How I passed OSCP on the first attempt? [ Part 1 ]
Passing OSCP with proper planning and preparation
I thought of sharing my OSCP journey and the hurdles I had to overcome to pass this certificate. If you are looking for any learning resources then they will come in the next part, In this part, I will only cover my journey, timeline, and mental preparation.
To start off those who think OSCP is easy and you are not someone who is not a regular HTB/TryHackMe player then you are in for a big surprise.
I thought it would be relatively easy since you are just learning about some tools and using them to enumerate, pivot, escalate, and root. This is what my initial assumption was "UNTIL" I saw this...
So many people were failing OSCP and it hit me quite hard, I was wondering how come so many people are failing it when from my assumption it should be easy. I did more research on it and also talked to the people who failed it and what I understood was all of the cases had a similar pattern.
Like they failed because they didn't maintain a proper time schedule throughout the exam
Like they failed because they didn't do many labs
Like they failed because they did some mistakes while submitting the report
So a similar pattern was "Preparation and Planning"
I believe all these could have easily been avoided if the person had enough preparation and he did enough planning to ace the exam. I'm lucky to realize this beforehand because I had 90 days to complete the labs and then sit for the exam now I need to evaluate if the 90 days are enough for me to go for the exam and after 90 days I only managed to finish around 20 machines that also with the help from Google mostly so I wasn't satisfied at all, It is also hard to push myself to do more labs as I have a fulltime job so I ended up extending my lab period and It helped me a lot because then I managed to solve more than 30+ labs and I was a bit satisfied with my preparation, At the same time I was building labs at my office and testing them also for extra preparation.
And NEVER STOP DOING NOTES, they are life savers. Make sure you note down everything and special scenarios also to help you with those special cases.
I knew AD will be there in the exam so I didn't take any risk with the AD and learned the simplest tools and easiest ways to take control of an AD, I planned to keep things simple and to make sure I spend less brain power on tools and more brain power on planning the attack, So I wouldn't choose any tools that require sophisticated steps rather I will research the tools and if I find something easy to use I will stick with it.
After all these, I realized that people who fail OSCP are not because they are less skilled or knowledgable but because they prepared less for the exam. To be honest, I also didn't think I will pass it on the first attempt since the exam was completely changed this year and the tips I was getting were old since most of my friends and connections passed the old version, So I had the challenge to overcome and plan the entire thing myself. In the end, Confidence is the key that worked out for me.
OSCP EXAM DAY
Funny Story: As I was showing my room to the proctor he asked me to take down my TV and face it towards the wall, It made me laugh because it wasn't even powered on and it was quite heavy, I did tell him that it is very heavy I will need some time to do that. He said no problem do it!
7.00 AM: I sat for the exam and was quite nervous. I spent 20 minutes understanding the requirements and the environments, made sure I could ping all the machines and before starting my first machine I reverted it just to double confirm that the machine will be fresh.
12:00 PM: I managed to pwn my first machine in AD before this I didn't take any breaks and I was constantly focused on this machine due to my nervousness. This gave me the realization that if I continue to sweat like this and lose all my focus I will not be able to use my full potential on the other machines, So I will have to balance it out.
I took a hot shower after this and a good lunch, Took some rest, and also planned a few things in my head before restarting.
2:00 PM: I managed to pwn my second machine and I was so happy because my trick was working and I was taking constant breaks, It helps you SOOOOOO much to cool down and think of other ways to get inside the machine.
[Throughout this period I was having fruits and healthy snacks to keep my strength up and to feel energetic ]
3:00 PM: I managed to complete the entire AD and I couldn't be anymore happier than this, At this stage, I had enough confidence to ace the exam because I knew I had the time and resources now to push forward.
5:00 PM: Managed to get local privilege on the first standalone machine and after this decided to go for a walk and get an Ice cream, Rewarding myself for such achievement was also working a lot. Had a nice dinner with a tasty dessert and restarted my exam.
9:00 PM: Managed to root my first standalone machine. At this point, I was already noticing fatigue and I started to push myself even more.
2:00 AM: Managed to get the local privilege of the second standalone machine and at this stage, I was completely done, My head was screaming to go to sleep and asking me to give it a rest. Since I ensured 70 I didn't push myself anymore and went to sleep happily knowing that I also have a lab report to submit so in total I will have 80 points and will pass it quite easily.
So then I just waited for the final email and then, it arrives...
Don't be lazy with the labs and exercises!
During the exam, if you are completely stuck on a machine then search about that specific service in google but add the keyword "hack the box", If you are lucky HTB will have a similar box with that service from where you can take new ideas to get the initial shell.
If possible keep a separate terminal just for enumerating, Take a good wordlist and start enumerating. Sometimes you might get lucky and end up inside some user's account since the password would be quite easy to guess like "john"
Don't change your plan frequently it will lead to burnout, Instead do an initial enumeration and choose the attack plan you are comfortable with and can escalate to an advanced level.
If you find an exploit not running and giving errors, most probably that's intended. Try to look into the code and fix it if necessary or look for alternatives in GitHub if someone had already fixed it.
For python, if you are running some tools on your local kali for the sake of god use virtualenv, This fella saved me from so many troubles.