My l3g3nd

There is no spoon

OSCP - My Chronicle

| Comments

There are number of blog posts about the Offensive Security Certified Professional (OSCP) challenge but why I am writing another one? Because I had many sleepless nights, completed the daunting 24 hour challenge and above all I TRIED HARDER. I earned it!

This certification requires tremendous amount of dedication and will need full co-operation of your wife, kids, cats, dogs and any other noteworthy personalities in your life. It is very different from any other certification as it has a completely hands-on labs, hands-on certification challenge and can drive an individual to the verge of insanity and make him/her quit. Overall experience is closest to real world and after completing successfully it gives a sense of major accomplishment.

Before taking the certification you have to sign up for Penetration Testing with Kali Linux (PWK) course. Course materials are in the form of pdf (300+ pages) and videos (several hours) and I have to say its very well laid out. It covers various information security topics BUT does not provide everything that will be needed to succeed in labs or exam. This course does not spoon feed and lots of extra work needs to be done to walk the extra mile. IMHO this is not a entry level challenge as you should be comfortable with Linux, scripting languages (Bash, Python, PHP, etc.), basic understanding of networking and working of computer systems in general. Knowing about C/C++ and assembly language is a plus though not required.

My Experience

Previously this course wasn’t PWK but Penetration Testing with BackTrack Linux (PWB) and that is when I signed up for it in the summer of 2013. I signed up for PWB with 60 days of lab exam thinking this will be enough but I have never been so wrong underestimating the difficulty of this course. After paying the fees I had to wait for about 2 weeks before I could get started. At the specified time you get couple of emails with VPN instructions and course materials. Lab is a controlled environment which is accessed via VPN and has all types of operating systems such as Linux, Windows, BSD, etc. There are several multi-homed machines that provide access to different hidden networks once rooted. The whole objective is to practice in labs and get as many administrative/root privilege machines as possible in all the network(s).

Another interesting part of this course is an IRC channel #offsec where you can find other folks in similar conditions facing a brick wall after several unsuccessful attempts to hack and make any progress. And then there are few admins whom you can ask for help in case you get stuck which starts usually with ping admin. More often the response is Try Harder which is what you don’t expect to hear but thats how this course rolls :). You are pushed to the brink of your limits and forces to look things differently. All this to force learning and eventually make you succeed in the exam. I will be honest and admit that I couldn’t do much in 60 days of lab time with the information dump from pdf and videos and juggling through work and personal life. In that time I only managed to get a handful of machines which was embarrassing to say the least. For some personal reasons I couldn’t renew my labs after that and entire year passed making this as a complete failure. I didn’t give up hope and continued honing my skills by learning Python, Bash and various security tools.

In January 2014 I received an email from Offensive Security stating that there is a newer version of PWB called PWK and previous members can get discounted upgrades which reinvigorated my interest in getting OSCP. Getting over the failure of last year wasn’t easy but I gathered all my spirits, consulted my wife and signed up again for 60 days of PWK. This time I was determined to succeed and did all the homework. Towards the end of 60 days I had access to all the networks and root/administrative access in about 90% of machines. Wow! that felt good.

I wasn’t confident enough to schedule the exam challenge yet but when I checked available dates I was greeted with a surprise. Either I had to take the challenge on the following weekend which was few days after my labs were getting over or wait for another 45 days. Oh boy, that sucked. I was ready to buy another month of lab time but my wife motivated me to take this challenge on the same weekend. Worse thing that could happen is I fail the exam. Also, I had to work on the most boring part which was lab report of all the hacked machines and time was essence but somehow I managed to write up as much as I could in next 2-3 days.

Challenge Day

I was nervous, never took a 24hr challenge and couldn’t fail at any cost. At the scheduled time I received an email with the new VPN details and guidelines about the dreaded challenge. Again all the guidelines were very clearly laid out. Started working on my first machine. No luck! Hour wasted. 23 hours to go. Then decided to stick with one machine and after 3-4 hours got my first machine! And there was 25 points. W0000t! To succeed in exam you have to get ‘X’ points out of 100 and points are awarded based on user or root level access gained on machines. All the documentation done during the exam has to be submitted along with exam and lab reports within 24 hours of exam being over.

It was 7pm or so when I started working on second machine and guess what it was easier than I thought and got my second root privileges. May be it was my preparation and I patted on my back. By this time I was feeling very comfortable with my progress and was confident that I will do well. Took a break of about 45 minutes and had dinner. Again back to my desk looking at computer screen. After few hours I was able to gain user level access on couple of more machines. By this time fatigue started to set in and I was losing concentration so decided to call it a night and sleep for about 4-5 hours. I woke up motivated and needed just one more root access which will be enough for me to pass the exam. After couple of hours I was able to capture the final flag! Hell yeah! Sigh of relief and what an amazing feeling. Out of 5 machines I had root access on 3, user access on 2 and enough time to go over my work. I completed all my documentation and sent an encrypted email to Offsec which starts the wait of 72 hours. This is the time Offsec folks take to review submitted reports and documentation before declaring final results.

Confidence was running high but after couple of days with no response from Offsec folks panic started to sink in. All those crazy thoughts about not passing the exams and each day felt like an eternity. Wednesday morning I got an email with famous words stating: you have successfully completed the Penetration Testing with Kali Linux certification challenge and have obtained your Offensive Security Certified Professional (OSCP) certification I was loss of words to be honest. This was one of the greatest things I have ever done and all the hard work paid off in the end.

My Gratitude

I have to give special thanks to my wife because without her support I couldn’t possibly do this challenge. My MacBook Pro deserves a special round of applause for taking all the beating and sticking with me all the time. I made few wonderful friends notably b1tterM4l and MacR6 and again their support was vital to my success. I would also like to mention about ryujin’s famous citation in one the exploits “So that’s it, I just need inner peace?” (from the movie Kung Fu Panda) guided me in times of distress. Kudos to the Offensive Security team for doing all the hard work and creating this very creative and professional challenge.

Wisdom Acquired

I have a Master’s degree but I don’t think I have worked this hard in entire 2 years as compared to OSCP. Everyones ability to solve problems and getting correct perspective is different which could mean failure or success in this endeavour. Just knowing and not understanding will only lead to pain or sufference or both :) . Attitude is very important because there will be times when no possible solution will be in sight and quitting seems the only option. Hanging in there and trying one more thing could make a difference.

Resources

Following are some of the resources that helped me a lot in this great challenge: http://www.google.com
http://www.securityfocus.com
http://www.exploit-db.com
http://www.securitytube.com
http://www.corelan.be
https://docs.python.org/2/tutorial/

Comments