Thursday, February 19, 2015

My OSCP Story..

i would like to share some of my OSCP experiences.

Why OSCP?

I came to know about this certification through community friends, as the certification is completely hands on, challenging, lots of learning etc.. Every one say its tough and you need to be committed till the course completion. i like complicated stuff so thought of giving a try and registered for the OSCP in October 2014.

i tough would require more time to manage work load and practicing OSCP. So i have opted for 90 days. On an average i spent 2-3 hours every day for practice.

"Anything of too much is not good". Later thought 60 days are best fit for me.


LAB experience:

On my first day, i got PWK videos and complete access to the lab environment. Now the big question comes how to proceed? Do i need to start working on labs or do i need to go through the materials provided?

After going through many reviews, i decided to watch the videos and then practicing lab exercises. In the mean time i dont want to waste the lab time as well. so used the reconscripts provided by securitysift, just made few customization's and kept full port scan on network.

On the other side, i want to jump into the lab environment and want to pop up few machines. Done that in the middle of the videos, then popped up few machines and if i don't find any clue than i gain will be coming back to the videos. I referred back to videos many times, also maintained a notes of the required commands reference links saved lots of time.

The best way to start the course is to go through the videos and lab exercises first, it will show the way to  attack lab systems.

Two weeks gone and i have got root/system access on 4 systems and other systems with partial access. Jumping form one system to other system without results killed my time. Later completely started focusing on one system at at time..than the systems started to fall. Overall i was able to compromise around 35 systems with full access and rest systems with partial access.

There were hard times where the known techniques doesn't work, unable to find the right path. All i did was took a break and again get back to work. Some times simple and silly techniques works. :).

Best places to look out for help: IRC, Forums, Blogs.


Exam Experience:

I booked my exam slot a week after my lab session, want to make sure i don't miss the pace. Kept all the notes ready, compiled exploits etc.

On the day of exam: Just 15 minutes before my exam internet connection got disconnected. Then i realized i haven't kept a backup for internet connection immediately ran to my friend's place. I was waiting for my exam-kit for 20 minutes, later contacted admin. At last found my exam kit in spam box.

Before starting exam i have decided to work on linux systems first and later on windows boxes.

Connected to lab network,started by scanning top ports and later scanning complete network. I was able to pop up 2 machines in 5 hours and another 2 machines a hour before session expiring. Had some sleep and again completed my reporting in another 8 hours.

After 2 days, early morning i got a congratulations mail.

Hurraayyyy....!!! finally now i am an OSCP Certified. Overall it was a great experience and a worth certificate.

I Tried Harder...


Tips:

1. "Enumeration is key" keep on enumerating till you find the right path.

2. For one time keep focused on one machine.

3. start your attacks with lab exercises.

4. Keep documenting up to date.

5. Keep backup's of notes, OS, lab connection file, pwk videos and a spare network connection during exam.

6. for any help get on to IRC. Offsec admins are ready to help you all the time.

7. Try Harder... The famous offsec quote.


Thanks to all the guys who helped me in learning the stuff :) (Offsec IRC Admins, Friends, Colleagues etc. )


References:

Reconscripts:
http://www.securitysift.com/download/recon_scan.zip

Securitysift for tips, checklists and recon scripts:
http://www.securitysift.com/offsec-pwb-oscp/

g0tmilk for Tips,Privilege escalation Techniques etc.:
https://blog.g0tmi1k.com/2011/07/pentesting-with-backtrack-pwb/
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

Fuzzysecurity for detailed tutorials:
http://www.fuzzysecurity.com/tutorials.html

Different Techniques:
http://carnal0wnage.attackresearch.com/

For handy notes and compiled exploits:
https://sathisharthars.wordpress.com/2015/01/28/oscp-offensive-security-certified-professional-handy-tips-and-tricks/

Pentestmonkey for reverse shells & SQL Injection techniques:
http://pentestmonkey.net/