Tips for passing the OSCP

The OSCP is one of the most well known certifications in infosec. It is know to be hard but it doesn’t have to be.

Here I will share some tips on how you can pass it on your first try.

Programming

You need to know how to program, regardless of what some people might tell you. You need to know how to build applications so you know how to break them. You don’t need to be amazing at it, but know at least the following:

  • a scripting language such as Python
  • a language you can use for backend such as C#
  • JavaScript, since it is everywhere
  • SQL, you can’t perform manual SQL injection otherwise
  • C for the buffer overflow part of the exam

Make sure you are familiar with some web frameworks such as ASP.NET, Spring, Flask. Make sure you are comfortable with a debugger as well.

There are a lot of resources available so I won’t make any particular recommendations here.

Linux

You will most likely be using Kali Linux for the exam, so don’t make not knowing how to use it an extra source of stress during the exam. The easiest way to become comfortable with Linux is using it as your only OS for a while.

Tools

Make sure you know your tools well, such as nmap. In addition, I recommend using AutoRecon since it will save you a lot of time on enumeration. During your labs, avoid using tools that are forbidden during the exam.

Know how to use privilege escalation scripts such as linPEAS to look for weaknesses.

Privilege Escalation

You will likely need to perform privilege escalation during the exam, and it might not be as simple as running an exploit, it might be about misconfigurations. Make sure to check out GTFOBins. If you encounter any application on a machine, always look for it on https://www.exploit-db.com/ and https://www.cvedetails.com/.

VHL

I did not want to recommend a particular service for this, but Virtual Hacking Labs is probably the best preparation you can do before you even sign up for the exam. By doing most of their machines, I ended up only needing 2 weeks of PWK labs before passing the exam. Do as many machines as you can. Make sure to check their course as well, it is very good and covers most of what you will need for the exam.

Do their certificate, this will help you get used to writing notes and writing reports.

Labs

Once you receive your course materials and VPN access, quickly look through the materials and start working through the labs. If needed refer back to the course material.

Do as many machines as you can, you should be ready for most of them simply by working through VHL first.

Spend as much time as possible practicing, it is a practical exam after all.

Exam

Remember to stay calm, you have 24 hours, and 24 additional hours to prepare the report. Also keep in mind that is an entry level certification, and will be nowhere near as hard as you may assume.

Start by working on the buffer overflow machine, it is the easiest one. After that choose any other to keep working on.

Take a lot of notes and screenshots, and don’t forget to take a screenshot for each privilege level you attain, along with the output of a command that shows the machine’s IP.

You receive partial points for non root access.

You can use Metasploit only on a single machine, but I recommend leaving it for when you only need a machine left to achieve the necessary 70 points.

You are allowed as many breaks as you want, and if you have been working on a machine for a long time, take a break and when you return work on a different one. Remember to eat and stay hydrated.

You can also sleep during the exam if you want, but I would recommend against it. After the exam is over you can either write your report right away, or after sleeping. I did it right away but I do not recommend it.

Conclusion

It is a challenge, but it is not impossible, especially if you are prepared. You have to be confident you can pass it, it might be helpful to remember it’s entry level.

Best of luck!

Built with Hugo
Theme Stack designed by Jimmy