OSCP - Tips for Beginners!

By -

On 9th August 2020, I received a confirmation mail from Offensive Security that I successfully clear my exam and I am now an OSCP! 

 
 
After posting this on Linkedin, I got tons of messages from people asking me about tips and what are my thoughts on OSCP exam. So, in this post I'll be sharing my notes as well as few important takeaways which I feel it will help every beginner just like me! 😄 
 
Tips #1:
Always read more writeups! I know, it's a common suggestion that every other OSCP will give but believe me it will work!.
 
Tip #2:
Follow the legendary Ippsec. On his Youtube channel you will get to learn a lot of techniques. Only watching his video won't help, so make proper notes.
Link: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA  

Tip #3:
Practice, Practice and Practice! 
OSCP labs + HTB + Vulnhub would be enough.
(I also bought HTB VIP subscription just to practice more on retired boxes) 
 
Tip #4:
Before my exam, I watched John Hammond's video and he gave one very useful advice.
"Try harder mantra won't work every time, so take a break, refresh your mind and then again Try harder!"
Link: https://www.youtube.com/watch?v=kdobdnQ2sGw&t=456s
As exam is for 24 hours so it's very important to take breaks frequently otherwise you will get exhausted.

Tip #5:
Confused when it come's to Buffer Overflow? Well, follow Cyber Mentor's BoF series and I guarantee you that it's one of the best tutorials for BoF!
Link: https://www.youtube.com/watch?v=qSnPayW6F7U&list=PLLKT__MCUeix3O0DPbmuaRuR_4Hxo4m3G
 
Tip #6:
I know Privilege Escalation is a nightmare as a beginner, the most common tools which helped me are as follows:
Windows: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
Linux: https://github.com/rebootuser/LinEnum 
 
Tip #7:
While exploitation if you find any suspicious technique/ technology/ software/ binary. Simply use https://ippsec.rocks/ to search for. 99% of time it gave me accurate results.
 
Tip #8:
OSCP Exam is all about TIME MANAGEMENT, so make sure you spend enough time on the respective machine depending upon the marks allocation. If you get stuck then make a note and go ahead for another machine. 
 
Tip #9:
During your exam, make sure you scan your target machines properly. As this scan results you are going to refer for next 24 hours so make sure they are perfect.

Tip  #10:
After compromising your target, it is very important that you collect necessary evidences like taking POC of local.txt, proof.txt etc. 

Tip #11:
Reporting is very important part, as it reflects how exactly you compromised your target so make sure you have all the necessary POCs and use a nice template. I'll recommend use following one:
https://github.com/whoisflynn/OSCP-Exam-Report-Template
 
Tip #12:
Last but not least, if you fail in your 1st attempt don't feel demotivated. OSCP is just an exam, it's not like an end of the world. So chill and introspect yourself and identify where things got wrong. 

I hope so this tips will help you guys for your OSCP journey. If you like this post share it with your friends!

Happy Hacking 😊

 
 
 


 
 

Comments

Post a Comment

Popular posts from this blog

API Testing Checklist

By -
Checkpoints: 1. Older APIs versions tend to be more vulnerable and they lack security mechanisms. Leverage the predictable nature of REST APIs to find old versions. Saw a call to 'api/v3/login'? Check if 'api/v1/login' exists as well. It might be more vulnerable. 2. Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: `/api/mobile/login` | `/api/v3/login` | `/api/magic_link`; etc. Find and test all of them for AuthN problems. 3. Remember how SQL Injections used to be extremely common 5-10 years ago, and you could break into almost every company? BOLA (IDOR) is the new epidemic of API security. 4. Testing a Ruby on Rails App & noticed an HTTP parameter containing a URL? Developers sometimes use "Kernel#open" function to access URLs == Game Over. Just send a pipe as the first character and then a shell command (Command Injection by design) Reference Link: https://apidock.com/ruby/Kernel/open 5. Found SSR
Read more

THE PLANETS: MERCURY Walkthrough - VulnHub

By -
Image
Introduction Getting back to CTF solving after a looong break, is a difficult task. So, I decided to proceed with an EASY challenge, and  VulnHub  was the obvious choice to find the one. In few searches, I found a perfect machine to start with -  'The Planets: Mercury' .   This boot2root machine had 2 flags: USER & ROOT. The USER flag can be obtained by  SQLi  ==>  Creds  ==>  SSH  ==>  FLAG . The ROOT flag is were an interesting PrivEsc lie in. Hope you find this writeup interesting & useful! Information Gathering Port Scan: Nmap To begin with reconnaissance, let's find out open ports with Nmap, with service version enumerations: Port 8080 So this looks like a simple page with no secrete or hint. Let's try accessing some common directories: Visiting ' admin ' directory, we got the error page. This happened as the site is built on  Django  with  Debug  set to  True . Luckily for us, the URL Configuration is being reflected on error page. Let'
Read more

OSCP - Personal Notes

By -
Image
  Hey Guys, in this post I am just going to copy paste my notes which I collected during my OSCP journey from different sources. Feel free to collaborate. 💀 [*] SSH - 22 Tunneling ssh -L 8443:127.0.0.1:8443 user@x.x.x.x Credentials Spraying ncrack -U users.txt -P pass.txt ssh://x.x.x.x [*] DNS - 53 Perform DNS Zone Transfer check dig axfr x.x.x.x dig axfr vhost.com @x.x.x.x  [*] TCPDUMP tcpdump -i eth0 icmp [*] SMB 1. SMB Protocol enumeration: nmap -p445 --script smb-protocols x.x.x.x 2. Check for SMB Vulnerability nmap --script smb-vuln* x.x.x.x 3. Get a list of shares available on a host smbclient -L x.x.x.x 4. Connect to the share smbclient //x.x.x.x/Share_Name 5. SMBMap for checking access on fileshares smbmap -H x.x.x.x -u Username -p Password or smbmap -u '' -p '' -d 'htb.local' -H x.x.x.x 6. Download all files in shares: smbget -R smb://x.x.x.x/Share -U Username 7. Use crackmapexec for spraying crackmapexec smb 10.10.10.175 -u Users.txt -p Pass.txt --co
Read more