Since I recently passed my OSCP and have read a lot of OSCP blogs in the process, I thought I will share some information and tips as well. Due to the shear amount of existing blog posts that all cover the exam perfectly, I do not want to add another one, telling you how to manage your time or structure the exam. Instead I will supply you with some ressources I have used myself, that might be of help for you as well. At this point I wanna say thanks to all the people contributing resources to the community in their spare time :-)
This will just be a general collection of resources and links but if you have any questions, feel free to contact me on Twitter - I wish you good look for your exam!
General Ressources
PWK Example Report - Have a look at this one early on, so you know what is expected to be in your exam and lab report.
Same goes for the OSCP Certification Exam Guide. There are restrictions in the exam regarding tools you are allowed to use. You are only allowed to use MSF on one of the boxes in the exam. So try to read this and avoid the tools which are not allowed in the exam during your lab and practice time.
By now all exams are proctored. Check here what this means for you and check if you meet the requirements for the proctoring session. Also use Chrome in the proctoring as Firefox is really unstable.
Payloads
My goto for basically every kind of payload by now is Payloads All The Things. It is an incredible big and well maintained collection for methodologies, techniques and payloads. Especially helpful is the Reverse Shell Cheat Sheet. Make sure to understand and read the Spawn TTY Shell chapter as it will help you a lot with not losing your shells by an accidental CTRL + C.
Guides
These guides are not perfect but they help you to further solidify some information which you get in the PWK material.
Privilege Escalation
In my eyes this is the hard part of OSCP. So practice it a lot and watch videos that help you understand potential privesc vectors if you have nothing to practice on. Try to avoid Eternalblue and DirtyCow in the lab. It will not help you to learn anything and there are other privesc vectors that will help you train the general methodology more.
Linux:
-
Basic Linux Privilege Escalation by g0tmi1k - This one is the best
-
Linux Exploit Suggester - Nice script that suggests fitting kernel exploits
-
LinEnum - Collects privesc vectors for you and general information about the system
-
GTFOBins - Good list of binaries that can be abused for privilege escalation
Windows:
-
Windows Privilege Escalation Fundamentals by fuzzySecurity - One of the best guides for Windows
-
PowerUp - This handy powershell script checks a lot of Windows privesc vectors for you. Might not work in the Lab but for newer machines it is superb
-
Sherlock - This is a powershell script that suggests privilege escalation vulnerabilities
-
Ippsec’s HTB walkthroughs - These are really useful. Watch them whenever you have some spare time, but do not forget to practice the things teached yourself :)
Compiling for Windows on Linux:
apt-get install mingw-w64
i686-w64-mingw32-gcc exploit.c -o privesc.exe -lws2_32
Workshops:
- Windows / Linux Local Privilege Escalation Workshop - This one is apparently quite good, have not used it myself though
BOF
Practice and do the BOF in the exam. It will give you a save 25 points.
-
vulnsever.exe - That is an intentional vulnerable cmdline application. Very good for practicing the simple things first
-
Buffer-Overflow-Exploit-Development-Practice - This is a collection of vulnerable applications that might help you practicing the BOF further
Tools
If you want to save a lot of time during the exam, think about using some script that handles automatic enumeration for you. It will be faster and save you from forgetting that one crucial scan.
- AutoRecon - I liked this most. Tweak it to fit your personal needs.
I did not use Kali Linux but preferred to use my normal system, where I a most comfortable working on. To have access to Kali’s Repositories I used a modified Kali image with Docker. Find my Dockerfile here.
Report
While Offensive Security supply you with a Word template, I would recommend you to use this one for Markdown. It saves you from a lot of work, regarding image resizing and fitting and makes inserting code easier.