Aug 062015

I finally found the time to do the offensive security OSCP exam. I wanted to write down my experience, because it differs from other posts I found on the internet.

Piece of cake. The lab is harder than the exam.

The lab

Let me quickly sum up the lab experience first. The lab was fun to do and sometimes very challenging. I learned a lot of new stuff especially in the field of windows privilege escalation. I hacked around 40-45 of the boxes in the lab until I finally gave up. I gave up because I got bored. What you do during the PWK/OCSP lab is mainly
– scan using nmap, dirbuster, nikto etc.
– google exploit
– use exploit
– if limited shell: google priv escalation exploit and use exploit.
The “google and use exploit” phase is mainly try and error. I cannot spoiler too much, but it is like that for 80% of the boxes. I still had fun for a week or so.

The exam

After I got bored in the lab I paused OSCP for some months. I totally lost interest in it. At some point I was tihnking about it and simply booked the exam without adding some days of lab access to get familar with it. After it started it took me some minutes to remember the tools I used to scan etc. Its a bit like cycling, once you start doing it you remember all the stuff, it just takes some minutes. The scanning took around 1 hour and during the time I read a book and had a tea. 6 hours later I managed to fully compromise 4 systems and 1 system partial. That is enough to get certified. I ordered sushi, watched the movie “Four Lions” during lunch and went to bed. The next morning I started to write the report (still in exam time, which was good, so I could take additional screenshots).

Roughly 24 hours after I sent the report I received the notification that I passed.

Thinking about something challenging now, like OSCE.


Some other notes:

I used Ubuntu as hypervisor and virtualized kali using virtualbox. I fully updated it and installed the vbox additions. It is not supported but work very well for me. I think Backbox might be a good alternative, too.

A very handy utility BUT the search function so bad that I ended up using “grep” inside the keepnote directory to find stuff. I will never use it again, but I don’t know an alternative (well … for me Excel works).

Lab report
I did not do one. The template provided was good in general, but I would recommend to use MS Office, not Libreoffice/Openoffice (I had problems with it and the template).

I have 5 years of professional experience, mainly network security. I have some of the bullshit certifications HR people ask for (CISSP, CISA, CISM, ITIL, CCNA, …). Kali was not totally new to me, but most tools were. Debuggers, ASM, python, webbased attacks etc. was totally new to me. I had to learn it during the lab.