31 days of OSCP Experience

Due to unforeseen circumstances, all the blogs are moved to our new site 0xdarkvortex.dev . And all upcoming blogs will be posted there henceforth.

-Paranoid Ninja

|| OSCP || Malware Analyst/Researcher || Antivirus Evader || Threat Hunter || Martial Artist ||

Tags: , , , , , , , , , , , , ,

36 comments

  1. First of all congrats sir…!!
    I really inspired and motivated after reading yr blog ….
    Sir, I have booked my exam . So can u plz give me some tips to take care about not to do any mistake before , between and after the Examination..

  2. Hi, it is amazing and inspiring experience. Thanks for sharing.
    My question is what is your approavh for web applications. They may be so complex sometimes? Especially how to enumerate and find correct path on them to exploit?
    Thanks

  3. How much time is required to crack an OSCP certificate? I am not from the IT field but interested in ethical hacking. I have zero knowledge in this at present.

  4. Bruh! Congrats on your epic reward for trying harder! Someone dropped a link to this gem in one of my telegram chats and what a gem it is! Thanks for sharing your experiences and advice!
    I am intrigued about the build of your custom box/VM…spill the beans bruh 😉 I’ve heard it said so many times, “Use the VM they give you and don’t update it!” Well, you did a’ight and I’m curious to know how ya did it 🙂

  5. is it okay to take one month lab if you are not working recently ?
    though i do have 2 years of exp in infosec as in i am not a noob 😛 .
    i am really confused with this ?

  6. Thank you for the crucial advice regarding preparation for the exam.
    If you may, please explain why you used a custom Debian 9-Stretch distro with custom tools instead of the Kali issued by Offsec.
    Secondly may you share any advantages of using such a set-up.

    1. Hi Jeph,

      The ISO provided by Kali was pretty unstable I would say. Either way repos break easily in Kali. And I don’t really like to have a ton of tools which I don’t even use. I used my custom distro so that I would know how to compile them and use them(which you would require to understand when you are compiling exploits).

  7. What wireless card did you use and recommend to me?
    I bought Alfa awus036ach and give me many problems, it doen’t work at the 90% of the time.
    Thank you for all the posts, they are really good.
    Although I am expecting for a real world USB rubber ducky and complete attack post.
    Thanks!

    1. Alfa awus036ach is buggy. You cannot use that for Pentesting. I don’t remember the exact card number, but I think its Alfa NHR which can do WiFi attacks. A post on USB Rubber ducky is already posted. Please check that…

  8. Congrats, man.
    I just have few queries. You mentioned that you used -T2 for nmap. However, this options make the scanning too slow?Did you use this only after pivoting too different network?

    “I tried a manual exploit and BAMN! I was root.”
    I didn’t get this part. You meant, the machine was rooted with some manual ways without using any kind of exploits?

    1. Normally I scan with the default timing. But there are few machines which have host based IDS in them. They will block your IP till its reverted. So in that case you will have to slow your scans. For the exploit part. I used a exploit from exploit-db, modified the shellcode for my reverse shell and got root since the application was running as admin.

  9. Hey what’s going on man congrats on your oscp win. I was wondering if you could share with your method on finding attack vectors? i would really appreciate it. I am currently on the oscp course as well. I’m assuming you have some sort of attack plan that i could follow too.

    1. I basically start with nmap scans with T2 speed. For webapps, I just use nikto, dirbuster, nmap http scripts. Once I get the basics ports open, I try to find what are the ways to get it.. I primarily always go with open/closed tcp/udp ports first since they are my forte. If I don’t find anything, then I proceed with the webapp. Make sure you can UDP ports as well. They tend to give out a lot of info. 🙂

  10. Hi thankyou paranoid ninja for your valueable time to write your whole OSCP experience. I’m a new learner and wanting to appear for OSCP by the end of this year for exam. But i have no knowledge of Languages. But i have used kali and its tools. And i am well aware of them, still the languages are necessary for clearing out the labs or exam?

    1. Knowing languages will help a lot. There are a lot of times where you will have to modify an existing exploit from exploit-db, or you may need to write scripts to automate a task. Knowing atleast either of python, perl or ruby is recommended. If you know these, and can understand pseudo code of other languages that would be enough.

  11. Very useful write-up, am planning for lab soon what are some pre-learnings that can help before signing-up ? Is it mandatory to learn scripting language ?

    1. You will need to know atleast one programming language, either python or ruby. Knowing C/C++ can be added benefit in case any exploits are needed to be modified. And yes..do look out for low hanging fruits ;). Everything will be infront of you, but you may tend to ignore it

Leave a Reply

Your email address will not be published. Required fields are marked *

*