Thursday, September 24, 2015

I Tried Harder - OSCP Edition

Background
After about two and half months of dedicating the majority of my time to the certification, I successfully became an OSCP. I have read many different blogs that gave great advice but I thought I would add my spin on it as well.

This certification is very time intensive. However, I feel it is the most worth-while certification for an entry level Penetration Tester, and will give you some credibility within the community. Throughout the certification, your primary focus will be exploiting and escalating privilege on vulnerable hosts.

Preparation
In preparation, I spent some time working on some vulnerable hosts on Vulnhub. In this site, people develop vulnerable machines very much like the ones you will see on the OSCP. You download and host the vulnerable machine on your computer and attack it.  This is great practice for those who are unsure if the OSCP is for them.

My favorites I have completed are:
Lord of the Root <- I created this one. My solution is here.
Troll 1 and 2

If you can complete these, even with a little help of the walkthroughs, you should be at the right skill level for the OSCP.

Also, I developed a script much like Mike at Security Sift to help automate the enumeration process. Since I have a developer background, this was relatively easy and painless. It was really time effective to have my enumeration process be completely automated. However, this is not essential.

Course
I recommend going through all the exercises. If you do not, you may not have all the tools you need for the job. Also, it will teach you buffer-overflows in great detail. It wouldn't hurt to review this multiple times. I did. Also, pay close attention to the enumeration section. This is the majority of what you will be doing for the rest of the certification.  You will also need to be prepared to take copious amounts of notes in both the lab and exam environment regarding your path of exploitation and privilege escalation. This will help you greatly with the writeup!

In the lab environment, enumeration is the key! Many machines will be much easier if have all of the information available. Also, some machines have dependencies on other network machines. If there doesn't seem to be a point of entry and you have enumerated well, the data you need is probably on another machine. Move on and try again later.

I compromised almost all of the public network with a couple of machines in each of the other networks. I would recommend compromising most, if not all, of the public network before taking your exam. Also, the Admins in the IRC are a great resource for helping push you in the right direction on the lab machines. 

Exam
The exam is really where the rubber meets the road. In preparation for the exam, I wrote up my entire lab writeup. This included the exercises, labs, executive summery, remediations, conclusion, and any other piece necessary. I created a template for each machine to fill in once I had completed the exam. I did this because the last thing I wanted to do is spend all of the next 24 hours writing a long report after I had exhausted myself cracking machines for most of the night. Using my template, I was able to reduce my lab writeup time to two hours to complete the exam writeup.

I was told that if your exam is on the threshold of passing, reporting on your Lab machines and exercises will greatly improve your likelihood of passing the OSCP. Begin working on your reporting early and be thorough. I don't want to get too specific about the exam but what I can say, is that if you have worked hard on the lab environment, it shouldn't be anything that well beyond your understanding.

After reflecting on my exam, I learned I should have taken care of my body better. Get as much sleep as you can the day before, and as much as you may want to work until the exam is completed, DON'T.  Getting some sleep and looking at it fresh will help you not to spin your wheels. I spent too much time spinning my wheels in stubbornness. 

Recap
1. Enumerate, Enumerate, Enumerate
2. Take detailed notes in exercises, labs, and the exam. It will make report writing exponentially faster.
3. Write most of your final report BEFORE the exam.
4. Take care of your body during the test.

I hope this all helps! Good luck and remember to "Try Harder!"

3 comments:

  1. Would you be willing to share your enum script?

    ReplyDelete
  2. My script can be found here: https://github.com/kostrin/Pillage

    ReplyDelete