Dec 26, 2020
My Journey to OSCP
This is not your typical “how I passed OSCP” blog
It somewhat is — but I wanted to dive into specific details i.e. my failures and how hacking changed my life entirely! (for the better) I feel a lot of people out there can relate to my experiences. Personally, I believe I’m a great mentor / adviser to those who have asked for guidance on their own path of becoming a penetration tester or simply wanting to get better at hacking boxes and preparing for the Offensive Security Certified Professional (OSCP) exam. I’ve been in the shoes of a complete newbie before with absolutely zero clue on what’s going on and I’ve asked people the same questions I still get asked to this day by other newbies and because of me being able to relate to them — I always go over & beyond in ensuring they’ve got the maximum help from me. I wanted to get this point across before going into the OSCP journey because I want those people who are struggling so much right now and feel clueless and hopeless in becoming a hacker that they infact CAN overcome their struggles and doubts! A lot of blogs I’ve read sort of just beat around the bush and go straight to the point of their great success of obtaining OSCP — which is fantastic but the whole point of a blogpost isn’t to flaunt your success it’s so somebody else can read it, take inspiration or find that motivation they needed to progress on their path
I’ve tried organizing as best as I could with what Medium offers to try and create subsections so you know what part of the journey you’re reading. Eventually I aim to host a website on GitHub and push this over there to make it a lot neater
Let’s finally get into this long journey of mine
Background Information
MY LIFE BEFORE HACKING
The beginning of my life taking a complete turn started on June 23rd, 2018. It was the night of my Professional Muay Thai C-class bout. From a young age, my aspirations were always to become a boxer and make my living from competing for world titles and taking the world by storm, this was kind of held back from my parents not allowing me to join a Boxing club due to health and safety reasons at around 13 years old which is seen as the golden age to start learning how to box. So, when I reached 18 years old and was starting to experience the big bad world on my own, I decided to join a club myself and didn’t take into account what my parents thought of it. From 18 to probably 20 I dedicated my entire life 24/7 to training. There was NOT a day I wasn’t doing some form of training, I just became so in love with the sport and put my studies aside and only focused on attending the gym at late evenings and doing my 5km runs everyday. Eventually, I stood out in gym from the rest and was quickly acknowledged as a “potential hot-prospect” so I was thrown into the deep-end with the top class fighters and trained with them every week. At this point I must have just started my 1st year of University, coming straight from college. For that whole year I just kept progressing at a rapid rate, learning from the best and not bothering with my University course (Cyber Security & Networks FYI), It came to a point where I didn’t attend classes and just studied for exams few days before and passing. Fast forward some more time, I finally have a fight announced for myself on June 23rd. What happens in boxing is that when a fight is announced, you typically go for a 6–8 week training camp. The camp is the hardest most painful, gruesome and severely mentally challenging thing a human being could probably take part in. Just imagine for 6–8weeks straight 7 days a week, you’re pushing your body to it’s limits with no time for breaks, dieting strictly, having constant injuries but having to use medications or sport creams to temporarily heal them, training 2x a day sometimes and still (somehow) improving every week. It’s crazy as hell but I enjoyed and loved it, even though you’re basically being bullied for 6 weeks by veterans of the sport. Anyway, the night of the fight came and long story short — I wasn’t able to perform on the night and took the loss after 5 rounds. This genuinely left me heartbroken and destroyed inside knowing I didn’t perform due to whatever reasons existed, and I took a few months off from doing any training. Another fight was booked for September but I stepped back after 2 weeks in the fight camp for that one, I needed to mentally regain myself before going at it again.
Finding Penetration Testing as a career job
THIS WAS THE TUNRING POINT OF MY LIFE, AND HOW I STUMBLED ACROSS PENTESTING
During my time off from training I decided to see where I’m at with University work because I knew I was behind from the rest of my class, everyone seemed super smart and had their brains screwed on the cyber world. I started studying about my course and finding out what jobs I could actually land with this degree. After some nights researching, I honestly cannot remember how I came across this but I found out that you can get paid to be an Ethical Hacker. This seemed to good to be true — considering the salaries were also quite high.
I spent time on YouTube and Googling about Ethical Hackers, what they do and how to become one. I spent time on Reddit r/netsec and things like that, and it was r/netsec where I seen somebody promote their Twitch channel. He was doing livestreams of teaching Pentesting by doing retired HackTheBox (HTB) machines and I immediately jumped on this bandwagon.
FUN FACT: The streamer turned out to be TheCyberMentor. He was a very small streamer at that point
TCM used to upload his 2–3 hour streams raw to his YouTube channel and because of USA and UK time zones I’d miss his streams — therefore I’d spend my nights watching those uploads on YouTube and taking notes wherever possible. The concepts he was explaining and the way he got his point across just stuck to my brain like glue, brilliant teacher. During this time period was when I spent a lot of my days researching and learning about Hacking concepts i.e. learning how to perform scanning and enumeration, what tools to use to perform scanning, what Kali Linux is and how to navigate through it.
What helped tremendously to comprehend these basic skills was Immersive Labs which I think is a Cyber Security training platform for students eligible and employees of workplaces only. Eventually, I came across certifications and I was honestly so confused on what direction to head into. I didn’t know where to point my excitement and passion — do I point it towards my Cyber Security degree and aim for a 1st class Honors, or do I pinpoint Penetration Testing and try to learn how to hack? This was my biggest dilemma! Having no one around that I knew in real-life to guide me and answer my thousands of questions was a bummer and I relied on asking folk on Twitter or browsing around Reddit forums to see if anyone else was in my position. I’m the kind of person who likes to put 110% of my focus into something instead of having multiples areas to focus on, so I really was at a brick wall for a long period.
Time went on. I continued learning from TCM, I also followed through with Andy Gills amazing blog posts over at
and was slowly realizing that my passion may actually be in Penetration Testing. Some time passes again where I’m still studying Hacking in my spare time and I was having a blast! Majority of my time was spent on YouTube watching Hackersploit and the content he was uploading was mesmerizing, I still couldn’t fathom how Penetration Testing was a legal job. Everyday I made it a goal to learn something new — even if it’s something so small, I just made it a habit to read everyday and try learn something.
Attempting Capture The Flags for practical experience
MY FIRST CTF, HOW I FACED MY FEARS AND THE RESULT OF FACING SUCH FEELING
After going through a lot of TCMs streams and adhering to his advice of self-belief and confidence, I took it upon myself to visit
and to face my fears and just give this hacking thing a try for once. The whole time I was just learning concepts but never applying it anywhere, I felt very intimidated and scared to go into this because I did not want to meet failure on my first attempt of hacking. My biggest fear in life growing up has always been failure. It sometimes makes me over-prepare and it keeps me on my toes, granted, but there’s times I let it consume me — fear and failure combined is an awful combination TRUST me. It’s equally important to understand failure can happen to anyone and at any point and to prepare for worst case scenarios, I always envisioned myself succeeding in anything but whenever the opposite occurred I almost wouldn’t know what to do with myself or how to proceed from it. A vital lesson I learned after taking that break from boxing.
So I was checking out VulnHub which is a Capture The Flag (CTF) platform of Windows/Linux images to download and run in a Virtual Machine.
(CTFs are virtualized sandboxed environments with intentionally vulnerable services for participants to exploit. The operating systems vary from Windows to Linux and sometimes other systems. It’s probably the best method to practice Hacking legally and I highly recommend them to everyone, unless you’re interested in purely Bug Bounties — perhaps take another route.)
I filtered the machines from the most easiest rated — literally I mean I properly searched for what the most easiest machine was at that point in time and it turned out to be Rickdiculously Easy: 1 which actually turned out to be so much fun! Definitely was glad I faced my fears. I actually recommend any newcomers to give this CTF a try, there’s about 13 flags I think but I was enjoying myself and I didn’t care how long I got stuck for. I didn’t end up completing it until maybe a week, even then I had to look up answers for the final 2 flags.
I stuck with VulnHub for a bit trying to get as many easy machines under my belt as possible, I may have done I think 10 VulnHub machines in total. After building a little bit more confidence in myself, I decided to go for HackTheBox. Back then, TryHackMe wasn’t around — VulnHub and HTB were the most popular CTF platforms to practice on with the latter being incredibly harder.
Making the move to Hackthebox.eu
FEELINGS AROUND HTB, PERSEVERING THROUGH THE LABS
The feeling you experience from getting your first root on a machine still applies even on your 70th root. HackTheBox turned into an addiction to me the moment I felt what it was like to finally get root and submit a flag for points, so as you can imagine I went on an absolute rampage on this site! I ended at 70 boxes completed from HTB before getting close to booking OSCP labs. Let’s discuss how I went from 1–70 and go into the highs and lows
At first, Netmon was on the “Active” boxes section and was the easiest machine thankfully at the time to root.
User flag was incredibly easy and root was trickier but I got there in the end with hints and whatnot. I thought from here onwards it’s going to be a smooth ride, so I tackled another box — Irked.
This one I remember like it was yesterday, I was super thrilled getting a user shell on this because I remember trying for so many hours and finally getting there in the end. Box #2 down and I was so stoked at the progress I was making.
The next machine was Help, and this was a pain! Definitely needed help with this one! This machine kicked my ass on another level and I remember being stuck for a full day and having to attempt the next night. I knew what was exploitable but had no idea how to pull it off, I looked around at the forums a lot and tried asking people for hints, thankfully people were nice on HTB and had no ego’s and reached out with some brilliant advice. This machine might have been the first to give me a headache.
From here onwards it truly was a mixture of going through some good times and bad. I ended up coming across Ippsec on YouTube and noticed he had walkthroughs of every retired machine. After watching a couple of his videos, it became apparent that I have tons to learn and I’m too behind. A lot of self-doubt was creeping up but I just reminded myself that I’m not in a race with anyone but myself. Take it nice and easy, continue to enjoy hacking and try take every experience as a learning curve. I also spent a lot of time on forums.hackthebox.eu on whatever box I was attempting, my reasoning apart from getting hints was to also learn from other peoples methodologies. I would occasionally private message people asking how they got user or root and I learned from their strategies — it’s important to learn how other people do certain things or think about scenarios so you too, can learn and adopt it.
At one point I checked what other machines I could go for but there wasn’t many Active Easy machines online anymore, so I was considering going for the VIP pass.
Why? Because I had a look and realized there was so many more machines to practice on with Easy ratings! For a while I didn’t buy the subscription, I thought to myself I’m not good enough. I’d be wasting £10/month on something I probably would never succeed in, I should keep reading more online and try to increase my knowledge, or I should go back to VulnHub — however this little voice in my head was the fear of failure! I thought back to what I had learned during my experiences of life so far and decided to just do it, and it was the best decision I ever made. I paid for the VIP pass and jumped right in.
Grinding out HackTheBox and ending at 70 rooted boxes
PUTTING MY ALL INTO HTB, COMING ACROSS OSCP AND THE HIGHS AND LOWS THROUGHOUT
HTB is where I honed a lot of my skills and spent majority of my days. I ended up not having much of a social life besides going out once a week and working weekends at my job, although I didn’t really notice my lifestyle was like this because I was still having a good time. To cut things short — I pretty much stuck at this for a good few months. I remember looking at ways to land a Pentesting job and I came across the Offensive Security Certified Professional (OSCP) certification and learning how it really helps you to get your foot in the door when applying for jobs. I also heard about how excruciatingly hard and mentally rough this exam was, so I decided to prepare hard for it.
My experience with HTB was something! There was often times I felt stressed out and wanting to just pull my hair out, often times I would get stuck for days and have to resort to using forums or writeups to get past a certain section, at one point I even got burned out from it all and took a 1 month break. I bashed through too many in a short amount of time, I think it was around 30 boxes where I felt this. I really needed to mentally regain myself. The times where I felt at my lowest I would simply just ignore Hacking and start gaming with my friends which is another hobby of mine, or sometimes I’d hit the gym. I just wanted to de-stress myself by any means because it’s a horrible feeling. During my low times when I would tackle Easy rated boxes I would be struggling still so much. I wouldn’t say it was anything to do with having an ego because I most certainly don’t have one — but I almost couldn’t fathom how I was getting railed by Easy machines considering I had done a good number of these already and I expected myself to be rooting any Easy rated machine myself. I’d get stuck for a full day with almost no progress and STILL have to resort to looking at hints!
A month goes by and I get back to hacking boxes after feeling more inspired. A mixture of good runs and bad runs occur— i.e. I’d have a good week or so of rooting boxes without much help and feeling happy and there’d be times where I was at a brick wall and needed hints and helps to move forward. I ended HTB with 70 rooted machines. These 70 machines were the results of endless nights up trying to root machines and going through hell!
What I realized when I reached around the box #60 was that it doesn’t matter how many boxes you’ve done — there is endless knowledge to hacking and topics to understand, it’s impossible to know it all and every lab/CTF you take part in will always have something you don’t know about. This is what Hacking truly is, it’s about learning and improvising on the spot and using Google extensively to research! It never gets easier (which is precisely what I imagined). It took me a while to finally see this and I’m glad I did. I think this is what really encouraged me to stop beating myself up when I was getting stuck on boxes, I had to just accept reality.
Oh, I also made sure to finish all of this list to get ready for my OSCP:
It’s self-explanatory to what this list is if you read the top section once you’ve clicked onto it. At this point, I was feeling quite accomplished! But I must admit — even with that quantity of boxes I still felt imposter syndrome and self-doubt
Moving to Virtual Hacking Labs for more practice
GOING TO VHL FOR MY FINAL PRACTICE BEFORE CONTEMPLATING BOOKING OSCP LABS
After finishing my time at HTB, I moved onto Virtual Hacking Labs (VHL) and bought a 1-month subscription.
VHL was my final practice arena before digging into PWK labs and I heard too many good reviews about VHL so I wanted to add this to my study plan. This was my first time in VHL and I rooted all Beginner and Advanced Labs. My thoughts on VHL was greatly positive. I absolutely loved it and honestly, here is where I perfected my methodology a lot from those labs. It differs from HTB because the exploits are pretty easy to pull off, but they throw a lot of rabbit holes your way. Multiple Content Management Systems (CMS) and multiple web-apps, loads of services and you really have to stick to your enumeration strategies to pull through. I realized I used to rush a lot during HTB, but VHL forced me to learn to take my time and go through everything, take notes mentally or in CherryTree and come back to the notes once I’ve enumerated all.
The only bad I can talk about this platform was the Privilege Escalation vectors were mostly Kernel exploits and some old systems.
At this point — I was convinced there was no other preparation I could do and that I was ready to finally face the PWK labs.
I mentioned before about how I perfected my methodology here. What I precisely meant by that was my enumeration skills starting from my initial nmap scans and how I enumerated web-apps and services. It’s so crucial to have a really good methodology flow to follow because by doing so, you avoid these rabbit holes people tend to fall into and it speeds things up — allowing you to have information on everything before thinking about looking up exploits.
Diving into Pentesting With Kali labs and booking my OSCP
I VENTURE INTO THE PWK LABS WITH 30 DAYS, MY THOUGHTS ON PWK LABS AND HOW I TACKLED THE LABS
I finished all my desired prep work at this point and was ready to go for OSCP.
Honestly, I felt under-confident and anxiety was increasing rapid! It was my friend @n7_sec that convinced me I should do 30 days of PWK as opposed to 60 and that I was ready to take down this behemoth, so 30 days I booked with the money I saved up from doing extra shifts at my part-time job.
I ended my PWK time with 30 labs rooted including Pain, Sufferance and Gh0st— I achieved this with 12 days left of lab time and decided this was enough. My schedule during lab days was:
Waking up late afternoon > Showering > Breakfast > Stuck in my room until very very late hours grinding labs > Sleep
I didn’t watch the video tutorials they sent, I didn’t go for the extra +5pts lab report nor did I spend much time reading the PDF!. I’ll admit — I spent 1 day reading the PDF but it was a fast skim and just double checking if there’s areas I’m weak on/need learning. My feelings are really mixed on PWK labs if I’m honest - It was hard sometimes but it also felt like a breeze at other times. I don’t know what I can and can’t disclose so I won’t give too much away, but I’ll say that my preparation work before PWK was tremendously worth it. I would say I wasn’t enjoying PWK labs and wasn’t a fan of it, so with 12 days remaining I went back to VHL, booked another subscription and finished all their Advanced+ labs.
I can’t give too much slander to PWK because to be honest — it did kind of tweak my methodology a bit in a good way of course. A lot of the labs were built around having solid enumeration skill because this is what OffSec heavily emphasize and try to teach.
By now, my PWK labs were over and I think I booked the exam maybe 6 days later — enough time for a mental break but also not long enough to lose that feeling of momentum and being in the zone to tackle OSCP. My mind was in the perfect place at this point, had my confidence built up exactly where I wanted it and I perfected my methodology to the standard I wished.
During the 6 day wait I didn’t want to COMPLETELY do nothing. Around this time, OffSec released a new training platform called “Proving Grounds”. You simply purchase a subscription to get access to machines picked/created by their team (or go for a Free option with different labs) and I thought this would be awesome as last minute practice.
Damn was I totally wrong… I definitely disliked the Proving Grounds! I never went back to it after the first day. It isn’t needed to prepare for OSCP I wouldn’t personally recommend adding this to your preparation.
For the next 5 days, I spent time learning Buffer Overflows. I already had experience with Stack Based buffers from a long way back so I knew 5 days was enough to cram it all in again. I prepared every day and night, worked on rooms from TryHackMe, VulnServer, TheCyberMentor ‘Buffer Overflows made Easy’ course and Tib3rius’s room in THM
I’d conclude the PWK labs with a neutral feeling towards it. My reasoning is simply down to me expecting something a little different, the labs were hard at times and also a breeze at times. I was glad to have stopped at 30 labs and move back to VHL. I believe it’s an expensive certification — but it’s from Offensive Security and is seen highly around the world so I do understand the price.
The Night of the OSCP Exam — I finally made it here
EXAM DAY HAS CAME, HOW I PREPARED TO TACKLE THE BOXES AND REPORT WRITING
30th September 2020, I have my exam booked for 7pm.
I woke up around afternoon time and had my usual shower and breakfast morning routine. Unfortunately, I had bad sleep the night before so I was feeling a bit drowsy already and totally not in the mood to go for a rigorous 24 hour exam, but there was nothing that could be done at this point so I just thought whatever, I’ll buy some energy drinks to keep me going. I live in a house with a lot of baby nieces who are really loud throughout the entire day so I informed my family to please take them to their rooms at 6pm and get them to sleep! Because I would be raging if my mental state was moved even the slightest bit, all my hard work and the rollercoaster of a journey I went through was all to see this day and I wanted it to go as perfectly as planned.
7pm finally dawned upon me and it was game time. My plan going into this was:
- Do the Buffer Overflow for +25pts
- Do the +10pts box
- Do one of the +20pts box
- Do other +20pts box
- Finish with 75/100
I planned to only go for the +25pts box as a Plan B incase the above doesn’t work out for me
My Buffer Overflow I am so glad I nailed this down perfect! I was able to do them in my sleep I practiced so hard for it — I got the Admin shell after 30 mins
The +10pts box… yeah I did not get this to go as planned. I was going at it for an hour I think until I thought about just moving on. This definitely startled me a little because things didn’t go to plan, I guess I thought I’d have it rooted by 1 hour. Good thing I moved on fast to the next target — important advice to take into consideration!
I went for one of the +20pts box and I eventually got user shell so I was super excited at this rate! I went for root for a while but no luck, I wasn’t seeing anything — decided to move on
Now I was at 35points after a few hours and I thought I’m actually doing well.
Next box was the other +20pts and I rooted that, sitting at +55pts and was over the moon now!
I went back to the +10pts box to see what I was doing wrong, a lot of trial and error, googling, patience and eventually I got this thing to work!
Now at +65pts and things were looking SO bright! I was so close to the end, I was starting to beat myself up about not handing in the lab report for the extra 5points but I stopped thinking about it because now wasn’t the time to dwell on the past, full speed ahead now!
By now, I think I was at 7 hours in maybe? I remember spending a LENGTHY amount of time for the +20pts box I couldn’t get root on. I took a good few breaks here, chilled on YouTube, had a quick snack and was feeling very very sleepy. I was desperate to get some sort of sleep. I tried my best to stay awake though because I knew once I fall asleep, I won’t be waking up till at LEAST 8 hours! I didn’t want to sleep and lose the momentum I had at this point.
I spent 3 hours trying to go for root, I knew what to do but nothing seemed to be working. I was having so many thoughts of worst-case scenario situations and was thinking back to how I was reading blogs, and people would get stuck on 65pts for the rest of the exam and not pass! I Had to keep persevering, believing in myself that I will get this rooted and to remain calm and take it easy.
A little after 3 hours and I get the ROOT! Now I’m at 75/100 with 70 being the minimum required to pass. I remember jumping off my chair with excitement and couldn’t believe what had just happened! I finally defeated this gigantic long uphill battle! All that hard work I put in truly paid off in the end
I got passing points at 10 hours in.
I spent the rest of my 14 hours of sleeping and getting all my screenshots, there was no way I was going to fail this due to missing some evidence for the report so I made sure to quadruple check everything.
A huge sense of relief followed!
Concluding with writing my Report and advice on report writing
WRITING MY REPORT, FOLLOWING A BLOG ON GOOD PRACTICES AND SUBMITTING THE OSCP EXAM
When it comes to the report writing — OffSec emphasize the importance of making it seem as professional as possible and make it like an actual real-life Pentest report.
There’s loads of templates online such as on GitHub where people have written up a template and you just kind of add your screenshots, fill in blanks and write up the procedures to replicate. OffSec also provide you with a template anyway if you wish to use theirs. Mine was just done on Microsoft Word — I didn’t use any fancy markdown.
When you guys are about to write your report, PLEASE ensure you have all screenshots required from the exam machines! Follow the exam guidelines on their website — they send you all the links you need by email before the exam anyway. It’s important you strictly follow what they consider a root compromise to be and how to read the contents of the flags and screenshot them.
Please follow it carefully because you don’t want to be failing over something like that!
If you’re struggling on understanding what a Pentest report should look like then I recommend reading this:
A blog written by Red Teamer Andy Gill on teaching beginners to write their first Pentest report. I gave this a read before I went ahead and wrote mine.
Concluding the blog, my personal advice, upcoming guideline book and a message to the reader
MY THOUGHTS ON OSCP, RECOMMENDATIONS, NEWBIES AND ADVICE FOR ALL. READ ENDING PARAGRAPHS FOR IMPORTANT INFORMATION
To finally conclude this very long blog and personal journey of mines I’ll give my thoughts on the OSCP.
I definitely respect anyone who has this cert, because going through the hell it takes to have the required skills and knowledge and mental resilience to tackle it is a hard thing to do and is by no means an easy task. I came from a very different background completely non-related to InfoSec or computing by any means, I never imagined myself becoming a Hacker as I thought it wasn’t possible unless you’re a bad guy on the dark web. I went through 16 months of constant learning and self-growing before I booked the PWK labs, and it was the most exciting times of my life! I’ll never forget the late nights.
As for the cert itself and what it means, I hold this cert high in my mind and it will be my greatest achievement for a long time, it gets your foot in the door when trying to apply for Pentesting jobs and I believe this cert in particular shows a lot about a person as opposed to other certs out there which are just question-based.
Would I recommend this cert to someone interested in Pentesting? YES!
But keep in mind it is by no means a necessity to land a job — it simply helps a lot.
For those who are newbies, I’m actually collabing with @n7_sec to create this OSCP Total Guide book thing which helps create a solid path to follow.
I believe the hardest thing when starting out is actually knowing where to point your focus, what exactly to learn and what platforms to spend your time on and to make efficient use of your time —many of us are limited by time whether it be working 5–7 days a week or having a family to take care of. I suggest giving this guide a proper look, share it with others and follow it dearly!
Since it isn’t released yet — I can give a quick rundown of what I suggest for newbies:
- Watch the entirety of this course
This is pretty much what I watched back in the days from TCM but he’s now made it into a single video/course with timestamps in description
- Give Ippsec a watch for a few boxes to have an idea of what HackTheBox is like:
- Sign up for HackTheBox
buy the VIP subscription
- Go to the Retired section of their boxes, filter from most Easiest rated and work your way up
- Make good use out of the forums https://forum.hackthebox.eu/ don’t be afraid to ask for hints or look at hints
- Enjoy this process! REMEMBER you are in a race with NOBODY but yourself.
It’s a marathon not a sprint.
Take your time, it’s a learning experience everyday even for myself and those who are much greater than me. We learn new things all the time and hacking is all about learning and staying curious!
That’s what I’d recommend for newbies. Stick with HTB rather than TryHackMe (If you’re planning for OSCP) because HTB will prepare you real good. THM without throwing it too much shade is quite beginner-friendly in the sense that they have a hinting mechanism and Q&A’s and it’s tempting to go and click it, they also sometimes give you a brief introduction before each box of what to expect — this is not the mindset you want to get into.
HTB follows a Black-box testing procedure where all you have at your disposal is an IP address and nmap! Learning things the hard way pays off in the end, trust me. My first mentee was grinding out THM labs, when I sent him to HTB on an easy rated machine he was quite stuck! He eventually managed 10 or so retired machines I think before his VIP access ended and when he was back on TryHackMe — he was sailing through all their labs. Once again, I am NOT throwing shade at THM! It’s a good place but just not the right thing if you’re looking for OSCP.
For those who are more experienced/intermediate level and nearing their OSCP, I recommend completing this list firstly before booking lab time:
Ensure you’ve done extra labs, too.
Try finish every single easy and medium rated retired box that is not on the list above.
The whole idea is to have a solid methodology, those boxes in TJNulls list is not going to make you pass your exam, it’s the quality of your enumeration skills that will. Increasing the quantity / exposure to more labs will help solidify that.
Next, I strongly recommend Virtual Hacking Labs:
https://www.virtualhackinglabs.com
Although it’s expensive — it’s worth every penny. I even bought this twice on two different occasions it was that good! Really helps you nail your methodology. Make sure you complete all Beginner, Advanced and Advanced+ labs
Finally, you can take these whenever you wish but go through these courses and make good notes on them:
https://tryhackme.com/room/bufferoverflowprep
The most common thing people fail on the exam from what I gathered with my observations of peoples blogs is Privilege Escalations. I was the opposite in that I always struggled with initial footholds but excelled with Privilege Escalations!
What helped me tons was doing a lot of HTB. Remember, I done 70 boxes before even considering PWK labs so I had a lot of exposure to different vectors of privilege escalating.
VHL and PWK labs didn’t really assist me much in that sense. A combination of HTB and studying Ippsec a LOT really helped my game. Like I say to my mentees — make Ippsec your new Netflix! Really watch and understand his methodologies and why he does certain things, what scripts he runs and how he manually checks for things.
As for which Tools I used in the exam, I didn’t really need any tool to make me pass.
This is the mindset a lot of people should get out of, I was definitely included in this. I thought if I use this tool and that tool and oh this brand new tool which is meant to aid in OSCP I’d pass — this certainly was not the case. You don’t need anything apart from your methodology and Google! Just pray your internet is working fine on the day of exam and you have a good methodology, there is no secret sauce to pass OSCP!
I can recommend tools I used during my prep days though:
- Nmap
- nikto
- smbclient
- smbmap
- searchsploit
- AutoRecon
- Ffuf
- Gobuster
- Hydra
- Burp Suite
You can see from the list above that these are all basic tools!
I think this is pretty much all there is to say in terms of the exam.
The main thing I wanted to get across in this blog is to try relate to those out there who are really struggling right now and aspire to be OSCP certified.
I understand what it is like having no one to speak to personally and throw your 100 questions at, being overwhelmed by it all and just confused on what to do.
From my background and experiences you can see I myself, went through a lot of struggles to get here and have been really down in the dumps. When you have so much passion for something and you don’t see yourself improving or seeing success it gets you down more and really takes a toll on you mentally
I took a whole 1 month away from hacking, sometimes I’d take a few weeks away from it because I was constantly seeing failure and not the progress I expected — I set high expectations and when they weren’t met, it would really get to me.
I honestly hope you guys can learn from my personal experience :D
This is my story of how I became OSCP certified.
From Boxer to OSCP
A true Zero to Hero journey!
Filled with loads of highs and lows, going through the dark times but ultimately seeing the light at the end of the tunnel
If you made it thus far, I salute you and thank you greatly for taking your time out to read this
Please share with everyone you know who is struggling right now!
I should also re-iterate the importance of methodology and taking breaks is. Once my foot is on the gas pedal there is no longer a break pedal — it took me so long to get out of this habit! It’s detrimental and can seriously cause you to take weeks or months off from hacking due to being burnt out way too fast. I urge everyone of you guys to honestly take breaks when you’re hacking. An hour away from the screen won’t do you harm, 30 mins even! You do NOT have to get root the same day you spun the box up. It’s okay to resume the next day, just ensure you’re learning from all mistakes!
For methodology, what will get you far is not the quantity of boxes you’ve rooted — 70 roots from HTB didn’t exactly make me eligible for OSCP. I could have done 30 boxes and passed. It’s the methodology that is important! Why? because your methodology gets applied on every box you do, it doesn’t change. Whatever I did for box #32, I did the same for box #40. What I did on box #70, I did the same over at VHL and PWK — granted you work with different exploits and scripts but that’s all part of methodology, being able to handle anything you’re dealing with. Learning on the spot is a skill in itself I believe and only gets better overtime the more you do it. I have written a Web-App methodology I’ve sent to a couple mentees of mine, it helps when tackling these machines and it’s whole-heartedly the exact same methodology I used. It’s not some “secret” methodology — it might even be a replica of what you already do if you’re an intermediate student. Let it serve as a Sanity-check to the intermediates and a methodology flow to follow for beginners.
“Magic is believing in yourself, if you can do that, you can make anything happen.”
