Finally, I am an OSCP ! *Fist pump* Took a while, but it was totally worth every second. My friends have been asking me to blog about my experience or to give out tips, but considering my stumbles I felt I should write a post about 'How (not) to flunk in OSCP'. :)
Before I start my rant, a little background - I am new to the security domain, entered it about a year and a half back. I've mostly worked with web app pentesting. Also, my Linux skills were pretty much zilch before OSCP. So basically, "God knows what I was thinking when I enrolled for OSCP :O " ! Now onward!
Next time someone tells you that the OSCP certification is a different league, give them a cookie, because they are right! The lab work and the exam are the most exciting and taxing thing I have ever been through. On an average, be ready to invest atleast 5 hrs a day for 60 days breaking into every lab machines. I made the mistake of jumping into the exam too early and taking it too lightly, what was the end result? I screwed up... royally.
I didn't break into enough machines within 24 hrs and flunked. After my dismal performance, I crawled under a rock and started rethinking my line of work. Some encouragement and support from friends and family helped calm me down, I started analyzing the situation and realized that the exam was doable, difficult but doable nonetheless. I started trying to figure out all the mistakes I had made - to start with I didn't pay enough importance to enumeration (The cardinal sin!), I also gave up too soon. One statement you will continuously hear when you start taking the course is, "Try harder". You'll continue hearing it until you grow tired of it, but its true, you cannot get through the course unless you try harder.
After loads of practice and long hours of listening to 'Eye of the tiger', I got ready for round 2. As soon as my exam package arrived I started with the enumeration. Nmap tcp, udp, scripts on all machines, on all ports. I also started up hydra with the standard usernames and passwords, afterall you never know when you'll get lucky :D Armed with the data I started on the easier machines, with some points in the basket I gained a bit of confidence. Once I had gotten into 2 machines I took a break (more like forcibly dragged off for lunch). But the break was very helpful, armed with a sugar high and a fresher mind I broke into another box. The last few points were the hardest, but I eventually got there and the rest is history.
The most common question that most people have is, "When will I know I am ready to take the exam?". I could give you a mystical and kung-fooey answer - "You will know, when you are ready". But of what use would that be? Once you get all the network keys you will know that you are ready for the exam, at least that is what I observed. Breaking into lab machines will give you good edge in the exam, and breaking into lab machines with more than one way will give an even better edge.
Winning formula - (Lab exercises + enumeration ) * (persistence + commitment + thinking outside the box) = OSCP :)
Some resources which helped me immensely -
- http://www.securityfocus.com/
- http://www.exploit-db.com/
- http://www.offensive-security.com/metasploit-unleashed/
- http://g0tmi1k.blogspot.in/ Special mention to his priv escalation post - http://g0tmi1k.blogspot.in/2011/08/basic-linux-privilege-escalation.html
- http://nmap.org/nsedoc/ (Absolutely essential!)
- http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
- http://carnal0wnage.attackresearch.com/
- IRC