Yet Another PWK/OSCP Review

Prologue

Hey, if you are here is because you’re thinking to take the PWK/OSCP certification. First of all this certification is not only for people wanting to start this path in the infosec work environment, but in my opinion, it is a very beautiful challange for mind and body, regardless of your age, for those of you who want to break the work or life routine. PWK/OSCP course needs a lot of abnegation, hours spent studying the concepts learned during the lessons to complete the lab, to revise arguments and to write reports. This certification introduce you to the penetration test world and to the infosec enviroment generally , with a very practical approach compared to other certifications. In this journey you’ll feel pain and happiness, despair and exaltation sometimes at the same time. In other words, your soul will be shaken. The Offensive Security motto is “Try Harder” that is really appropriate.
People often think that infosec certifications need a lot of experience in Informatic to be obtained. It is not true, well not at all. I’m telling you, this certification is an entry level but needs some knowledge on a variety of arguments, from scripting to networking, from programming languages to system administration. That being said the material is composed of videos and a PDF, giving you all the information and all the arguments you may need to study if you don’t understand the videos. In particular you need to know basics on this fields:

• Linux systems
• Windows Server systems
• bash programming
• python programming
• TCP/IP basics
• networking basics
• cryptography basics
• Web languages like PHP help too

Last but not least, a lot of you asked me how many days of lab i purchased and how many you have to purchase.
I purchased a total of 120 days lab but this is absolutlely not the standard. What i always answer is it depends on how many hours you can study per day, more hours of study means less lab days and vice versa.

Exam Preparation

First suggestion: PWK means Penetration testing with Kali so Offensive Security bring you a custom version of Kali Linux. Use this version and don’t update it! Offensive Security give you all the tools and stuff needed to study and to obtain control of machines in lab.
Once you have finished the video materials, you can start the funny part of the course: pwning the Lab Machines.
What i suggest is to pwn all the machines in the lab. The number on VM you conquer per day affect the number of lab’s day to purchase. I spent more then 70% of my purchased time, in the lab, jumping from a VM to another, taking notes of every single move i made to pwn the machines, i lost a lot of sleep hours and week end in the lab but this is the price to pass the exam and let me say, this is really amazing when you see a shell popping in your Kali. As said you have to finish the lab! But bassed on my personal experience, it couldn’t be enough. There are also a lot of VM’s on HackTheBox and VulnHub that could be used to review OSCP arguments (i did a lot of these). I suggest also to review very carefully all the arguments studied in the course materials. There is a lot of materials in Internet made for this pourpose, at the bottom of this post, you can find some links. Another important things is training yourself to write reports, so get into the habit of take notes for every machine you conquer.

The Exam

Once you schedule the exam you are on the ramp for the certification, the exam is of 23 hours and 45 minutes in a dedicated lab via VPN and another 24 hours to produce the report of the conquered machines.
In the lab you’ll find 5 machine with different points assignment, for a total of 100 points. Remember that you have to earn almost 70 points to pass the exam.
Here are my suggestions for that long long day:
i prefered to schedule the exam start, early in the morning but this choice is suggestive, try to sleep 8 hours the night before so you come to exam at best conditions, take a good breakfast/lunch/dinner (depends on when you decide to schedule the exam) before start.
When the VPN credentials arrives, i started attacking an hight points machine (the BufferOverflow), it took sometime to exploit so next i switched to a low points machine to “relax”, when done i proceeded with the medium points machines and then went on the last machine that i not finished. Remember to take a break when you feel you need it and when you’re stuck (you’ll be, trust me), cool down your mind and the solution will come.
Once time is over take some sleep hours then start the report, writing it when you have all the information acquired in the exam, well printed in mind, is better, and remember to try harder, ever!

You will also asked to produce a lab report that if well done, can give you an extra 5 points.
My suggestion is to make this additional report for 2 reason:

• tha lab report is a perfect training to learn writing reports
• 5 extra points could literally save your ass

Once finished, upload the report(s) and wait the answer email from Offensive Security.

Conclusion

The journey is amazing, i found it so much fun that I did the exam 3 times :)
but if i did this, you can do it too.

Links

• Andrew’s VulnHub VM list for OSCP training
• Abatchy’s VulnHub VM list for OSCP training
• PinkPanther’s VulnHub VM list
• HackTheBox list, most of theme are retired so you can find also the solutions
• ippsec Youtube channel
• Search engine for ippsec channel by @shell_oc
• Derek Rook Youtube channel
• Buffer Overflow review material based on VulnServer, thanks to @blackroomsec
• My Buffer Overflow review material based on VulnServer
• VulnServer GMON howto
• Well detailed OSCP study plan
• Pentestmonkey Reverse Shell cheatsheet
• Meterpreter Basics
• Fuzzysecurity Priviledge Escalation cheatsheet
• g0tm1lk Priviledge Escalation cheatsheet