I passed OSCP!

Following on from my post a few months ago, I took the OSCP exam about a week ago and passed first time! It’s a great course, and the training materials cover most of what is required to pass the exam, but I found that I for some subjects I ended up turning to the web for more examples and to get a deeper understanding of some of the subjects.

My main challenges were:

Finding time to actually do the course

I initially signed up for 60 days of lab access on 16th July 2017 and used that time to go through the training materials and practice in the labs. About 14 of days of those were spent on holiday or away from home for some other reason. Also some days after work I was too mentally tired to do the course when I got home, and other days I felt that my wife deserved some of my time, so I really struggled to get a decent amount of time logged in the labs. I took a week off work to get more time devoted to the labs and then I was able to get the most of the course exercises completed, but I hadn’t pwned many lab systems by the time my 60 days were up. After practicing outside the labs (vulnhub and hackthebox), I bought another 30 days of lab time, starting 23rd December, because I had a few days off work around Christmas and the New year, and I also took a day or two off work near then end of January. This time I managed to finish the course exercises and hack into more than the 10 systems that are required to get the 5 bonus points for the exam but I didn’t feel I was ready for the exam so I did more practice outside the labs again.

Finding vulnerabilities:

I found it took me a long time to find a way into the vulnerable systems in the labs – longer than what a lot of people were saying it took them in the forums. That was frustrating, but the only real solution to that was to practice and that’s really what the labs are for. I also used vulnhub and hackthebox for practice.

Getting remote shells

Even when I had remote command execution on some systems, it took me ages to get a remote shell. Often the systems didn’t have nc installed, or even bash, and other times characters like “>” or “|” were stripped so I had to find very creative ways of getting remote shells.

Reporting

I didn’t take many screenshots while doing the course materials, just basic textual notes, and when it came to writing the report, I found that I had to work through all the exercises again to get all the info required to write them up and also re-pwn the machines that I had already pwned, and this wasted a lot of time. I should have written the report as I went through, or all least keep the report up to date with what I had done every week or so.

The Exam

I knew that an exam sitting is included in every purchase of lab time and I clearly wasn’t ready after the first 60 days of lab access expired, so I never booked that exam. After the 30 days of extra lab time I still didn’t feel ready but I decided I might as well book the exam, and if I failed I hadn’t lost anything and hopefully I would get an idea of what the exam would be like and what I needed to focus my practice time on. I think that mindset actually helped, since I wasn’t feeling very stressed in the buildup to the exam. I started out pretty slowly, and after about 14.5 hours with only 35 points out of the 70 required to pass the exam I went to bed, fairly sure I was going to fail. I woke up 5 hours later and went back to work, then suddenly started making progress. Those 35 remaining points were in sight, but now I was running out of time! These final few hours were pretty stressful since I was so close, but I felt it was just out of my grasp. After 23 hours and 15 minutes, with 30 minutes to spare, I got a root shell on the last machine that I needed, giving me (I think) 75 points. The whole of the day following the exam was spent writing up the report for the exam and polishing the lab report in case I needed those 5 extra bonus points. By the time I submitted the report, by brain was done. My wife suggested we get some food and a drink to celebrate ate a nearby pub, which I was happy to do, but I was not good company because I was so tired. I think she had a better conversation with the dog than with me, that evening.

I’ve signed up to the Penetration testing with Kali Linux Course (OSCP)

Last week I signed up for the PWK course from Offensive Security starting in mid June with the intentions of getting the OSCP certification. I booked 60 days of lab access; I hope that’s enough, but if I don’t manage to find enough free time in those 60 days, I should be able to book some time off work towards the end. Failing that, I can always buy more time in the labs if I really need it.

I’m interested to see how I’ll handle the 24 hour exam at the end. Sounds like a fun challenge, which I suppose if what the whole point is (as well as proving skills).

In the weeks before that course starts, I’m working my way through the Metasploit Unleashed course, also by Offensive Security. Looks like a great tool, from what I’ve learned about it so far.