Monthly Archives: July 2019

OSCP Journey – Week 12 & 13

I have officially extended my lab time by 30 days with the intention of taking the exam again towards the end of August.

As I previously stated my primary focuses during this lab time will be:

  1. Practice hard on Buffer Overflows, my strategy was solid but unfortunately I just needed to practice more because this took 3-4 hours due to not having completed a BO in a while.
  2. Concentrate on Privilege Escalation, I am not so sure that my strategy was flawed with PrivEsc but by the time I got to this point I had hit a wall of progress and was exhausted.
  3. Reinforce enumeration/scanning techniques, I feel like I was a little impatient with scanning and need to make sure I am using the most efficient scanning techniques.

Between by exam attempt and now has been about two weeks of relaxation and recovery but now I am ready to get back after it. Ideally I would like to double the machines compromised, which puts me at 25 shells going into the next exam attempt.

Course Pages: 380 / 380

Lab Shells Popped: 12.5

OSCP Journey – Week 11 – Exam Attempt #2

For those who have been following my OSCP Journey, you will know that I technically sat from the OSCP exam back in 2015 but was nowhere near prepared. Well fast forward to 2019 and I sat for the exam again about 1.5 weeks ago. Unfortunately I failed to get the required 70 points to pass. With that being said, I do calculate my point total to be approximately 40/100…I was able to get the buffer overflow system fully compromised as well as a partial shell on another system. The 40 points is actually not that far off from a pass, so this actually provides motivation for me to continue the path.

Right now my plan is to get another 30 days of lab time where I will:

  1. Practice hard on Buffer Overflows, my strategy was solid but unfortunately I just needed to practice more because this took 3-4 hours due to not having completed a BO in a while.
  2. Concentrate on Privilege Escalation, I am not so sure that my strategy was flawed with PrivEsc but by the time I got to this point I had hit a wall of progress and was exhausted.
  3. Reinforce enumeration/scanning techniques, I feel like I was a little impatient with scanning and need to make sure I am using the most efficient scanning techniques.

I thought about adding in Vulnhub VMs and Hackthebox CTF machines for practice but honestly since the exam is based on the PWK lab, I think my time will be better spent honing my skills on those systems.

OSCP Journey – Week 10

One more machines felt my wrath in week 10 from the lab environment, I have a partial shell on one additional box, and command execution on another box. Additionally I have completed almost the entire lab penetration testing report as well as documenting the course exercises. The documentation is required in order to get the CPE credits for the course, and in order to receive five points towards the exam. My main priority this week is to wrap up all the documentation, then I will start reviewing the course material. If I have additional free time, I will continue to start cracking more machines.

A cool script/tool that I discovered this week is MSFvenom Payload Creator (MSFPC). Remembering the syntax for MSFvenom payload creation can be pretty daunting, but this tool makes it very simple and even provides you the specific syntax if you wanted to manually create a payload.

Course Pages: 380 / 380

Lab Shells Popped: 11.5