Intro About Me:

I am working as an Information security Analyst for the past 2.5 years and having hands-on experience in Web applications, Mobile, API, and Thick Client Penetration Testing.

This post describes the journey that I went through while studying for the Offensive Security Certified Professional (OSCP) certification. It outlines my personal experience and therefore is very subjective. I don’t go into any details about the OSCP labs and exams due to restrictions set by Offensive Security. Instead, I’ve structured it in such a way that it gives the advice that I wish I had gotten when I first started the certification.

Start with My Dream…

My big dream or goal is pursuing the OSCP certification from when I started the Information security Domain.

When I started to learn on preparing for the exam I didn’t know what to do and also from where to begin, then after some advice and also from OUR mentor “Google”, I got to know from where to start and one more thing “Google is the best Mentor if learning something new”.

Starting with Linux…..

Before starting anything first we have to start with the Linux commands.

If you master the Linux commands it makes your journey easy, so according to me first, we have to start with the Linux basics.

So, After that What ……?

There are numerous resources online which you can practice and learn.

The Vulnub and Hackthebox are the main platforms that you can practice and prepare for the Exam.

Vulnub Machines:

A few Vulnhub VMs. I recommend to try and root before taking the exam because some machines are already present in vulnub and they are similar to OSCP machines.

Another good piece of advice is to read/watch the walkthroughs of those machines. Try to root them yourself first!. The LIst list of machines is given below.

Note: Before reading the walkthrough of the machine try to do at first and spend some with it.

For all the commands which you use try to learn what it actually does and also see all the options which you can give for that command.

  1. Kioptrix: Level 1 (#1)
  2. Kioptrix: Level 1.1 (#2)
  3. Kioptrix: Level 1.2 (#3)
  4. Kioptrix: Level 1.3 (#4)
  5. FristiLeaks: 1.3
  6. Stapler: 1
  7. PwnLab: init
  8. Tr0ll: 1
  9. Tr0ll: 2
  10. Kioptrix: 2014
  11. Lord Of The Root: 1.0.1
  12. Stapler: 1
  13. Mr-Robot: 1
  14. HackLAB: Vulnix
  15. VulnOS: 2
  16. SickOs: 1.2
  17. pWnOS: 2.0

HacktheBox :

I started the Hackthebox machines after completing the above list of machines from the vulnub.

Solving the easy machines in the hackthebox is also not easy sometimes. After some days I thought of taking the Hackthebox pro for practicing the retired machines and it helped me a lot.

I had taken 3 months of hackthebox pro to practice and learned so many things also.

Note: Sometimes we think that just seeing the walkthrough is enough and why to waste money on the Hackthebox Pro. But Don’t think like that only because it helps you a lot and also there is so much difference in just seeing the walkthrough and also practicing those on the machines.

Finally Took the labs: — — —

I Had taken the 2 months of the lab and Initially, I thought I may complete some 30 machines in the lab, and afterward let’s one more month lab access.

After starting the lab I did all the exercises in the course and made the report for that and it took 20 days for me to complete all the exercises as the exercises are around 850 pages.

Now only 40 days left and again I thought I might complete only 25 labs at that time.😅😅

Then I started to solve the machines in the lab.

As I was working, I was not able to invest much time in the exam, so I fixed 4 hours in a day for the exam and others for the office work.

Initially, when I started the machines I thought I can finish the 2 machines a day, and also it went like that only means started to complete 2 machines a day. but after some machines, I got to all machines that are not the same.

After some days the machines are started to feel somewhat difficult but they are tricky only.

After the completion of the 2 months of lab access, I completed 49 machines and I felt awesome by seeing the numbers.

So Finally my Exam day comes :

I was so nervous about what might happen..?

Can I pass the exam…?

Can I solve all the 5 machines in the exam or at least 3 and a half for passing the exam..?

I was thinking these above for the whole night and didn’t get peace of the mind to sleep and also to study also.

I suggest that before the exam doesn’t do anything and relax for some time and have peace of mind.

I had scheduled my exam on 8:30 in the morning and we have to present in the panel before 15 min for the verification process.

Exam Started :

After the verification process is done, I got the mail confirmation and got the VPN access to the lab, and also along with that, we will get the IPs of machines.

In that we will get 1 will be 10 points, 2 will be 20 points and 2 will 25 points and 25 points will include Buffer overflow.

So, I started the exam at 8:45 am and at first kept all the IP’s for the Nmap full Nmap Scan.

First, I started with the 10 point machine and by information gathering through Nmap, I got to know that it service based exploit and I completed it within just 35 minutes including taking the screenshots for the exam report.

After that, I started with the Buffer Overflow machine, and it was a basic buffer overflow, and completed it within an hour.

After that, I went to the 20 points machine and these machines were tricky and also a little tough and I was able to finish it within 1 and half hours and took 30 to 45 minutes to take the screenshot because of the so many methodology or steps.

At this point in time was already having 75 marks in my mind and somewhere I thought to leave and make the report but made a mind to at least give a try.

After starting the 25 point machine, I struggled a bit in the exploitation of both the low privilege and also the privilege escalation and it took some time but I able to complete it with 2 hours.

At last, I completed all 5 machines within 5 to 6 hours.

Then I took more time preparing the report as there were many which I need to explain and submitted the report the next day.

After a day I got the Email from Offensive Security that, “Now I am Offensive Security Certified Professional”.

Lastly, good luck and “Try Harder”.

Penetration tester | Freelancer | Gymmer | Cyclist