Recommendations of OSCP

Hi everyone!

As can be understood from the title; This article will serve as a guide to help you prepare for the exam rather than an OSCP review. There are hundreds of resources on the Internet that will benefit from OSCP preparation. I have read many of them in this process. However, in this article, in order to save you more time, I will suggest the resources I frequently use during the exam preparation.

Preparation

Roadmap Blogs

Between the reviews, I read during the preparation phase of the certificate, the three reviews I used as a reference while creating a roadmap for myself are as follows.

• https://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/
• https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
• https://www.siberportal.org/information-technology-certifications/offensive-security-certified-professional-offensive-security/oscp-sertifikasyon-yolculugu-1-temel-bilgiler-egitim-oncesi-icin-tavsiyeler/

Resources Often Used During the Preparation

Enumeration

The resources that I have taken as the basis for machine solution during preparation are as follows.

• https://github.com/xapax/oscp/blob/master/templates/linux-template.md (for Linux)
• https://github.com/xapax/oscp/blob/master/templates/windows-template.md (for Windows)
• https://bitvijays.github.io/LFC-VulnerableMachines.html
• https://0xdf.gitlab.io/2018/12/02/pwk-notes-smb-enumeration-checklist-update1.html

Script;

• https://github.com/21y4d/nmapAutomator/blob/master/nmapAutomator.sh

Privilege Escalation

The resources I frequently use in privilege escalation are as follows.

Windows

• https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
• https://www.fuzzysecurity.com/tutorials/16.html
• https://guif.re/windowseop
• https://www.youtube.com/watch?v=Fms9UuW05DA&list=PLi0kul0fEhZ9LNZN0-A3nX2xcx2R70JwN

Scripts;

• https://github.com/AonCyberLabs/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py
• https://github.com/absolomb/WindowsEnum/blob/master/WindowsEnum.ps1
• https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1

Linux

• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
• https://github.com/sagishahar/lpeworkshop
• https://guif.re/linuxeop

Script;

• https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh

Reverse Shell

Kali;

• /usr/share/laudanum/

Pentest Monkey;

• http://pentestmonkey.net/tag/reverseshell

If a 64-bit version of Netcat is required;

• https://eternallybored.org/misc/netcat/

Upgrading Simple Shells to Fully Interactive TTYs

• https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
• https://netsec.ws/?p=337

Recommended Machines to be Solved

I based on the list below for all the machines I have solved and worked on. This list contains the list of Vulnhub and HTB machines similar to OSCP machines. Also, there are now relevant lists for OSWE too 😈

NetsecFocus Trophy Room;

• https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=665299979

Vulnhub

The list given below is the “NetseFocus Trophy Room” list. I solved the first 9 of the machines on this list. I did not solve more. However, I have read the writeup of many. The reason that I cannot solve them I think, HTB machines are more up to date. However, these machines; In the preparation period, I recommend that it be solved first to grasp the input points for the machines.

Hack the Box

The list given below; includes the “NetseFocus Trophy Room” in addition the machines I have solved.

In preparation; I got VIP membership from Hack the Box. The reason of this that I wanted to solve retired machines. In the table above, I solved the machines that I marked in green. I edited some of them and published their writeups.

You can access the writeups I have published through my addresses below;

• https://medium.com/@brcyrr
• https://pentestworld.blogspot.com/

I wrote my writeups in Turkish. The reason is that there were not many Turkish resources on this subject. My goal is that complete the list in the future.

In addition, for the related writeups, I recommend the following blogs that you can follow in English;

• https://0xdf.gitlab.io/tags.html#hackthebox
• https://medium.com/@ranakhalil101

Moreover; there is someone I want to mention as a separate title; ippsec. You should definitely listen to the solution of the machines that are solved by ippsec. I also listened to most of the machines I solved from ippsec. And I took my notes. It is very useful because of the perspective. At this stage, I suggest you to listen to the machine solutions listed below;

• https://www.youtube.com/watch?v=2DqdPcbYcy8&list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf

Finally; own site where you can search about which machine you will solve, and you can find the solution steps of the related machines in summary;

• https://ippsec.rocks/?#

Buffer Overflow

Other than the resources provided by Offsec for Buffer overflow, the resources I use are as follows. In the resources sent; It will be enough for you to study the subject from PDF and videos, understand the detail and practice the relevant application several times, to solve the question in the exam. I think this was the most relaxing question on the exam 💆

• https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/
• https://www.siberportal.org/red-team/exploit-development/seattle-lab-mail-slmail-5-5-uzerinde-stack-tabanli-bellek-tasma-zafiyetinin-istismari/
• https://www.youtube.com/watch?v=IMlSVVvmhRU

Extra💫

In addition, a free lab environment where you can consolidate by applying the techniques you learned for OSCP and more;

• https://attackdefense.com/

Exam

Cheat Sheet

My own resource that I used during the exam;

• https://github.com/brcyrr/OSCP

Tips and Tricks

Based on the experience I gained during the exam, I wanted to share a few tips and tricks;

• First, run the “nmapAutomator” script in order for all machines. This is a very comprehensive enumeration script prepared by someone who was previously prepared for the OSCP certificate. This script was very useful to save time at the enumeration stage. I ran this script for 4 machines in order in the background.
• In the background, while performing enumeration with the script from other machines, firstly I solved the buffer overflow machine because solving this machine with attention will save you 25 points and increase your motivation 🥂
• The 10-points machine is based on the numbering of a unique service. Knowing this, you should not think complicated. (I came across this tip in a review before the exam, it worked quite well during the exam 💃). Just make sure you number the machine well 😈
• Don’t get stuck on a single machine. (You can set an alarm on your phone for this.)
• Think simple, no need to rediscover America 😉
• Take short breaks to better focus your attention and view from different perspectives.
• Be neither too hungry nor too full. Because both can trigger distraction. Therefore, eat healthy and adequate nutrition during the exam.
• Never be hopeless. If not, you will take the exam again and this will be an experience. It’s not the end of the world, remember that 😉
• Finally; Never give up! #tryharder 😈

View my verified achievement from @offsectraining;

• https://www.youracclaim.com/badges/eaab59a7-e671-4986-ac87-c7d36280d15e/