OSCP — My Experience

Preparation

PWK Labs

  • Monday to Friday 8am — 5pm from Sept 26th to Oct 26th

The Exam

  • 3:30 PM Offsec recommends to connect to the proctoring software 15min before the start of the exam. It was 3:30PM when I connected to the proctoring software. I followed the proctor instructions (confirming your identity with a passport or valid government ID, showing the room, etc). I received the connection pack to the exam at exactly 4:00PM. Before starting the exam, you have to run a test to make sure you’re connected to the vpn (you copy paste the result and give it to the proctor). Once everything was confirmed and ready, I started reading the exam instructions via the exam panel. I was really anxious about being constantly watched but this feeling quickly disappeared. The proctors are really friendly.
  • 4:10 PM It was 4:10PM when I was ready to work on the exam. I decided to tackle the buffer overflow first. I connected to the debugger and started the usual process. I had already prepared a folder containing the fuzzer and exploit template i’m familiar with. I was able to get a reverse shell on the target machine after around 45 minutes. I had the proof.txt and I was ready to move to another machine. One thing that really helped me was to create a draft write-up during the exploitation. Great, I had 25 points.
  • 5:00 PM The next target was the 25 points machine. I ran nmapautomator and told the proctor I was going to take a break. My girlfriend arrived, we chatted a little bit and I was back in the office to check the scan results. I saw some ports opened, poke around and found a way in. I had user on the 25 points in about 40 mins. I started working on the privilege escalation but I hit a brick wall. I spent an hour+/- trying to find the vector. It turns out I couldn’t find anything so I decided to start working on one of the 20 points machine. I had 37.5 points so far.
  • 8:00 PM Next, I ran nmapautomator against one of the 20 points machine. During the scan, I was still trying to find the privilege escalation on the 25 points machine but I still couldn’t figure it out… Once the scan was finished on the 20pts machine, I investigated the results and find the vulnerability. I had user really quickly. Nice! I had 47.5 points. The privilege escalation on the 20 points took me 20–25 minutes. I had 57.5 points! I decided to tackle the 10 points machine…
  • 9:00 PM Like I did previously, I ran nmapautomator against the 10 points machine. During the scan, I went back to work on privilege escalation… Still couldn’t figure it out… I went back to checked if the scan was finished on the 10 points machine and I started looking at the results. I quickly found the vector but it took me quite a while to exploit. It took me around an hour to get a shell. I know exactly why I struggled but it is what it is! I definitely learned a lot from this machine. I had 67.5 points so far! Only 2.5 points to reach the passing mark…
  • 10:30 PM At this point, I had 67.5 points. I decided to take a longer break and go play Rocket League, eat the lunch I prepared earlier and clear my mind. Maybe I’ll be able to find the privilege escalation on the 25 points machine later…
  • 12:00 AM I came back in the office to work on the exam at 12:00 am. I started working on the 25 points again. I poked around some interesting stuff but nothing was working. The time was flying, 1am…2am…3am…4am… I started to panic. I decided it was time for me to sleep. I told the proctor I was going to take a break to sleep and left everything opened. I was in bed at 4:30am, I couldn’t sleep. My brain was going 100mph. I was thinking of all the things I was going to check in the morning. I fell asleep at some point but only for 40min before hearing my girlfriend’s alarm…
  • 7:00 AM My girlfriend woke up at 7am to go to work. I got up at the same time and I took a shower, ate a small snack and went back in the office. I only had 40 mins of sleep but I was super hype to work on the exam that I felt like I slept longer. One thing I’d like to point out is that I should’ve worked on the other 20 points machine instead of focusing on the 25pts. I felt like I was so close to get the privilege escalation that I couldn’t move to the other machine before rooting the 25 points… Time passed…8am…9am…10am… and I couldn’t believe it… I FINALLY did it. I rooted the 25 pointer. I had 80 points! I was feeling really good! I realized what I was doing wrong the entire time…
  • 10:30 AM Since I had 80 points, I checked if I had all the screenshots, commands, etc. After that, it was time to work on the last machine. I ran nmapautomator against it and took another break. This is where I made a mistake. I layed down in bed and literally fell asleep for 3 hours…
  • 2:00 PM I woke up at 2:00 pm, panicking. I forgot to set an alarm. I went straight back in the office. I had only 1 hour and 45 mins left to my exam. I started poking around but I think I was too exhausted. I tried to find the vector but I wasn’t able to. I told the proctor to end the exam, it was 3:35 PM.
  • 3:45 PM End of the exam. Time to work on the report.

Exam Tips

  • Time management is key, build a schedule. Know what you’ll attack first, second…etc
  • Eat and drink plenty of water.
  • Take notes, which command failed, which one worked.
  • Read the exam goals in the exam panel and make sure the requirements are met.
  • Take breaks every 2–3 hours but it’s really up to you. You might handle longer period of hacking like myself but I tried to follow my schedule.
  • Revert the machine if you can’t find anything, start fresh. You have 24 reverts and this can be reset after your 24 revert. Use it.
  • Don’t use metasploit if you haven’t scanned all the machines. You might waste your 1 time usage. Keep it as last resort.
  • Start with the Buffer Overflow since it’s a straight forward process.
  • Don’t assume it’s not vulnerable. Test it first and confirmed after.
  • Don’t be intimidated by the easy/medium/hard rating. See it as a vulnerable machine.
  • Take more screenshots than you should. Just in case.

The Report

Got the email!

Conclusion

What’s Next?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store