OSCP Review - Cracking OSCP at 17 - Andmp | A blog about infosec, bug hunting and more!

"Good artists copy; great artists steal."

Just another web hacking and vulnerability research blog that details how I use existing knowledge and old ways to discover new vulns ;)



Post Top Ad

Saturday, 8 September 2018

OSCP Review - Cracking OSCP at 17

  Meet Kunal, a friend and fellow security researcher and hacker, the youngest boy to crack OSCP in India at the age of 17, all at the age of 17! Today, Kunal is set to share his insights and reviews about OSCP, regarded as one of the most hardest exams in InfoSec certifications! Enjoy the post and feel free to leave back your questions and opinion in comments section...

Greetings to Everyone reading my review of PWK Course and OSCP Certification Exam.


My name is Kunal Khubchandani and I am a 17 year old OSCP, Cyber Security Researcher who started as a Bug Bounty Hunter back in early 2015.
Referring to Title of the post, today I would like to share my review of PWK and tips to crack OSCP Certification Exam which I passed after my High School.

Hope it Motivates a lot of Youngsters in Information Security and every Individual who wants to Pursue to this Certification.

First of All I would like to Thank God , My Parents and My Infosec Buddies who have given me a lot of Motivation and supported me throughout this craziest Journey.

Talking about OSCP , We all know it is an InfoSec Certification focusing mainly on System Penetration Testing. According to me, this certification is a Mind Opener and definitely something that is going to give a Boost to your career. 
It is considered as a foundational course, but you need to have a strong knowledge about some various things which will help you throughout this course

Most people complain that OSCP does not focus on Web Application Flaws, so you must check the syllabus before registering. 
OSCP Covers only important Web Application Vulnerabilities such as SQLi , RFI , LFI and RCE which are enough to complete the course.

Prerequisites for this course -:

  • Strong knowledge of Linux OS (Kali Linux) and Windows Environment.
  • An Ability to Understand how Web Applications Work.
  • Basics of Networking
  • Knowledge of Programming Languages such as  C , Python and Ruby is Mandatory for Understanding the exploits and how they can be modified.

If you are good with the all of the Prerequisites which I mentioned Above, no one can stop you from becoming an OSCP. All you have to do is focus and work Hard. Spend As much as time in labs.

My OSCP Journey In short 👇👇

 OSCP = Depression + Excitement + Frustration + Fear (D.E.F.F). 

I registered for this course and chose 1 month lab access on 15th or 16th of April and selected the next course start date which was on 29th of the same month.

Between the time of my registration and Courses start date, I  did not waste my time but to get some prior experience I decided to start VulnHub machines which were recommended for OSCP.

 Names of those machines are available here . (Abatchy's Blog)

I did most of them, taking the help of available walkthroughs/videos whenever I got stuck.

*Tips on Purchasing the Lab*

1) If you have a lot of Experience in System Pentesting, 30 days of lab should be perfect for you.

2) Little Bit of Experience then 60 days are enough.

3) No Experience then 90 days .

If you want to Save time and money both, My Advice to you is, do not register for OSCP. Instead visit Hackthebox Platform and Spend 2 months. You can divide the 2 months as follows -:
  • 1 month on Vip Lab which will give you access to Old/Retired Machines + Active Machines and costs about 10 UK Pounds/Month.
  • 1 month on Free Lab which gives you access only to Active Machines.
The difference between both is , when you have a Vip Account you will get access to Old/Retired Machines and Walkthroughs are available for Retired Machines. They will help you whenever you get stuck.

When you finish rooting "Retired Machines", you can proceed to Active Machines which will be a little challenging as no walkthroughs are available. Once you're familiar and confident enough after solving as many as machines (Retired+Active) on HTB Network , proceed with PWK Course Registration and go ahead with 30 days lab.

It was time now, I had received my Course Materials and VPN Connection for labs on 29th April. I spent 3 days watching the course videos. Even though, it was possible to finish videos in 1 day but I took 4 days because I was making notes at the same time of each and every module covered in the course.

I wish I had spent as much as time in labs but due to my University admission and other related procedures I wasn't able to solve many boxes in lab . 

I purchased 1 month Initially and I was able to pwn 18 boxes. When the month ended, I then waited for a week or something and decided to purchase additional 1 month in which I rooted 13 more boxes. But I am happy about one thing that is, I was able to root the Machines which are considered the hardest on OSCP LAB. They are Pain, Humble , Sufferance and Ghosts. 

 That's why to avoid facing difficulties in OSCP lab, you should always practise on Hackthebox Network first and gain more confidence. Because HTB is much harder and challening than OSCP lab machines.

Now, 2nd month of my Lab ended on 30th June with only  31 boxes rooted.
To be Honest, I had not practised Buffer Overflow in the lab because of the slow rdp connections haha xDD.  I had been very frustrated during my labs as sometimes it even took me 2-3 days to root some machines. This frustration and depression sometimes made me lazy and generated a giving up attitude inside me. 

So I had to cool myself down by watching movies and playing games, which also wasted some of my lab time 😂😂😂 .

  I had then booked my exam on 17th of August so that I can get enough time to practise on HTB Network and Learn Buffer Overflow as I already had access to course videos so I could watch them again.


 I had started my Hackthebox  VIP on 28th July and solved as many as Retired Boxes before my exam which was scheduled on 17th August. I got some more confidence with that as I had taken a huge gap after my OSCP lab ended. 

Day before the exam I quickly went through Buffer Overflow modules and also saw this video here  by Jesse Kurrus while practicing Slmail BufferOverflow on my Windows VM.


Exam Consists of 5 Machines, out of which Buffer Overflow is 25 Marks and you can score those 25 points easily if you have practised B/O very well. 
 My exam began at 10 am in the morning It took me about first 3-4 hours on this machine because of my last minute preparation.  

Usually it takes 30 mins max for an experienced person, but this took a lot of time because of "Bad Characters" which you must focus on when you are doing the course. Unfortunately I cannot disclose much information about this box :). 

When the first box was over , I moved on to the 2nd and 3rd box which I scanned and enumerated together. This was the biggest mistake which I did, trying to solve 2 at the same time. This not only made me frustrated but also wasted a lot of time. 

After Several Hours I wasn't able solve any of them all I could see is my laptop screen filled with Black Terminals & Green Font everywhere 😂😂😂 and I knew that I was pretty much screwed.  I was becoming tensed and started to lose all the motivation.

I  moved on to the 4th box which was 20 points and figured out what I had to do. 
Spend some time on it, but no luck. 

It was about 7 pm in the evening and I had only solved 1 box at that time. I decided to close every window open and initiated nmap scan again for the remaining boxes with terminals arranged in such a way that would help me understand properly. 
I took a break again and went outside for 1 hr to relax my mind and purchase a can of Energy Drink.

At 9 Pm , I started the first 20 Point box with a relaxed mind and I found some stuff which could get me Low Privilege Shell. I started to gain some confidence and then I left that because Privilege Escalation was taking a lot of time and 
moved to another 25 Point Machine. 

Took me 2 hrs to complete this box and By 12  I was half dead, I slept for 1 hr and at 1 am I loaded myself with Caffeine due to which I was awake whole night. 

I had now solved 2 Machines and got 50 Points needed 20 more to Pass the exam :D.

Moved on to the 20 Point box which was left to low privileged user shell , I kept on searching until I got root then finally that box was also solved.

25+25+20 I had passed the exam.!!!!!

 One 20 Point and 10 Point left now 😄 .

 At 4 AM my Legs started to hurt badly because of the whole day which I spent sitting on chair.
Took some rest for 1hr.
I began Working on 20 Points box, I had exploited one vulnerability and there was some bunch of interesting information which was in front of my eyes from the beginning but I was not even able to notice. If I had noticed this before, A lot of time would have been saved and I would have got time  to rest . 
Anyways I spent 3 hrs on this and by 8 am this box was also done !!

2 More Hrs Left for VPN to expire and one 10 Point Box left, finally found a blog on the internet which gave me ideas for its exploitation. Tried Harder for a while and I had proof.txt 😍...

It was 9:30 am in the Morning, I was making sure I had taken screenshots for all 5 boxes.   


Vpn Expired at 9:45 am and I slept for some hours. I then started to make the report at 3 pm and spent 11 hours on finish it. By 2 am I had sent the report.

After 2 Days I received this mail 👇 stating that I had passed the exam 😃. 

My exam became harder for me because of the number of machines I was able to do in the labs. If you practised well on HTB and solved all machines in the Lab then you will be able to finish your exam very quickly.
I found Privilege Escalation to be hard but Overall It was a great experience :D .

 Some Tips -:

1) Make Notes for everything you watch and do, including Machines you solve in HTB,Vulnhub and OSCP Labs.

2) Solve Exercises and make Lab report, Documenting them can give you 5 additional points.

3) Focus a lot on Enumeration and Privilege Escalation they are really important.

4) Scan your machines properly to avoid missing out anything you require.

5) Don't be lazy like me :P , Spend as much as time in labs.

6) Cover each and every module before your lab expires.

Some Resources I referred and Used -:

4) http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

5) https://github.com/Shiva108/CTF-notes/tree/master/OSCP-Materials-master

In the end, I would like to Thank All my Friends and Infosec Buddies who have supported and motivated me so much

Good Luck to Everyone looking forward to Pursue Oscp !!


No comments:

Post a Comment

Let me know what you felt after reading the article!

Post Bottom Ad