My Journey to OSCP

This is not your typical “how I passed OSCP” blog

It somewhat is — but I wanted to dive into specific details i.e. my failures and how hacking changed my life entirely! () I feel a lot of people out there can relate to my experiences. Personally, I believe I’m a great / to those who have asked for guidance on their own path of becoming a penetration tester or simply wanting to get better at hacking boxes and preparing for the Offensive Security Certified Professional () exam. I’ve been in the shoes of a complete before with absolutely zero clue on what’s going on and I’ve asked people the same questions I still get asked to this day by other newbies and because of me being able to relate to them — I go over & beyond in ensuring they’ve got the maximum help from me. I wanted to get this point across before going into the OSCP journey because I want those people who are struggling so much right now and feel clueless and hopeless in becoming a hacker that they infact overcome their struggles and doubts! A lot of blogs I’ve read sort of just beat around the bush and go straight to the point of their great success of obtaining OSCP — which is fantastic but the whole point of a blogpost isn’t to flaunt your success it’s so somebody else can read it, take or find that they needed to progress on their path

I’ve tried organizing as best as I could with what Medium offers to try and create subsections so you know what part of the journey you’re reading. Eventually I aim to host a website on GitHub and push this over there to make it a lot neater

Background Information

The beginning of my life taking a complete turn started on . It was the night of my Professional Muay Thai C-class bout. From a young age, my aspirations were always to become a and make my living from competing for world titles and taking the world by storm, this was kind of held back from my parents not allowing me to join a Boxing club due to health and safety reasons at around 13 years old which is seen as the golden age to start learning how to box. So, when I reached years old and was starting to experience the big bad world on my own, I decided to join a club myself and didn’t take into account what my parents thought of it. From 18 to probably I dedicated my entire life 24/7 to training. There was a day I wasn’t doing some form of training, I just became so in love with the sport and put my studies aside and only focused on attending the gym at late evenings and doing my 5km runs everyday. Eventually, I stood out in gym from the rest and was quickly acknowledged as a so I was thrown into the deep-end with the top class fighters and trained with them every week. At this point I must have just started my coming straight from college. For that whole year I just kept progressing at a rapid rate, learning from the best and not bothering with my University course (), It came to a point where I didn’t attend classes and just studied for exams few days before and passing. Fast forward some more time, What happens in boxing is that when a fight is announced, you typically go for a 6–8 week training camp. The camp is the most , and challenging thing a human being could probably take part in. Just imagine for 6–8weeks straight 7 days a week, you’re pushing your body to it’s limits with no time for breaks, dieting strictly, having constant injuries but having to use medications or sport creams to temporarily heal them, training 2x a day sometimes and still () improving every week. It’s crazy as hell but I enjoyed and loved it, even though you’re basically being bullied for 6 weeks by veterans of the sport. Anyway, the night of the fight came and long story short — I wasn’t able to perform on the night and took the after 5 rounds. This genuinely left me and destroyed inside knowing I didn’t perform due to whatever reasons existed, and I took a few months off from doing any training. Another fight was booked for September but I stepped back after 2 weeks in the fight camp for that one,

Finding Penetration Testing as a career job

from training I decided to see where I’m at with University work because I knew I was behind from the rest of my class, everyone seemed super smart and had their brains screwed on the cyber world. I started studying about my course and finding out what jobs I could actually land with this degree. After some nights researching, I honestly cannot remember how I came across this but I found out that you can get paid to be an . This seemed to good to be true — considering the salaries were also quite high.

I spent time on and about Ethical Hackers, what they do and how to become one. I spent time on Reddit and things like that, and it was where I seen somebody promote their Twitch channel. He was doing livestreams of teaching Pentesting by doing retired () machines and I immediately jumped on this bandwagon.

used to upload his 2–3 hour streams raw to his YouTube channel and because of USA and UK time zones I’d miss his streams — therefore I’d spend my nights watching those uploads on YouTube and possible. The concepts he was explaining and the way he got his point across just stuck to my brain like glue, . During this time period was when I spent a lot of my days researching and learning about Hacking concepts i.e. learning how to perform scanning and enumeration, what tools to use to perform scanning, what Kali Linux is and how to navigate through it.

What helped tremendously to comprehend these basic skills was which I think is a Cyber Security training platform for students eligible and employees of workplaces only. Eventually, I came across certifications and I was honestly so confused on what direction to head into— do I point it towards my Cyber Security degree and aim for a 1st class Honors, or do I pinpoint Penetration Testing and try to learn how to hack? Having no one around that I knew in real-life to guide me and answer my thousands of questions was a bummer and I relied on asking folk on Twitter or browsing around Reddit forums to see if anyone else was in my position. I’m the kind of person who likes to put of my focus into something instead of having multiples areas to focus on, so I really was at a brick wall for a long period.

. I continued learning from , I also followed through with amazing blog posts over at

and was slowly realizing that my passion may actually be in Penetration Testing. Some time passes again where I’m still studying Hacking in my spare time and I was having a blast! Majority of my time was spent on YouTube watching and the content he was uploading was mesmerizing, I still couldn’t fathom how Penetration Testing was a legal job.

Attempting Capture The Flags for practical experience

After going through a lot of streams and adhering to his advice of and I took it upon myself to visit

and to face my fears and just give this hacking thing a try for once. The whole time I was just learning concepts but never applying it anywhere, I felt very intimidated and to go into this because I did not want to meet failure on my first attempt of hacking. My biggest fear in life growing up has always been failure. It sometimes makes me over-prepare and it keeps me on my toes, granted, but there’s times I let it consume me — It’s equally important to understand failure can happen to anyone and at any point and to prepare for worst case scenarios, I always envisioned myself succeeding in anything but whenever the opposite occurred I almost wouldn’t know what to do with myself or how to proceed from it.

So I was checking out which is a Capture The Flag () platform of Windows/Linux images to download and run in a Virtual Machine.

I filtered the machines from the most easiest rated — literally I mean I properly searched for what the most easiest machine was at that point in time and it turned out to be which actually turned out to be so much fun! . I actually recommend any newcomers to give this CTF a try, there’s about 13 flags I think but I was enjoying myself and I didn’t care how long I got stuck for. I didn’t end up completing it until maybe a week, even then I had to look up answers for the final 2 flags.

I stuck with VulnHub for a bit trying to get as many easy machines under my belt as possible, I may have done I think . After building a little bit more confidence in myself, I decided to go for . Back then, wasn’t around — VulnHub and HTB were the most popular CTF platforms to practice on with the latter being incredibly harder.

Making the move to Hackthebox.eu

The feeling you experience from getting your first root on a machine . HackTheBox turned into an to me the moment I felt what it was like to finally get root and submit a flag for points, so as you can imagine I went on an absolute rampage on this site! I ended at boxes completed from before getting close to booking OSCP labs. Let’s discuss how I went from 1–70 and go into the highs and lows

At first, was on the “Active” boxes section and was the easiest machine thankfully at the time to root.

User flag was incredibly easy and root was trickier but I got there in the end with hints and whatnot. I thought from here onwards it’s going to be a smooth ride, so I tackled another box — .

This one I remember like it was yesterday, I was super thrilled getting a user shell on this because I remember and Box #2 down and I was so stoked at the progress I was making.

The next machine was , and this was a pain! This machine kicked my ass on another level and I remember being stuck for a full day and having to attempt the next night. I knew what was exploitable but had no idea how to pull it off, I looked around at the forums a lot and tried asking people for hints, thankfully people were nice on and had no ego’s and reached out with some brilliant advice. This machine might have been the first to give me a headache.

From here onwards it truly was a of going through some times and . I ended up coming across Ippsec on YouTube and noticed he had walkthroughs of every retired machine. After watching a couple of his videos, it became apparent that I have tons to learn and A lot of self-doubt was creeping up but I just reminded myself that I’m Take it nice and easy, continue to enjoy hacking and try take every experience as a learning curve. I also spent a lot of time on forums.hackthebox.eu on whatever box I was attempting, my reasoning apart from getting hints was to also learn from other peoples methodologies. I would occasionally private message people asking how they got user or root and I learned from their strategies — it’s important to learn how other people do certain things or think about scenarios so you too, can learn and adopt it.

At one point I checked what other machines I could go for but there wasn’t many Active Easy machines online anymore, so I was considering going for the pass.

? Because I had a look and realized there was so many more machines to practice on with Easy ratings! For a while I didn’t buy the subscription, I thought to myself I’d be wasting £10/month on something I probably would never succeed in, I should keep reading more online and try to increase my knowledge, or I should go back to VulnHub — however this little voice in my head was the ! I thought back to what I had learned during my experiences of life so far and decided to just , and it was the best decision I ever made. I paid for the VIP pass and jumped right in.

Grinding out HackTheBox and ending at 70 rooted boxes

is where I honed a lot of my skills and spent majority of my days. I ended up not having much of a social life besides going out once a week and working weekends at my job, although I didn’t really notice my lifestyle was like this because I was still having a good time. I pretty much stuck at this for a good few months. I remember looking at ways to land a Pentesting job and I came across the certification and learning how it really helps you to get your foot in the door when applying for jobs. I also heard about how excruciatingly hard and mentally rough this exam was,

My experience with HTB was something! There was often times I felt out and wanting to just pull my hair out, often times I would get stuck for days and have to resort to using forums or writeups to get past a certain section, I bashed through too many in a short amount of time, I think it was around boxes where I felt this. The times where I felt at my lowest I would simply just ignore Hacking and start gaming with my friends which is another hobby of mine, or sometimes I’d hit the gym. I just wanted to de-stress myself by any means because it’s a horrible feeling. During my low times when I would tackle Easy rated boxes I would be struggling still so much. I wouldn’t say it was anything to do with having an ego because I most certainly don’t have one — but I almost couldn’t fathom how I was getting railed by Easy machines considering I had done a good number of these already and I expected myself to be rooting any Easy rated machine myself. I’d get stuck for a full day with almost no progress and STILL have to resort to looking at hints!

A month goes by and I get back to hacking boxes after feeling more inspired. A mixture of runs and runs occur— i.e. I’d have a good week or so of rooting boxes without much help and feeling happy and there’d be times where I was at a brick wall and needed hints and helps to move forward.

What I realized when I reached around the box #60 was that it doesn’t matter how many boxes you’ve done — there is endless knowledge to hacking and topics to understand, it’s impossible to know it all and every lab/CTF you take part in will always have something you don’t know about. This is what Hacking truly is, it’s about learning and improvising on the spot and using Google extensively to research! It never gets easier (). It took me a while to finally see this and I’m glad I did. I think this is what really encouraged me to stop beating myself up when I was getting stuck on boxes, I had to just accept reality.

It’s self-explanatory to what this list is if you read the top section once you’ve clicked onto it. At this point, I was feeling quite accomplished!

Moving to Virtual Hacking Labs for more practice

After finishing my time at HTB, I moved onto Virtual Hacking Labs () and bought a 1-month subscription.

was my final practice arena before digging into PWK labs and I heard too many good reviews about VHL so I wanted to add this to my study plan. This was my first time in VHL and I rooted all and Labs. My thoughts on VHL was greatly positive. I absolutely loved it and honestly, here is where I perfected my methodology a lot from those labs. It from HTB because the exploits are pretty easy to pull off, Multiple Content Management Systems () and multiple web-apps, loads of services and you really have to stick to your strategies to pull through. I realized I used to a lot during HTB, but VHL forced me to learn to , take notes mentally or in CherryTree and

The only bad I can talk about this platform was the

At this point — I was convinced there was no other preparation I could do and that I was ready to finally face the PWK labs.

I mentioned before about how I perfected my methodology here. What I precisely meant by that was my enumeration skills starting from my initial nmap scans and how I enumerated web-apps and services. It’s so crucial to have a really good methodology flow to follow because by doing so, you avoid these rabbit holes people tend to fall into and it speeds things up — allowing you to have information on everything before thinking about looking up exploits.

Diving into Pentesting With Kali labs and booking my OSCP

I finished all my desired prep work at this point and was ready to go for OSCP.

Honestly, I felt and was increasing rapid! It was my friend @n7_sec that convinced me I should do of PWK as opposed to 60 and that I was ready to take down this , so 30 days I booked with the money I saved up from doing extra shifts at my part-time job.

I ended my PWK time with labs rooted including , and — I achieved this with 12 days left of lab time and decided this was . My schedule during lab days was:

> > > >

I didn’t watch the video tutorials they sent, I didn’t go for the extra +5pts lab report nor did I spend much time reading the PDF!. I’ll admit — I spent reading the PDF but it was a fast skim and just double checking if there’s areas I’m weak on/need learning. My feelings are on PWK labs if I’m honest - It was hard sometimes but it also felt like a breeze at other times., but I’ll say that my preparation work before PWK was tremendously worth it. I would say , so with 12 days remaining I went back to , booked another subscription and finished all their labs.

I can’t give too much slander to PWK because to be honest — it did kind of tweak my methodology a bit in a good way of course. A lot of the labs were built around having skill because this is what OffSec heavily emphasize and try to teach.

By now, my PWK labs were over and I think I booked the exam maybe 6 days later — enough time for a mental break but also not long enough to lose that feeling of momentum and being in the zone to tackle OSCP. My mind was in the place at this point, had my confidence built up exactly where I wanted it and I perfected my methodology to the standard I wished.

During the 6 day wait I didn’t want to do nothing. Around this time, OffSec released a new training platform called “”. (or go for a Free option with different labs) and I thought this would be awesome as last minute practice.

Damn was I totally wrong… I definitely the Proving Grounds! It isn’t needed to prepare for OSCP I wouldn’t personally recommend adding this to your preparation.

, I spent time learning . I already had experience with Stack Based buffers from a long way back so I knew 5 days was enough to cram it all in again. I prepared every day and night, worked on rooms from TryHackMe, VulnServer, TheCyberMentor ‘Buffer Overflows made Easy’ course and Tib3rius’s room in THM

I’d conclude the PWK labs with a neutral feeling towards it. My reasoning is simply down to me expecting something a little different, the labs were hard at times and also a breeze at times. I was glad to have stopped at 30 labs and move back to VHL. I believe it’s an expensive certification — but it’s from Offensive Security and is seen highly around the world so I do understand the price.

The Night of the OSCP Exam — I finally made it here

, I have my exam booked for 7pm.

I woke up around afternoon time and had my usual shower and breakfast morning routine. Unfortunately, I had bad sleep the night before so I was feeling a bit drowsy already and totally not in the mood to go for a exam, but there was nothing that could be done at this point so I just thought whatever, I’ll buy some energy drinks to keep me going. I live in a house with a lot of baby nieces who are throughout the entire day so I informed my family to take them to their rooms at 6pm and get them to ! Because I would be raging if my mental state was moved even the slightest bit, all my hard work and the rollercoaster of a journey I went through was all to see this day and I wanted it to go as

  • Do the Buffer Overflow for +25pts
  • Do the +10pts box
  • Do one of the +20pts box
  • Do other +20pts box

My Buffer Overflow I am so glad I nailed this down perfect! I was able to do them in my sleep I practiced

The +10pts box… yeah I did get this to go as planned. I was going at it for an I think until I thought about just moving on. This definitely me a little because things didn’t go to plan, I guess I thought I’d have it rooted by 1 hour. Good thing I moved on fast to the next target —

I went for one of the +20pts box and I eventually got user shell so I was at this rate! I went for root for a while but no luck, I wasn’t seeing anything —

Next box was the other +20pts and I rooted that, sitting at +55pts and was over the moon now!

I went back to the +10pts box to see what I was doing wrong, a lot of and and I got this thing to work!

Now at +65pts and things were looking SO bright! , I was starting to beat myself up about not handing in the lab report for the extra 5points but I stopped thinking about it because now wasn’t the time to dwell on the past,

By now, I think I was at 7 hours in maybe? I remember spending a amount of time for the +20pts box I couldn’t get root on. I took a good here, chilled on YouTube, had a quick snack and was feeling very very sleepy. I was desperate to get some sort of sleep. I tried my best to stay awake though because I knew once I fall asleep, I won’t be waking up till at 8 hours!

I spent 3 hours trying to go for root, I knew what to do but nothing seemed to be working. I was having so many thoughts of situations and was thinking back to how I was reading blogs, and people would get stuck on 65pts for the rest of the exam and pass! I Had to keep , believing in myself that I will get this rooted and to remain and take it .

A little after 3 hours and I get the ! with 70 being the minimum required to pass. I remember jumping off my chair with and couldn’t believe what had just happened! I finally defeated this gigantic long uphill battle! All that hard work I put in truly paid off in the end

I spent the rest of my 14 hours of and getting all my , there was no way I was going to fail this due to missing some evidence for the report so I made sure to check everything.

A huge sense of relief followed!

Concluding with writing my Report and advice on report writing

When it comes to the report writing — OffSec the of making it seem as as possible and make it like an actual real-life report.

There’s loads of templates online such as on GitHub where people have written up a template and you just kind of add your screenshots, fill in blanks and write up the procedures to replicate. . Mine was just done on I didn’t use any fancy markdown.

When you guys are about to write your report, ensure you have required from the exam machines! Follow the exam guidelines on their website — they send you all the links you need by email before the exam anyway. It’s you follow what they consider a to be and how to the contents of the and them.

If you’re struggling on understanding what a Pentest report should look like then I recommend reading this:

A blog written by on teaching beginners to write their first Pentest report. I gave this a read before I went ahead and wrote mine.

Concluding the blog, my personal advice, upcoming guideline book and a message to the reader

To finally conclude this very long blog and personal journey of mines I’ll give my thoughts on the OSCP.

, because going through the hell it takes to have the required skills and knowledge and mental resilience to tackle it is a thing to do and is by . I came from a very different background completely non-related to InfoSec or computing by any means, I never imagined myself becoming a Hacker as I thought it wasn’t possible unless you’re a bad guy on the dark web. I went through 16 months of constant learning and self-growing before I booked the PWK labs, and it was the most exciting times of my life! I’ll never forget the late nights.

As for the cert itself and what it means, I hold this cert high in my mind and it will be my , it gets your foot in the door when trying to apply for Pentesting jobs and I believe this cert in particular shows a lot about a person as opposed to other certs out there which are just question-based.

Would I recommend this cert to someone interested in Pentesting? !

But keep in mind it is by to land a job — it simply helps a lot.

For those who are newbies, I’m actually collabing with @n7_sec to create this book thing which helps create a solid path to follow.

I believe the when starting out is actually knowing where to point your focus, what exactly to learn and what platforms to spend your time on and to make use of your time —many of us are whether it be working 5–7 days a week or having a family to take care of. I suggest giving this guide a proper look, share it with others and follow it dearly!

  • Watch the entirety of this course

This is pretty much what I watched back in the days from but he’s now made it into a video/course with timestamps in

  • Give Ippsec a watch for a few boxes to have an idea of what HackTheBox is like:
  • Sign up for HackTheBox

buy the VIP subscription

  • Go to the Retired section of their boxes, filter from rated and work your way up
  • Make good use out of the forums https://forum.hackthebox.eu/
  • Enjoy this process! you are in a race with but .

Take your time, it’s a learning experience everyday even for myself and those who are much greater than me. We learn new things all the time and hacking is all about learning and staying curious!

That’s what I’d recommend for newbies. Stick with rather than (If you’re planning for OSCP) because HTB will prepare you real good. without throwing it too much shade is quite beginner-friendly in the sense that they have a hinting mechanism and Q&A’s and it’s to go and click it, they also sometimes give you a brief introduction before each box of what to expect — .

HTB follows atesting procedure where all you have at your disposal is an and ! Learning things the hard way pays off in the end, trust me. My first mentee was grinding out THM labs, when I sent him to HTB on an easy rated machine he was quite stuck! He eventually managed 10 or so retired machines I think before his access ended and when he was back on TryHackMe — . Once again, I am NOT throwing shade at THM! It’s a good place but just not the right thing if you’re looking for OSCP.

Ensure you’ve done extra labs, too.

Try finish that is not on the list above.

The whole idea is to have a , those boxes in list is not going to make you pass your exam, it’s the of your skills that will.

Next, I strongly recommend Virtual Hacking Labs:

Although it’s expensive — it’s worth every penny. I even bought this on two different occasions it was that good! Really helps you nail your . Make sure you complete all , and labs

Finally, you can take these whenever you wish but go through these courses and make good notes on them:

https://tryhackme.com/room/bufferoverflowprep

The most common thing people fail on the exam from what I gathered with my observations of peoples blogs is . I was the opposite in that I always with initial footholds but excelled with Privilege Escalations!

What helped me tons was doing a lot of HTB. Remember, I done before even considering PWK labs so I had a lot of to different of privilege escalating.

VHL and PWK labs didn’t really assist me much in that sense. A of studying a really helped my game. Like I say to my mentees — make Ippsec your new Netflix! Really watch and understand his methodologies and why he does certain things, what scripts he runs and how he manually checks for things.

As for which I used in the exam, I didn’t really need any tool to make me pass.

, I was definitely included in this. I thought if I use this tool and that tool and oh this brand new tool which is meant to aid in OSCP I’d pass — this certainly was not the case. You don’t need anything apart from your and ! Just pray your internet is working fine on the day of exam and you have a good methodology,

  • Nmap
  • nikto
  • smbclient
  • smbmap
  • searchsploit
  • AutoRecon
  • Ffuf
  • Gobuster
  • Hydra
  • Burp Suite

I think this is pretty much all there is to say in terms of the exam.

The main thing I wanted to get across in this blog is to try relate to those out there who are really right now and

I understand what it is like having no one to speak to personally and throw your 100 questions at, being overwhelmed by it all and just on what to do.

, went through a lot of struggles to get here and have been really down in the dumps. When you have so much passion for something and you don’t see yourself improving or seeing success it gets you down more and really takes a toll on you mentally

, sometimes I’d take a few weeks away from it because I was constantly seeing and not the progress I expected — I set high expectations and when they weren’t met, it would get to me.

I honestly hope you guys can learn from my personal experience :D

.

From Boxer to OSCP

A true Zero to Hero journey!

Filled with loads of highs and lows, going through the times but ultimately seeing the

If you made it thus far, I salute you and thank you greatly for taking your time out to read this

I should also re-iterate the importance of and is. Once my foot is on the gas pedal there is no longer a break pedal — it took me so long to get out of this habit! It’s detrimental and can seriously cause you to take weeks or months off from hacking due to being burnt out way too fast. I urge everyone of you guys to honestly take breaks when you’re hacking. An hour away from the screen won’t do you harm, 30 mins even! You do NOT have to get root the same day you spun the box up. It’s okay to resume the next day, just ensure you’re learning from all mistakes!

For , what will get you far is not the quantity of boxes you’ve rooted — 70 roots from HTB didn’t exactly make me eligible for OSCP. I could have done 30 boxes and passed. It’s the methodology that is important! Why? because your methodology gets applied on every box you do, it doesn’t change. Whatever I did for box #32, I did the same for box #40. What I did on box #70, I did the same over at VHL and PWK — granted you work with different exploits and scripts but that’s all part of methodology, being able to handle anything you’re dealing with. Learning on the spot is a skill in itself I believe and only gets better overtime the more you do it. I have written a Web-App methodology I’ve sent to a couple mentees of mine, it helps when tackling these machines and it’s whole-heartedly the exact same methodology I used. It’s some “” methodology — it might even be a replica of what you already do if you’re an . Let it serve as a Sanity-check to the intermediates and a methodology flow to follow for beginners.

“Magic is believing in yourself, if you can do that, you can make anything happen.”

--

--

Penetration Tester ~ OSCP CPSA CRT~

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store