Cracking OSCP — PWK 2020 by a regular every day normal guy
This blog about how I cracked Updated OSCP using PWK 2020 and tips for people who are trying to purse it.
I work as a Cyber Security Analyst for a service based Multi-National Company so you can guess how much they will pay and how much time I should work, it took me 6 months to save money for my certificate anyway I am not blaming anyone in this situation cause I could have refused my job and could have searched for other one but I played it safely, I am merely exposing facts in my situation enough about me lets jump into technical stuff which I think I am good at.
Requirements before enrollment
As many of know that OSCP is beginner level certificate for offensive security but it’s pretty hard in its own way I have seen guys taking it for more than five times and after listening their stories I got afraid and tried to avoid mistakes which they did so I have started from hackthebox.
On March I brought hackthebox pro version this helped me a lot because the pricing is near to my Netflix subscription and I can do all the retired boxes so made up my rank up to Hacker and did nearly 30% of active machines in Hack the box and also I did managed to complete all TJ NULL boxes I thought I was ready for OSCP and registered at mid of July, My suggestion is to avoid seeing hints as much as possible if you are struck more than 2 days then you should go to hints because without it you won’t develop persistence, out of box thinking and patience which are most important for any hacker.
OSCP LABS and Guide:
As specified in OSCP forums you can ignore to do OSCP exercises but if you submit the exercises you will get grace 5 marks which can help you pass the exam also in my perspective we should do it as it will give us more overview about lot of technical topics.
I am not that much gifted when it comes to skill I have to pierce my way using hard work and will to not give up on stuff, I started up reading the course material I have practiced each and every exercise I haven’t went into labs till I read all the chapters and documented all the exercises.
My suggestion is to start with buffer overflow chapter because it might have high weightage in exam and without it you will have high probability for failing in the end exam, Even though you don’t have any interest to report the exercises just do buffer overflow exercises.
I was able to complete reading the material in 30 days I know I took lot of time this was due to my slowness and it’s hard to concentrate these stuff when you got a project to handle.
In PWK 2020 version OSCP boxes can be dived into four sections as below, I cannot disclose IP’s as it is a big spoiler and I don’t want to lose my OSCP certificate.
· IT Department
· Dev. Department
Using the techniques mentioned in lab I was able to get my hands on 36 boxes in 60 days, all of them are in Public dept. and I have documented about 10 boxes.
Movement of truth:
My lab time is over and back to HTB machines and I have observed that got developed my skills but I am not up to my mark, so I started practice on buffer overflow using Steven’s dostackbufferoverflowgood repository.
I have made an unofficial report on every box that I have hacked in OSCP and HTB now I made a mega single checklist to understand the pattern of entry points of various boxes don’t ask me for my mega checklist I won’t publish it anywhere I would recommend you to use your own out of about 50 boxes.
Now it’s been a month since my labs got expired, Now I decided to purchase lab extension to check if I have become stronger or not.
15 Crucial Days
After understanding the entry points it became clear to me how to hack a box and what are basic steps you should do also difference between a rabbit hole and real vulnerability.
I managed to hack all the machines in the lab yes you read it correct I hacked the rest of boxes in 15 days these so nearly 30 boxes in 15 days on an average of 2 boxes per day some days I did 4 and some days only one box, these are the boxes which I am not able to crack on first lab time so I got pretty confident on my skill.
Now I don’t have any target machines to practice so I have made unofficial report for all the 66 boxes and official report for 25 boxes, I fixed my exam date on 7th Saturday Nov 2020 morning 8AM slot.
· I started my test at 8:15 AM got a bit delayed due to verification process, I started to scan every system with nmapautomater.sh and meanwhile I started on buffer overflow machine I completed it in 5 hours, I got panicked for a while cause people said that they completed buffer overflow in 2 or max 3 hours but I did in 5.
· Now I thought I will definitely fail so I started with hard box luckily I did this one in 2 hours so now again my hopes are up I have 50 marks in hand so I need 20 marks and I have 18 hours.
· Things got again stressed out again it’s been 17 hours since the exam start and I was not able to lay my hands on any box other than two hard one’s and again I got hope and hacked one 20 points box on next two hours now I got 6 hours left to end my test.
· At this point I was not able to sleep due to stress but I got hungry and I took a break for 1.5 hours and made myself pasta and ate it weird right in the middle of a night but it is what it is dude.
· After break I got user flag for other 20 points box, I have decided to take pics as reporting is very critical in this test as we are professional hackers I completed taking pics in next 2.5 hours it took me so long because I even taken pics of vulnerable code in the machine like if it is SQL Injection I have taken the SQL query execution portion.
· Finally I tried to do 10 points box but I was not able to lay a finger on it and my time is over I was able to complete 2 * 25 points + 1* 20 point = 70 Points that’s a border mark if I don’t make report clearly I will fail for sure.
I had a shower and slept for 8 hours and after that I started the reporting part as I mentioned earlier I am cyber security analyst I would like to do report as simple as possible so that even developers can replicate it so I was able to make report without any stress.
I have submitted the report to the portal specified and done with my test.
I have submitted my report 7th Nov evening and on 9th morning I got mail from Offensive Security without reading the mail I thought it’s my failure mail because lot of blogs suggested that they will correct them in 5 working days and if you fail they said it will take less time to correct I got panicked to open it and haha I passed the test and I even got my grace points 40 CPE credits I never thought they are so fast in correcting stuff.
Tools and Suggestions
- Start every thing with nmap scan I use NmapAutomator which perform all kinds of nmap scans
- Read nmap scan line by line follow round robin algorithm in exploiting possible vulnerabilities by this way you wont end up on a rabbit holes.
- Privilege Escalation Tools
4. Practice buffer overflow on Steve’s Github page dostackbufferoverflowgood
5. Read course material minimum once and do all the exercises.
6. Make a single write-up of 50 boxes about how you hacked them, This will give you clear picture about how to hack the stuff.
7. For reporting use Flynn’s GitHub repository
7. Never ever give up just play it like a game you are not done until you give up on it, I felt like I am loosing but never stopped playing the game.
If you think you are skilled Hacker don't just waste time take the test these days I am seeing so many Certified Ethical Hackers and many people talking Cyber security stuff for hours without knowing what it is , Its not wrong to be weak its wrong to stay as weak and not acknowledging our shortcomings , We pentesters give green signal to applications for deploying so if an incompetent one gives green to potential vulnerability its just as good as hacked just kidding :) Adios Amigos