{"id":11,"date":"2021-02-10T09:38:26","date_gmt":"2021-02-10T09:38:26","guid":{"rendered":"https:\/\/areyou1or0.it\/?p=11"},"modified":"2021-02-10T09:48:20","modified_gmt":"2021-02-10T09:48:20","slug":"finally-oscp-may-the-force-be-with-you","status":"publish","type":"post","link":"https:\/\/areyou1or0.it\/index.php\/2021\/02\/10\/finally-oscp-may-the-force-be-with-you\/","title":{"rendered":"Finally OSCP &#8211; May the force be with you!"},"content":{"rendered":"\n<p>Since I&#8217;ve passed my OSCP exam last week in my 1st attempt, I thought it&#8217;d good to share my experiences and help others who ask for a roadmap. I&#8217;ll try to include as many resources as I can:<\/p>\n\n\n\n<h2>My Background:<\/h2>\n\n\n\n<p>I&#8217;ve worked as a web pentester for one year. Then I&#8217;ve decided to learn other areas of Security also, so started to work on a large company as a Security Analyst. Basically, I&#8217;m working on Defensive Security in daylight, studying on Offensive Security stuff at nights. (Sleep? Who needs it \ud83d\ude1b )<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/6KXQB5Eu2xkmLRvHrFNnUm0sQs5NIOUm7zYbqhg5ox9tm-JKT3E2j_2XZ_do9Sjs-JLCuKDPNHTa5nWAuR9TOEf9EdQAXujCkECq7vRgQmdDOgqMgQd3113aKXjsRwRAX0Vu_UOl\" alt=\"\"\/><\/figure>\n\n\n\n<h2>How To Decide to Take OSCP:<\/h2>\n\n\n\n<p>I already got my CEH certificate when I start working as a pentester, but it never satisfied me since there is not much hands-on skills requirement to pass CEH. I wanted to show the world that I can think out of the box and has gift to see and exploit vulnerabilities. So I&#8217;ve decided to take OSCP.<\/p>\n\n\n\n<h2>OSCP Journey:<\/h2>\n\n\n\n<p>I&#8217;ve started my journey on May 2018. I&#8217;ve planned the things to do for each month and followed my plan almost 100%.I&#8217;ve studied on Linux, Enumeration basics, Metasploit during May and June 2018Since I was intimidated by Buffer Overflow, I&#8217;ve decided to learn as much as I can on the subject before the lab. I&#8217;ve written an academic paper on Buffer Overflow and had a basic understanding on the topic. That took 2 months of me (July, August 2018) (I&#8217;ll provide the paper on my blog and LinkedIn later)<\/p>\n\n\n\n<h2>Vulnhub Machines:<\/h2>\n\n\n\n<p>I&#8217;ve solved many vulnerable machines from Vulnhub before the lab. (September, October, November &#8211; [first 10 days]) I&#8217;ve shared some of the walkthroughs on my blog already. But basically, I&#8217;ve pwned the followings: <\/p>\n\n\n\n<p><strong>OSCP Similar<\/strong>:<\/p>\n\n\n\n<ul><li>Kioptrix: Level 1 (#1)<\/li><li>Kioptrix: Level 1.1 (#2)<\/li><li>Kioptrix: Level 1.2 (#3)<\/li><li>Kioptrix: Level 1.3 (#4)<\/li><li>Kioptrix: 2014<\/li><li>FristiLeaks 1.3<\/li><li>Stapler 1<\/li><li>VulnOS 2<\/li><li>SickOs 1.2<\/li><li>Brainpan 1<\/li><li>HackLAB: Vulnix<\/li><li>\/dev\/random: scream<\/li><li>pWnOS 2.0<\/li><li>SkyTower 1<\/li><li>Mr-Robot 1<\/li><li>PwnLab<\/li><li>Metasploitable 1-2<\/li><li>Lin.Security<\/li><li>Temple of Doom<\/li><li>IMF<\/li><li>Moria<\/li><li>Tommy Boy<\/li><li>Wallaby&#8217;s Nightmare<\/li><li>Billy Madison<\/li><li>Tr0ll1<\/li><li>Tr0ll2<\/li><li>Exploit ExercisesProtostar<\/li><li>Nebula<\/li><\/ul>\n\n\n\n<h2>OSCP Lab (November 11 &#8211; January 10)<\/h2>\n\n\n\n<p>That was the most beautiful times of my life. I found myself in a pool that I have lots of satisfaction, pain, sufferance,and love \ud83d\ude00 I was crazy before the lab, and now my craziness have a meaning. \ud83d\ude42<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/LshDXnvk-CDuNyX7x6EvtINTD1d1RrwZKwX9fGnVYhOeOPhqjlG-rn1JbSNPxisJnNCsTYStkmOtar8m561b58cxIWHw8odksVzqIQ2SAn8wJyRauehVN6lpf-FCVSmbgzWIFNiu\" alt=\"\"\/><\/figure>\n\n\n\n<p>I&#8217;ve chosen 60 days options for the lab.I&#8217;ve solved 40 machines on lab, including Pain machine and completed all the exercises.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/LucW7gGJH5ticMnFEc1Gg2Vqta9HP31nM1p7z4JoCiZUC7fAFYCvGbOuoLs9aG6KAt0RP2MwQLyl_eFh8jKa2DqWpCi6aw4Tvvd3hNa9S6Y3CtKSafiqb9-u100sGy-rRTxRJvHM\" alt=\"\"\/><\/figure>\n\n\n\n<p>The total hours I&#8217;ve spent are as below:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>OSCP<\/td><td>S<\/td><td>M<\/td><td>T<\/td><td class=\"has-text-align-left\" data-align=\"left\">W<\/td><td>T<\/td><td>F<\/td><td>St<\/td><td>Weekly Hours<\/td><td>Total Hours<\/td><\/tr><tr><td>11.11-17.11<\/td><td>11<\/td><td>2.5<\/td><td>2.5<\/td><td class=\"has-text-align-left\" data-align=\"left\">2.5<\/td><td>4<\/td><td>3.5<\/td><td>8.5<\/td><td>34.5<\/td><td>34.5<\/td><\/tr><tr><td>18.11-24.11<\/td><td>7<\/td><td>3.5<\/td><td>3<\/td><td class=\"has-text-align-left\" data-align=\"left\">2.5<\/td><td>6<\/td><td>3<\/td><td>7<\/td><td>32<\/td><td>66.5<\/td><\/tr><tr><td>25.11-1.12<\/td><td>6.5<\/td><td>2<\/td><td>2<\/td><td class=\"has-text-align-left\" data-align=\"left\">2<\/td><td>2<\/td><td>2.5<\/td><td>7.5<\/td><td>24.5<\/td><td>91<\/td><\/tr><tr><td>2.12-8.12<\/td><td>5<\/td><td>2<\/td><td>2.5<\/td><td class=\"has-text-align-left\" data-align=\"left\">2.5<\/td><td>4<\/td><td>2<\/td><td>7.5<\/td><td>25.5<\/td><td>116.5<\/td><\/tr><tr><td>9.12-15.12<\/td><td>5<\/td><td>5<\/td><td>3<\/td><td class=\"has-text-align-left\" data-align=\"left\">3<\/td><td>3<\/td><td>2<\/td><td>8<\/td><td>29<\/td><td>145.5<\/td><\/tr><tr><td>16.12-22.12<\/td><td>3<\/td><td>2.5<\/td><td>2.5<\/td><td class=\"has-text-align-left\" data-align=\"left\">2.5<\/td><td>2.5<\/td><td>2<\/td><td>8<\/td><td>23<\/td><td>168.5<\/td><\/tr><tr><td>23.12-29.12<\/td><td>7<\/td><td>3<\/td><td>3<\/td><td class=\"has-text-align-left\" data-align=\"left\">0.5<\/td><td>2.5<\/td><td>3<\/td><td>8<\/td><td>27<\/td><td>195.5<\/td><\/tr><tr><td>30.12-05.01<\/td><td>5<\/td><td>7<\/td><td>3<\/td><td class=\"has-text-align-left\" data-align=\"left\">3<\/td><td>3.5<\/td><td>3<\/td><td>10<\/td><td>34.5<\/td><td>230<\/td><\/tr><tr><td>06.01-10.01<\/td><td>8.5<\/td><td>3.5<\/td><td>4.5<\/td><td class=\"has-text-align-left\" data-align=\"left\">4.5<\/td><td><\/td><td><\/td><td><\/td><td>21<\/td><td>251<\/td><\/tr><tr><td>13.01-19.01<\/td><td><\/td><td><\/td><td>15.01 Exam<\/td><td class=\"has-text-align-left\" data-align=\"left\"><\/td><td><\/td><td><\/td><td><\/td><td><\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>In the last 15 days, I decided that I&#8217;ll use my time to pwn every single machine I&#8217;ve pwned before one more time so that I can be sure of the skills I&#8217;ve earned so far. And I&#8217;ve pwned 40 machines again in the last 15 days.<\/p>\n\n\n\n<h2>Exam Date:<\/h2>\n\n\n\n<p>I&#8217;ve scheduled my exam as 5 days after my lab time finished. I didn&#8217;t wanna get rusty with having a long break between lab and the exam.<\/p>\n\n\n\n<h2>Exam:<\/h2>\n\n\n\n<p>One needs 70 points to pass the exam.I&#8217;ve had a good, relaxing sleep before the exam. I&#8217;ve scheduled it to 04.00 am, 15th of January. This way, I&#8217;ve dealt with nasty parts of the exam before other human beings wake up to the new day.I&#8217;ve started with 25 points Buffer Overflow machine and pwn the machine in the first 1 hour. I&#8217;ve taken all screenshots and write a pseudo-report for the first machine on OneNote. So that I felt safe and continue as below: <\/p>\n\n\n\n<ul><li>25 points Buffer Overflow &#8211; 04.00-05.00<\/li><li>All scans + Enumerations for the 4 boxes &#8211; 05.00-06.00<\/li><li>20 points Low Shell &#8211; 06.00 \u00a0&#8211; 07.00<\/li><li>25 points Low Shell &#8211; 07.00 &#8211; 08.00<\/li><li>25 points PrivEsc &#8211; 08.00 &#8211; 15.30<\/li><li>20 points Privesc &#8211; 15.30 &#8211; 17.30 <\/li><\/ul>\n\n\n\n<p>So I had enough points after approximately 13 hours. I took only bathroom breaks, didn&#8217;t have lunch :\/, and drunk 2.5 liters of Coke Zero. I didn&#8217;t die, so that strategy worked on me. But it depends on the person and the habits. I generally lose track of time when I study and I can handle non-stop studying for hours normally, so it didn&#8217;t kill me for studying 13 hours non-stop. After that, I knew that I&#8217;ve passed the exam with 70 points, (I&#8217;ve also written the lab report for bonus of 5 points in case I screw on the exam and need 5 more points) and also written the exam report for the other 5 bonus points (if you write your exam report in the first 24 hours, offsec gives +5 bonus points.)<\/p>\n\n\n\n<h2>Results:<\/h2>\n\n\n\n<p>After 2 days , I&#8217;ve got the most beautiful e-mail of my life:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/g1OB3fmiN3ZXHvxfT6PZw3S6ZAfPrGuvtAu17jd0rf6KW6xDw3_1wUSfgnbB8fLet6P0PSPEzQkMg1ngBUkLF8MqyEOlZmjMaSJ7k-RUrHFPPFzxZ8kGic0ctYrw_sANJHw8fhq2\" alt=\"\"\/><\/figure>\n\n\n\n<p>OSCP is a great journey for one to discover himself\/herself. You&#8217;ll realize your skills, your patience and definitely your boundaries. If you dedicate yourself to the success, you&#8217;ll get it in the end no matter how painful it will be. You become an OSCP in the end, I think anything is worthy on that road!As a strong, independent woman working in this industry, I found a new beautiful, strong and badass self in me during my OSCP journey. I definitely suggest you to take OSCP if you get thrilled like me when you see the following:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/6oSrlwmYdYgPD2UmKxDHNMx4y4Wpiy_t2ebE4wWhNMi2ls4ZCjwPN-itMAvPOqbxp5TUlbVFKUuDhGqr9Hjw9Q0-RUXHJlTqRYjWQbs8Ugf7xNLCLf9uvcxHLyxAC7ujCQNrQrDE\" alt=\"\"\/><\/figure>\n\n\n\n<p>or this \ud83d\ude42<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/NNIlSluEQaSZkxzsz89jx9MW6mH3adUFkwCjLDk7OHn60qnve-MaKaXAxLGzUjrPpwJiUsfqgluWQ0TSjCxkPUZXpbFSKHR31u1gWvAlVxxK9T51kwK_-sTgcZsLtQElpRi1w4BF\" alt=\"\"\/><\/figure>\n\n\n\n<h2>Most Important Notes:<\/h2>\n\n\n\n<ul><li>Ace your Buffer Overflow skills. Do the buffer overflow exercises on the book and make sure you can apply all the steps needed.<\/li><li>Privilege Escalation is one of the most important parts I think. I&#8217;ve always forced myself to do privilege escalations manually (especially on Windows)<\/li><li>Use Terminator, thank me later \ud83d\ude42<\/li><li>Don&#8217;t give up! Ever!<\/li><\/ul>\n\n\n\n<p>Thank you Offensive Security! See you on my next certification &#8211; OSWP and then all the others you provide \ud83d\ude42<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/Kcp3Wq6kC9ivOvlhh-RjKWIUjBm79w1eostSVI_EG9EO5islpLnEJaWYEIXtts6V1Tmlqqult1zwIe1j3pGqZTrpuNQQS8S3SNaATcmiWEwLf-325G9naRbL1gusEQZIckZrYWPu\" alt=\"\"\/><\/figure><\/div>\n\n\n\n<h2>Most used resources during the lab:<\/h2>\n\n\n\n<p><strong>Privilege Escalation:<\/strong><\/p>\n\n\n\n<p><a href=\"#\">http:\/\/www.fuzzysecurity.com\/tutorials\/16.html<\/a><\/p>\n\n\n\n<p><a href=\"#\">https:\/\/blog.g0tmi1k.com\/2011\/08\/basic-linux-privilege-escalation\/<\/a> <\/p>\n\n\n\n<p><strong>Reverse Shell:<\/strong><\/p>\n\n\n\n<p><a href=\"#\">http:\/\/pentestmonkey.net\/cheat-sheet\/shells\/reverse-shell-cheat-sheet<\/a><\/p>\n\n\n\n<h2>My own resources I&#8217;ve used during the exam:<\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/areyou1or0\/OSCP\">https:\/\/github.com\/areyou1or0\/OSCP<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since I&#8217;ve passed my OSCP exam last week in my 1st attempt, I thought it&#8217;d good to share my experiences and help others who ask for a roadmap. I&#8217;ll try to include as many resources as I can: My Background: I&#8217;ve worked as a web pentester for one year. Then I&#8217;ve decided to learn other&hellip; <a class=\"more-link\" href=\"https:\/\/areyou1or0.it\/index.php\/2021\/02\/10\/finally-oscp-may-the-force-be-with-you\/\">Continue reading <span class=\"screen-reader-text\">Finally OSCP &#8211; May the force be with you!<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[16],"tags":[],"_links":{"self":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/11"}],"collection":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":1,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"predecessor-version":[{"id":13,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/11\/revisions\/13"}],"wp:attachment":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/tags?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}