Veni Vidi Vici.
After the endless efforts throughout the year, I finally achieved my Offensive Security Certified Professional certification on 5th FEB 2021. Though everyone shares the experience and their journey, but I will definitely love to add mine to the bibliotheca. Because when there are just few days left for your exam, each and every reference, journey experience and tips counts.
I started an year ago, with a little or none knowledge of Pentest or Hacking. I remember the day when I created an account on Hack The Box, just for fun and endeavor. At the start of journey it got tough to tougher for me to analyze and break through into the machines. But then, it gradually started with : https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
After completing the above mentioned link and everything covered in it. I still was not able to hack into any HTB machines by my own. Then I got a life saving tip, if you are a noob never start with HTB, go for Vulnhub machines, cause they are straight, easy and makes you learn new things each time you solve one of them. So starting with this tip. I downloaded and installed KALI VM. I installed Virtual Box and VM Ware workstation for Hypervisor dependent machines. And then started with https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms.
Of course I read walkthroughs ; Of course nothing was doable easily. Then gradually I started learning new tips and tricks to penetrate into the machine. I started studying about Linux and Windows Architecture and the way files and folders are organized as well as accessible, by different level of users.
After completing the whole list by abatchy. I tried hacking into HTB machines. Still I was not able to hack into them by my own and so took lots of nudges and slowly started gaining the grab on things. I remember CASCADE was the first machine which I solved by my own, with only 1 nudge, that too to just confirm whether I was going right. But this doesn’t mean, that from that point of time I never needed any nudge in any of the boxes. Remember I was not able to hack it all by my own.
After another month on HTB free machines. I now knew, I have already got familiar with what is low level methodology of hacking into the machine. So now was the time to get a VIP connection on HTB, which I personally recommend every one, cause it is a game changer. I solved almost every machine in https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1839402159. It gets updated as new machines come into play.
I achieved this by targeting 3 machines daily from the list. This was not done by banging your head against the wall or trying to solve it by your own, but with nudges from other’s walkthroughs , and the legendary IPPSEC videos. Hey guys this is IPPSEC on youtube………….Please do not forget to support me on PATREON. If you have heard those lines, your future is bright. This is not because he provides walk through which others’ don’t; rather than, this is because watching his videos will let you learn not only trick but develop a better pen test methodology. Starting of with nmap default script and version scan.
Now after the VIP connection got over, I knew I had good hands on, on the machines and have learnt good number of tricks. So I enrolled myself in OSCP course.https://www.offensive-security.com/pwk-oscp/?utm_source=adwords&utm_term=offsec%20%2Boscp&utm_campaign=&utm_medium=ppc&hsa_mt=b&hsa_ad=416888275134&hsa_net=adwords&hsa_src=g&hsa_kw=offsec%20%2Boscp&hsa_tgt=aud-740753327881:kwd-835330386374&hsa_cam=9268290411&hsa_acc=7794287291&hsa_ver=3&hsa_grp=92754783343&gclid=Cj0KCQiAvP6ABhCjARIsAH37rbThrX_Iy94232VIjItjQDPViEjcrOT_Yc0h794y99mxR5d8h9GnSWEaAkjhEALw_wcB
I took a date to start my labs in September, which was exactly a month ahead from the present date then. In mean time I sorted notes, wrote walkthroughs on medium, revised content. I added more content to my knowledge by reading walk through of machines I couldn’t solve during VIP connection time frame. This was important, as it not only helped me in improving methodology but learning new tricks. Cause every machine is unique of it’s own.
27th Sep 2020, finally the day came where I entered my 3 months of labs time frame. I gradually started with public network and then gained access to inner networks. It went well, seemed easier after whole HTB stuff, though nudges where required at some places. This is where forums proved to be a great help. Don’t hesitate using forums, it is meant to be used. But never forget what and in which situation you got stuck and asked for help in forums and how you overcame those points. A great habit to try harder and at same time, continuously evolve at learning.
When almost 3 months, were to get over I was ready with all boxes hacked and a simple Lab Report containing only walk through of 10 machines and not the LAB exercise. Spare me the horror of lab exercise. If you want, you can definitely go for it, even OSCP guys prefer you to do so. But for me, I didn’t have that much of patience. Well, I scheduled my exam on 2nd of Jan 2021.
Day before exam , sorted out all notes, prepared all templates for reporting, created a snapshot of kali linux, checked my network connection and got enough sleep.
EXAM Day : Started at 11:30 , got 25 marks BOF, in first one and half hours. Took a break for 15 mins. I was suffering over anxiety and tried to remain calm. But you know exam pressure is enormous. Then I returned back, and tried enumerating 25 marks machines, got few checks and then as per the plan started with 20 marks machine. After 4 to 5 hours of enumeration on all 3 machines, i.e. 20 , 20 and 10, I got a non-interactive low privileged shell of 20 marks machine. After enumerating more, I got my first privileged shell of 10 marks machine, at the 8th hour of exam. Took some break to cool off and rethink. Then went back and started enumerating, and at 13th hour got my first low privileged shell of another 20 marks machine. This motivated me, I already had 25+10+10+10 = 55 marks till now. I enumerated a more and more, till 15th hour. But now, now I was exhausted and was not even able to think or focus. I took some longer break and came back, but no, I could not get anything on either of 20 marks machines. Then I decided if I do a 25 marks machine , I can pass. So I did not lose hope and tried enumerating it, it seemed to have SQL injection on one of the ports open, but it was a blind SQL injection, and somehow by experience I knew, this was going to be a bad rabbit hole and at that point of time, I didn’t have enough energy to think fresh. RESULTS : failed the exam . REASON : exam anxiety, wrong order of enumerating machines and spending time on same things, knowing could be a rabbit hole. WELL……………….
Booked a second attempt on FEB 1st , just a month later. There was nothing to prepare this time, as I was clear, this time I need to be specific in order of machines to be hacked, 25 (BOF) then 10 , then 20 then 25 then 20. Also take enough sleep.
As said, EXAM day: This time I kept exam in the evening, realizing previously I didn’t get time to sleep. So as the exam started I rooted BOF in exactly one and half hours. Then focused on 10 marks machine and got the same. Got 20 marks machines low privileged shell in 6th or 7th hour of exam. Took a short break, came back. Enumerated, enumerated and enumerated. Failing a while , after 11th hour of exam, I decided to take night sleep. I went for the break. Woke up at 8am in the morning, time left was 8 hours. Luckily whatever I was doing before sleeping, turned to work this time with minimal changes. I guess, this is the reason people tell you to take a break. Gaining the low privilege shell of 25 marks machine, I got 25 + 10 + 10 +10 =55 marks. Enumerating more, proved escalating privileges on this target was easier than the foothold, and so in 18th hour of my exam I gained the admin level shell, thus scoring 25 + 10 +10 +25 = 70 marks. WOAH … PASSED…
Now I enumerated a little bit more and in 21st hour of exam I was able to get the interactive low privilege shell for another 20 marks machine, and continuing with the same on 23rd hour I gained the root level shell for the same. Thus in total gaining 90 marks. Well this was more than frustrating. The VPN connection closed at 23:45th hour and exam ended.
REPORT : I used PWK v1.0 as template format for my exam report, available on Offensive Security’s website. Believe me, start early with reporting. Though I started just 2 hours after my exam got over, I ended up submitting report just 45 mins before estimated time. The report should be as detailed as possible.
- Try going through as many resources as you can
- Know what exam is trying let you do.
- Know your tools and references to use them, ippsec.rocks will help you a lot.
- Know your points and constantly keep a check where you are and how much you need to pass.
- It’s an exam, you will face anxiety, you will face stress, keep calm and don’t give up.
- Schedule exam as per your biological clock, if you are a night person, schedule it with majority of exam time at night, and vice versa.
- Prepare your meals, notes, ID etc. a day before the exam.
- TAKE BREAKS.
- Rethink what you have and then move on. Also it’s a 24 hours exam so be smart, you won’t be given something which seems enormously out of bounds or quite in depth. Things will be easier but TRICKY…
- Script Kiddie approach won’t work in here.
Few words at last : Believe in yourself, you will achieve it. Nothing is impossible. Don’t give up. TRY HARDER!!!
And I am still not able to root HTB machines on my own.