time I was very frustrated and
confused because I have done good practice in OSCP lab then why I am not able
to crack those exam machine and later on time was gone. VPN disconnected and my
hope too. L
After 3 days of sending my report, I received
mail from Offensive Security that I wasn`t passed. L
The Judgement Day – 2:
After my 1st failed attempt, I was
very disappointed and wasn`t wanted to re-attempt for OSCP, because OSCP
exams really kicked my ass a lot.
But in the background. I realized that, I fall in some of the places like Privilege Escalation & Information Gathering part.
But in the background. I realized that, I fall in some of the places like Privilege Escalation & Information Gathering part.
During the office project and deliverables and
I was not able to do proper study and practice again. But still I have to do this.
I was continuing to improve my Privilege Escalation & Information Gathering part every day over the night.
But in March 2017 I seen a Facebook post of one my friend about his OSCP Achieving, I think should I try one more time hence i was improving my weakest parts and yes. Just after 15 day I schedule my OSCP Exam at the same time. Within 15 days I did all practice and studied a lot on the things where I was lacking.
I was continuing to improve my Privilege Escalation & Information Gathering part every day over the night.
But in March 2017 I seen a Facebook post of one my friend about his OSCP Achieving, I think should I try one more time hence i was improving my weakest parts and yes. Just after 15 day I schedule my OSCP Exam at the same time. Within 15 days I did all practice and studied a lot on the things where I was lacking.
Received the VPN details and exam details on
sharp 4:30 PM, this time I was confident and decided to crack the machine which
have highest marks. Within 12 hours I was managed to crack those machines and
was very near of Passing Marks. Next 12 hours I put my almost all efforts and
finally I achieved the score which I was looking for just before 1 hour.
Sent my report to Offensive Security with all
details and within 2 days got the haunted mail and It was "I have Obtained the
OSCP Certification"
Best of luck to anyone who going to take on the OSCP course and exam
Best of luck to anyone who going to take on the OSCP course and exam
Resources:
Some resources I used:
http://www.fuzzysecurity.com/tutorials/16.html
http://pentestmonkey.net/category/cheat-sheet/shell
https://github.com/GDSSecurity/Windows-Exploit-Suggester
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
http://www.offensive-security.com/metasploit-unleashed/Main_Page
http://pentestmonkey.net/category/cheat-sheet/shell
https://github.com/GDSSecurity/Windows-Exploit-Suggester
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
http://www.offensive-security.com/metasploit-unleashed/Main_Page
More information about the OSCP and PWK can be
found here:
https://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
So what was the issue that didn't allow you to crack those machines initially?
ReplyDeleteIn my 1st attempt, I wasn't good enough in Privilege Escalation & Enumeration. Later I improved it and re-attempted.
Delete