Read Time: 16 mins
I hate reading boring articles so I’m not going to waste any of your time by writing one. Besides, you’re probably an PWK student with lab time ticking away each second as you get closer to your exam date; The very exam date that will determine whether or not you’ve become a man/woman yet in the information security industry. Right now, you’re still a little boy/girl with absolutely nothing going for yourself. That’s how I felt most of the time as I spent countless hours “skateboarding” through the internet trying to find some reverse PHP shell capable of running on windows host:
It actually exists folks:
(Windows PHP Reverse Shell)
The feeling of insufficiency coupled with the euphoria that I felt after gaining root privileges, or learning a new technique motivated me. I was like Neo spending hours in simulation learning Jiu Jitsu (which was really Karate but don’t get me started on that!).
TLDR’ers Start Here ➡️➡️
But you already know all of that so let’s get right into it:
If you are just starting PWK, you’ve probably already been told to go and do the OSCP like Vms:
You’ve probably even been told to go and watch some of Ippsec’s videos.
No one probably mentioned that you could find Pre Compiled Windows Exploits out there in the wild which will save you some headache during your time in the labs.
Certainly do these:
And if no one has told you about Nebula for learning Linux privilege escalation techniques they have done you a disservice!
For note taking, I used a beautiful program called Atom. Learn MARKDOWN! Markdown is sort of like HTML and is super easy to use. After launching Atom and creating your folder for note taking make a “.md” file and start from there! It can recognize code and everything!
If you want buffer overflow experience and you don’t have lab access yet, I recommend doing Brainpan on Vulnhub.
Spoiler: It has both a Windows and a Linux buffer overflow for you to pwn!
Now that you have a good starting point, I want to cover some of the unwritten rules along with some additional tips that will help you during your time in the labs and in your pentesting career. Some of these tips will save you from a lot of embarrassment and frustration in your pursuit of the OSCP certification. I want to help you by shining light on how your thinking needs to and will change during your time in the labs.
Tips & Unwritten Rules
1. Google, Google, Google …need I say more?
* Thaw shall not ask another pentester any questions prior to googling the subject for at least 5 minutes on the subject.
2. Offsec admins are not as mean as you think they are.
* Before I used the Offsec Support Chat for the first time, I had already accepted that they were going tell me to try harder, but not once has any Offsec admin ever uttered those words to me. They are very understanding and super helpful.
3. Read the write-ups.
* You should be watching yourself and making sure this doesn’t become your “go to” on every single box you attempt to root, however, you are only hurting yourself when you abandon a machine without ever gaining the knowledge you are missing.
4. You are not a failure if you get stuck and look at the write-up for a box.
* This is something I struggled with for a long time. I ALWAYS felt guilty resorting to someone’s write-up after exhausting all of my knowledge on a target box but once you do read the write up you will likely remember that technique for the rest of your career!
* Pro tip: Peek: scroll down to where you are stuck and only view enough to get you moving again!
5. DO NOT USE METASPLOIT:
* Using Metasploit will severely hinder your ability to pass the exam in my honest opinion. You can only use it on one machine during the exam and it is generally only worthwhile on windows machines. I mean, imagine getting to the exam and having zero manual windows privilege escalation skills because you’ve been using Metasploit for every box in the lab. Yikes! Avoid it as much as possible.
6. Make Friends
* Building relationships is one of the best things you can do while in the labs. The more connected you are within the community the better. Offsec also provides an IRC Channel where you can communicate with other students and admins. I strongly suggest jumping in here before your lab time and asking your questions here Keeping rule #1 in mind.
7. Get a mentor
* Find someone who already passed OSCP or OSCE who can help do exactly what this article is doing in real time. Often times we read articles like this and forget that there is a real life person that wrote it and may be readily available in some Hackthebox forum somewhere. Find someone to “show you de wey!”
8. Stay up Until 3AM
* My bedtime is 3am just about every night. It’s gotten to the point where if I go to bed before then I will be laying there with my eyes open staring at the ceiling. Learn to optimize your available hours to pour into the labs and try not to get divorced because all you seem to care about is buffer overflows and rooting pain & sufferance! Make sure you communicate your schedule with your family and don’t slack off doing your responsibilities around the home!!!
Relax! You’re going to do well! Check out some of my Github stars to find some really good enumeration scripts and other toys I’ve picked up along my journey to OSCP. If you’re not familiar with Github before starting in your labs you will become familiar with it soon enough!
I leave you with this:
Every machine you face in the labs and in life is a mirror reflecting your pentesting skill and competency.
Every box you gain is a step upward in your ascension towards the glorious OSCP certification! Keep struggling! Keep learning! Keep hacking; and Stop sleeping!