Khmer CodersKhmerCoders

OSCP story-telling (out of date)

Chhaipov
0 Comments
OSCP story-telling (out of date)

This is just a personal reflection on my OSCP journey back in 2017. it's how I got started in the penetration testing field. I'm sharing it as a reminder to myself and a source of motivation to stay grounded in the technical side of cybersecurity.

If you're looking for an up-to-date guide on the OSCP, I recommend checking out more current resources elsewhere.

I guess you would be interested in PWK course once you view this page. This is an article I’m gonna describe how I had been through PWK course and obtained an OSCP certificate. If you are here looking for a detail guide, you might come in wrong place and I’m sorry about that. Abatchyand niiconsulting are good guides I’ve found. You can take a look there.

I’m just now writing about how I had enjoyed the course from the pre-enrollment to the day I got email confirmation from offsec that I passed the exam.

OSCP is not about getting the certification. It’s all about the journey and experience along the way to destination. It was mixed feeling. Just like the feel at before and after exam were absolutely opposite. Nervous, sadness, happiness, tiredness, greatness motivation…they were all in one. I enjoyed it very much. My precious moment during OSCP was that I knew many nice people especially PunkMaster. We’ve learnt and shared. Also, people from netsecfocus group were so supportive.

How the journey was initiated

I’m actually a network engineer and I will always be. Previously, I didn’t even know what OSCP really was. One day in February, my friends and I were sitting in a café and talking about some Security training. Then I was told about OSCP. I was immediately very fascinated by it. I had many researches about PWK course outlines and did self-study the topics one by one. Reading many guides, I found hackthebox.eu website and leaded to join netsecfocus group. Yeah, it was where my journey began.

One day, I doubt myself if I was ready for pwk. Literally, PWK is not an advance course. The prerequisites are only requires some knowledge related to TCP/IP, Linux fundamental, and being familiar with scripting language such as bash or python. If you are fine with those skills, you are good to go. I then decided to enroll PWK course in October. Their course material was a gold. I really loved it. You can check the syllabus here.

Time to start the journey

I received email from Offsec at around 7am local time. The email contained link to download course material and related information to connect to VPN. I didn’t even look at the material and went straight to the lab. Less than 30mins, I managed to get root in one machine. That was a great moment.

There are different technique shared by people about the way of using lab and course material. Some people prefer to finish the course material first before going to lab. Since I did a solid study research on course outlines during pre-enrollment, I would love to start doing lab and then went thru the material little by little, day by day. I got so motivated at first. Days passed, the machines became harder and harder. Motivation was gone bit by bit. Until I got a root on the one hard machine, the motivation came from the sky and I was fully filed in.

Image

At the end of first month, I managed to pwn almost all machines in LAB.I spent around 6–7 hours a day, almost every day, for 1 month straight. normally, it took me 3 to 5 hours to pwn a machine in the OffSec lab and I worked through around 53 machines in total.

It wasn’t just about learning the tools or techniques. it was the mindset that really changed me. That curiosity, persistence, and problem-solving approach became part of my routine. I learned more from trial and error than anything else.

My Death-note to kill PWK machines

Image

A scary examination

After I pwned all the machines, I booked the exam at around 1 week after lab end. I had so confident at that day. However, i keep losing confident day by day because I had been busy with report and exercises, and I had not looked at lab machines anymore. I almost forgot my own methodology. I wish i had took the exam immediately after lab machines.

I started my exam at 14:00 local time. At the first hour, I was nervous and lost patience because I could not get the first shell on the first machine. I tried to calm myself down and did it gently. At around two hours, I got the first root shell. It was the best feeling ever. I did not know how to describe it. Then I continually got other machines one by one. An hour before the VPN ended, I checked all the required information for report to if there was anything missing. After sleep for several hours, I prepared and submitted the report.

Arriving at the destination

Even though I knew I had enough point to pass the exam, I still felt anxious. The time was walking so slow. I keep checking the email. That morning, I woke up at 5 and immediately checked the email. After a long wait, I got the result email saying that I have successfully completed the exam and obtained the OSCP. It was the joyful moment ever. My sleepy eyes were cleared up. YEAH! I’m officially an OSCP. I finally did it.