Soooo completed my exam at the start of the week. Wow. What a mad 24 hours. I had a power cut, webcam overheating issues which caused a few minor heart attacks but I got there! I completed 4 out 5 machines with a potential final tally of 95 points. So here is a quick little breakdown. I won’t go into tooo much detail for obvious reasons but just a quick summary of the day. How it went, a few tips and tricks to hopefully make your exam day run a bit smoother.

The day.

Kicked the exam off around midday, it was a stupidly hot day but managed to get set up early and completed my checks with proctor and got going. However I had a number of initial problems with my browser and the proctor software dropping out. I would highly reccommend using chrome instead of firefox, as firefox kept disconnecting my webcam. It took about an hour for me to iron out all the kinks read through the information take a few notes and get settled. I was a little behind my schedule. I had roughly outlined the day with targets of where I needed to break and milestones I hoped to achieve through the day. This was quite a good idea and I cannot say enough how important it is to take a break. I had an alarm set for every two hours, to remind me to break and get away from the screen if I hadn’t got anywhere. If not I took a natural break after completing each stage, initial compromise and priv esc. I completed my buffer overflow in around 35 minutes and spent another 20 or so running back through it for some quick screenshots. Due to all the initial technical problems I had completely forgotten about turning my screen recorder on so missed the entire buffer overflow… With the bof done I took a 10 minute break and got cracking on the next 25 point machine. This and one of the 20 pointers were great fun I must say. The exam machines are a step up. They require a good strategy and thought process but they are not impossible. If you stick to your methodology and work through them logically bit by bit you will progress. I managed to get the second 25 pointer done by around 4 in the afternoon. Took another break for about 30 minutes, checked back over my notes. Made sure the exploits worked again and could be reproduced, then onto the first of the 20 pointers. I made good progress on this one. Taking till about 8pm when I stopped for food. At this stage I had secured 70 points. A good place to take a longer break for around and hour and double check all notes again. This 20 point box also coincided nicley with minor powercut as a trip switch tripped in my house… If using Cherry tree, make sure you turn on the autosave function! Saved my life. At this stage my poor borrowed webcam had been on for hours and was also starting to overheat. I had to move it around and perch it on a windowsill. The proctors where fantastic and as long as I kept them informed were very understanding of any problems. I made no further progress on any other box after dinner. I could not see a way in on either the remaining 20 or 10 pointer. So I worked till around midnight then hit the hay. I crammed around 5 hours of restless sleep, then headed back out. I had a nice morning refresh and managed to crack the final 20 pointer by around 7am. I spent a further hour on the 10 pointer. But at 8 o’clockish decided to throw in the towl on the 10 pointer and focus on the notes and report. I re did most exploits, took additional notes and screen shots and double checked all the hash’s I had gathered so far. I ended my exam with 15 minutes to spare, with no metasploit usage. I spent about another 4 / 5 hours on the report most of this was proof reading and tweaking. I had gathered most screen shots as I went and this is very important, it will save you a tonne of time at the end if you keep good notes as you go.

I handed in my report at around 4pm and had confirmation it had been recieved that evening. Now the wait is on. I really hope I have done enough to pass. I know the marking process will be pretty brutal so I hope I have not missed anything or made a stupid mistake, that costs me the cert. It really is hard to keep that level of focus up for nearly 48 hours, I did not expect to be this near to passing first time around. So fingers crossed!!!

Key tips and points.

Keep calm. (super cliché but true)

Keep to your methodology, work through one box at a time step by step and try everything out at least twice. If you have built a solid step process in the lab, you will be fine.

Autorecon. Use it, honestly saved my ass in this exam under the pressure of the exam you will miss things.

Have a backup. You never know what might happen, be prepared.

Take breaks, pretty much all my breakthroughs came after breaks. Go for a walk make a drink anything.

If you make no progress move on. Set a hard time limit for progress. If you are getting no where move on and come back later.

Draw up a little timetable of the day and try to stick to it. It will stop you from spending too long obsessing on one thing.

Assess what you have. What access do you have, what would you need to get more access. What can you chain together to get where you need to. Don’t jump at the first thing you see and obsess with it take the whole machine and all the services as a total.

Enjoy it, sounds sadistic but bloody hell, there is nothing better than rooting some of these machines, take the wins and roll with them. There is also nothing worse than getting no where but keep at it and you will get them, they are all possible!(maybe not the 10 pointer I swear)

Ippsec. I owe that man so much, watch as many as you can. That and trawling the internet reading git pages and finding methods, was pretty much my pre exam week prep.

My bookmarks.

Heres a little list of all the bookmarks I have been keeping over the course. I hope they will be useful for you, there are some great resourses here and all credit the creators, couldn’t do any of this without people like these.

windows_priv_esc [leviathan]

OSCP Guide | BlackWinter Security

Introduction · Security – My notepad

FuzzySecurity | Windows Privilege Escalation Fundamentals

OSCP – Windows Priviledge Escalation | Hacking and security

A Script Kiddie’s guide to Passing OSCP on your first attempt. — Hack The Box :: Forums (this was a great link for me before I took my exam. It helped calm ther nerves so thanks!)

PayloadsAllTheThings/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThings

Advanced PowerUp.ps1 Usage – Recipe for Root

Linux-Precompiled Bin exploits

P3t3rp4rk3r/OSCP-cheat-sheet-1: list of useful commands, shells and notes related to OSCP

Privilege Escalation – Windows · Security – My notepad

dostoevsky-pentest-notes/chapter-4.md at master · dostoevskylabs/dostoevsky-pentest-notes

There are probably more strewn around my bookmarks bar. I will compile everything on my git once I know the result. I have around 2 weeks of lab time left which I plan to use, Im going to work through the other networks and practice a few little tricks and tools I have wanted to use but knew would not be on the exam. Of course I could be spending more time in the lab than I plan if I don’t make the cut. But hopefully the next post you see from me will be a good one! Best of luck to anyone sitting the exam soon, or is waiting for results and if your just starting out 🙂