OSCP Review

Cover Image for OSCP Review
Marmeus
Marmeus

Introduction

On the 29th of January, 2022, I successfully overcame the new version of the OSCP exam. Hence, in today's post, I will tell my opinions on what you need to do before purchasing the course, tips about the new exam model and what you need to know before taking the exam.

Before purchasing the course

The course teaches a vast amount of topics in a PDF of 850 pages and videos, which are very time consuming, so every minute reading the PDF, you are wasting time on the laboratory, which undoubtedly you will need.

In my opinion, the document should be used to solve doubts about a specific topic and for the mandatory exercises for obtaining ten bonus points that can help you pass the exam.

So, "where do I start?" Well, if you are a complete newbie, buy one or several VIP subscriptions on TryHackMe and start doing the rooms of the learning path:

Now, continue completing more rooms until you find almost no difference between rooms. Moreover, feel free to read as many write-ups as you want while doing a room; you need to learn the basics and understand what steps you need to own a machine.

Once you are tired of TryHackme continue, with HackTheBox by completing the TJNull's list, where you will find some boxes similar to the ones in the lab.

Finally, while you are completing machines, take notes about the techniques used because it is inevitable that some of them will appear similarly in the exam, so you can exploit them without wasting time remembering them. Furthermore, doing write-ups of each pwned machine will prepare you for the exam report.

Privilege Escalation

Luckily for us, privilege escalation shouldn't be hard if you have taken notes while attacking machines, have watched the privilege escalation courses and have completed the privilege escalation rooms.

AuthorLinuxWindows
TheCyberMentorCourse & RoomCourse & Room
Tib3rius ⁣Course & RoomCourse & Room

Both courses and rooms are pretty similar so it is up to you if you want to take both or just one of them.

Buffer Overflow

In the new exam model, the Windows Buffer Overflow vulnerability might not appear to you. However, it is not a bad practice to be prepared in case you need to encounter it.

For being prepared you can do the Buffer Overflow exercises in the course and the following rooms:

Note the process because the BoF in the exam is going to be really really similar.

Active directory

From January 12 the exam will have Active Directory as a mandatory part with a value of 40 points. This part consists of three Windows machines where you will have to jump from machine to machine until you become the administrator of the domain controller. So, you need to know about windows privilege escalation, Active Directory and Kerberos that can be learned from the following rooms.

Keep in mind, that in the OSCP the Active Directory is not going to be harder than this, but if you want to improve your knowledge I encourage you to complete Throwback.

The lab

The lab is divided into several sections: Public Network, IT Department, Development Department and Administrator Department; being the former, the starting point for unlocking the rest. For doing so, you will need to obtain the network-secret.txt stored on the root's home directory of some of the lab machines.

Furthermore, some machines have dependencies so you will need to own a previous machine where you will find information for accessing the former. This aspect of the lab is what I hated the most because there is no information on which machines have dependencies, just hints from people on the forum, so you are wasting your time on machines that you do not have any chance to complete unless you have completed its dependant. Moreover, there are no hints about where you can use the information obtained once completed a machine, which I find annoying.

Finally, the machines in the lab will test your skills learned while doing the TJNull’s list and the TryHackMe paths, which will tell you if you are ready for sitting the exam.

Are the exercises worth it?

Before the new model, you needed to complete the 104 course exercises for obtaining 5 points in the exam. Nowadays, you need to complete the 104 course exercises and obtain ten proof.txt with their write-ups. However, is it worth it?

Actually, it is really worth it, because it is your only option to pass the exam if you don't complete the Active Directory domain. Nonetheless, you will have to complete all the stand-alone machines in the exam which might be harder than the AD.

Finally, you have to know that completing the exercises might take you two weeks of your lab time so keep it in mind if you are running out time

The Exam

The new exam model consists of two parts: three independent machines and an Active Directory Domain. The former has a value of 60 points, ten points for each user and root flag. The latter has a value of 40 points but you need to complete the whole domain to obtain them.

Knowing that, your only two strategies are:

  1. 30 Points of standalone machines + Active Directory (40)
  2. 60 Points of standalone machines + 10 Points from the course exercises.

Furthermore, there is a high chance that you will encounter services that don't have vulnerabilities associated or there are for another Operating Systems on searchsploit; which is something that rarely happens in the lab. Hence, you need to think outside the box trying to exploit service miss-configurations.

For example: You can find a service or web application that doesn't have any exploit on searchsploit, github, cve.mitre.org, etc. so you will have to find manually if it is vulnerable to SQLi, Path Traversal, Command Injection, etc.

Finally, the exam requires you to stay calm and not panic; you need to be relaxed and do not worry if you are not getting any points in the first hours of the exam ( I didn't get user on any machine until the first 6 hours of the exam). Keep trying all the possibilities until you have run out of ideas. Then, look for new ideas about the topic you are trying to exploit on the Internet and the most important of all K.I.S.S. (Keep It Simple, Stupid).

Conclusion

The PEN-200 course is NOT an impossible task; it requires study, taking good notes and PRACTISING A LOT. If you have achieved these tasks you should not worry about the exam.

YOU CAN DO IT!!! ;D