Victor Rivera's Cybersecurity Blog

How I passed the OSCP exam

How I passed the OSCP exam

My experience going through the PWK course up until the exam

Victor Rivera's photo
Victor Rivera
·

6 min read

Before PWK

My first contact with hacking came through movies, as with many other people. Whenever hackers were shown in films you would often see them frantically typing into a black screen with green letters, uttering stuff like "I'm hacking into the mainframe" and such. It wasn't however until I saw Mr.Robot, that I came into contact with Kali Linux, the distro specifically made for hacking.

It didn't take me long to find out about Offensive Security(now Offsec) and the OSCP certification after researching some more. While initially reading comments about it made me feel as if the exam was more of a nightmare than anything, within me there was an eagerness growing to know more about it. I ultimately decided I would learn hacking and in time, face the dragon myself.

Exam Structure

The exam itself is a 24 hour hands-on test accompanied by an extra 24 hours to write a report detailing your findings. The targets are as follows:

  • 3 Standalone machines (can be Windows or Linux)

  • 2 Clients & 1 Domain Controller - Active Directory set

While compromising any standalone machine with low privileges will grant you points, you will only be able to get the full 40 points from the AD chain if you completely compromise it.

Preparation

In order to prepare for the exam I did the following:

  • The complete PWK 2023 course and exercises

  • The PWK 2023 Labs

  • Tib3rius' Linux and Windows Privesc courses off of Udemy

  • Proving Grounds machines

  • HackTheBox machines

The complete PWK 2023 course and exercises

Given this is the actual syllabus for the PWK course and ultimately, what will pop up on the OSCP exam, there's no need to address how important it is to fully complete its contents. While some of the module exercises might seem a little cumbersome, the little stuff you will learn in between, whether it be a new tool option or a new workflow tip, will aid you greatly during the exam.

The PWK 2023 Labs

Once you're done with the course exercises, this should be your next stop. In the 2023 version of the PWK labs, these are the different machine sets that will test your skills:

  • Medtech

  • Relia

  • Skylark

  • OSCP A

  • OSCP B

  • OSCP C

You must tackle all of them as you will get stuck throughout them. Finding ways out of this is what will make you grow the most.

Tib3rius' Linux and Windows Privesc courses off of Udemy

Tib3rius' collection of videos detailing Privilege Escalation vectors is great and still holds up in 2023. These techniques are essential to fully compromise machines as you will need to perform escalation during the exam.

Proving Grounds machines

Offsec's hacking playground offers a large amount of machines you can hack to test your skills. As many other people have mentioned throughout the years, there's a great list curated by TJ Null that holds OSCP-related machines.

You can access that list here

HackTheBox machines

As with proving grounds, on this website, you will find a vast array of machines to play with and hone your pentesting skills before facing the OSCP. Luckily, TJ Null's list also holds a HTB machine section, go check it in the link above!

Tools

Throughout the exam you are very likely going to encounter problems you've faced before in your training, and with that in mind you will have previous experience with tools.

If I could make a quick list of tools that will make your life easier, I would select these:

  • Linpeas/Winpeas

  • Accesschk.exe

  • PrivescCheck.ps1

  • Crackmapexec

  • Ligolo-ng

  • Chisel

  • Impacket toolset

  • revshells.com

While this is most of what I used for the exam, it's very important you customize your toolset to your specific workflow and methodology!

My Exam Experience

After booting up Kali and troubleshooting a little and showing my room around with my assigned proctor, I started my exam on the 13th of July, at around 4 am. While it was pretty early, I felt more comfortable since it meant I'd have more sunlight to aid me as the day progressed.

My main objective was the AD set, and after stumbling for a bit and hitting some walls, It took me around 8 hours until I finally cracked it. I felt pretty relieved since I had finished the longest part of the exam. All I had left were the standalone machines.

The first standalone made me question a lot of things. I couldn't seem to find a way in, until I took a step back and realised(as it usually happens), that the way in was much much simpler than I was initially thinking. It was at this time I realized I should apply the KISS principle: "Keep it simple, stupid". Once in It took me less than 20 minutes to get root.

For the second standalone machine, It might have been the KISS principle or just my newfound focus, but I managed to get in and root in around an hour, without any complications.

Sadly, I was not able to find way inside the third standalone machine, and ultimately decided to give it a rest. With these machines compromised, I already had a passing grade. I was ready to get some sleep, and move on with the reporting phase after waking up.

The next day I woke up relieved knowing I was done with the pentesting part of the exam. All I needed to do was to structure my exam notes into a clean report. This took me a little longer than I expected given I was overly paranoid about keeping the format efficient and concise, but I managed to get it done before the afternoon. After zipping the pdf an sending it to Offsec. I felt a great weight had been lifted off my shoulders and decided I would take the weekend off and chill.

That same Monday, I was greeted with the passing email and with it came an incredible sense of accomplishment. I had finally passed the OSCP exam!

Conclusion

At the start of my cybersecurity journey, I would have never believed I would become an OSCP-certified individual. While there are harder certifications out there, attaining this one specifically made me realize that you can do whatever you put your mind to. As long as there is drive for something, there will be a way. While I'm still looking for a pentesting job 2 months later, I'm happy I set out on the OSCP journey and conquered it!

Thanks for reading, if you're starting your OSCP journey or are close to the examination date, don't be afraid.

I know you can do this :)

oscpCTFhackingpentesting