Road to OSCP – Part 2


“There are no secrets to success. It is the result of preparation, hard work, and learning from failure.”

– Colin Powell

Hi, I’m glad you’re back. This post continues to part 2 of a journey to OSCP. In this post, we’ll explore everything technical, and I’ll give you some study tips too!

root@acc3ssp0int:~# nano take-notes

Documenting what you’ve learnt, and what you will learn is a crucial step, it will not only help you in your OSCP journey but also help you track your progress, and revisit stuff you’re looking for; easily and quickly.

Document your studies, practice work, etc. as you go and do it in a way you’re comfortable (MS Word, OneNote, EverNote, or Old-School — pen & paper :D)

**PLEASE MAKE YOUR OWN NOTES & DOCUMENTS I CANNOT STRESS THIS ENOUGH**

root@acc3ssp0int:~# service pre_oscp_labs start

This section will cover stuff you should prepare prior to enrolling for your lab time. It will help you to go over basic to intermediate methods of enumeration, exploitation, and more.

Buffer Overflows

This is one topic in essence that requires a little time for preparation It is also a little close to my heart and below is a collection of links that I referred / studied it from

An Intro

Computerphile on YouTube covers this amazingly: https://www.youtube.com/watch?v=1S0aBV-Waeo

Some Resources

To get down in the dirt you must first understand how memory works, and a little bit of assembly language to understand the instructions being passed There is no one better than Vivek Ramchandran to explain this. You can find the assembly language & buffer overflow attacks below:

Assembly: https://www.youtube.com/playlist?list=PLue5IPmkmZ-P1pDbF3vSQtuNquX0SZHpB

Buffer Overflow Attacks: https://www.youtube.com/playlist?list=PLFS09dmzTiewOGPzeN7JntZVs1dnTu_JL

This Course on Pentesters Acadamy also covers it beautifully: https://www.pentesteracademy.com/course?id=13

Justin also covers this topic in-depth, find it here: https://github.com/justinsteven/dostackbufferoverflowgood

Some Vulnerable Softwares to Practice Buffer Overlows:

  • Minishare 1.4.1
  • Blaze DVD Professional
  • FreeFloat FTP
  • War FTPd

Note: Protection based buffer overflows are not required as such.

root@acc3ssp0int:~# service practice start

Once you’re confident with your preparation, it is time to enroll for your labs. Again, if you don’t have the time, do not enroll. If you are working, and are able to dedicate time during the weekdays, 2 months should be sufficient, otherwise 3 months works in all cases.

Some OSCP Like Vulnhub VMS to get a taste of what to expect, it has been covered deeply by abatchy

root@acc3ssp0int:~# service oscp_labs start

What you learn from here completely depends on what you do in your labs

This is a section in which, everyone who has done OSCP will have different viewpoints, approach, and so on.

My suggestion would be that you follow a simple enumeration > identification > exploitation methodology.

**Do not rush to run exploits. ENUMERATION IS THE KEY**

Below is a collection of a few blogs, scripts and other stuff that not only helped me in my OSCP preparation but also serve as reference today.

A Short Collection of Resources

Enumeration

0daysec-Enumeration

NMAP NSE Scripts

Reconnoitre

Identifying Vulnerabilities

https://www.exploit-db.com/

https://cve.mitre.org/

Gaining Shell

pentestmonkey reverse shell cheatsheet

msfvenom cheatsheet

Privilege Escalation

Windows

http://www.fuzzysecurity.com/tutorials/16.html

https://github.com/GDSSecurity/Windows-Exploit-Suggester

Linux

payatu priv-exec

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

linux-exploit-suggester.sh

root@acc3ssp0int:~# cat /etc/motd

**Schedule your exam 1 month in advance from when you plan to attempt, this will ensure you get it in a good time slot**

root@acc3ssp0int:~# cat /home/OSCPguide/*

This concludes the second part of the guide. Hit me up if you have any queries, or would like to talk further on preparation. All the Best!!

You can read part 1 here

You can read part 3 here

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s