OSCP is one of the most wanted and demanded certification related to Offensive Security industry. The preparation, content, and exam contains a bast amount of time and information to study and comprehend, but still one of the basic knowledge learned during the cert due to the fast advance of offensive security. The mindset earned is priceless because it introduces you to the persistence, and mantra “Try Harder”, which is something that drives people to the success and to overcome frustation during the OSCP journey.
In this site, there are eleven posts related to Hack The Box and some machines that are similar to the OSCP lab. The posts published here had the purpose to practice, learn, and understand some of the basic methodology related to penetration testing, so if you’re looking for some practice and preparation, you might find this useful.
Preparation and Final Goal
The preparation was to achieve 10 machines that were provided by NetSec Focus in order to obtain practice prior my third attempt to the OSCP exam. I have to say that before taking the OSCP I have had prior experience with several penetration testing and programming courses as also practice in platforms such as Vuln Hub and Hack The Box. After going through the OSCP learning material, and failing the OSCP exam twice, I decided to change my way of practice by learning and explaining machines from Hack The Box in this website. The final goal was achieved which was to pass the OSCP exam and earn the OSCP certification.
Write Ups OSCP Like
In the following content I will explain the eleven machines that were published in this website in order to earn the OSCP certification.
Note: All the machines showed here were write ups from retired machines from Hack The Box
Jeeves is an interesting and fun box to root due to the command script located in the web server and different ways to escalate privileges without the need of metasploit. If you’re new with Rotten or Juicy Potato this box might be a good place to start.
If you’re curious about word list creation and bruteforcing, Bart is the perfect box to root. In this box, the skills related to bruteforcing are going to be shape up once you try it! And the usage of different tools such as Burpsuite and Hydra are going to be essential here. The privilege escalation cover curious misconfigurations with Autologon credentials.
If you struggle with enumeration for a certain technology, Tally will make you Google all the things! Its SharePoint Web technology will make you see how you can find different credentials in documents. Enumeration is key with this fun to learn box. Also, if you wanna try some windows enumeration this box can be a good candidate.
Windows enumeration and some cryptography are the cool things to see in this box! Also, get familia with some of the impacket tools if you want to root this box.
Jail is a pretty long box, but amazing to learn some of buffer overflow, and how to work with the debugger. The exploitation and privilege escalation is crucial due tot the importance of permissions with shares given by nfs services. Creativity and enumeraion is key for the privilege escalation. If you want some kind of new learning and challenge, this box is for you.
The usage of Burpsuite and a clear enumeration is going to be useful for this machine. Also, you’re going to see how some credentials are stored in clear text in different databases, besides this, the privilege escalation is quite interesting due to the user groups. Creativity and research are required for this box.
If you’re trying to get familiar with OWASP TOP 10 this box is for you due to the way to obtain information in order to get a reverse shell. Also, if you wanna get familiar with git and its commands this box will be a good candidate for you. The privilege escalation will be very well related to git so check it out!
This box contains information that will be fun to learn such as how to crack SSL Salted Passwords. It’s enumeration and research process about the technologies that this box uses is quite useful. It’s privilege escalation will be related to different misconfiguration and passwords found in files within the machine.
Enumeration related to a certain technology used in this box is going to be crucial at the time to get the attack vector. Besides the usage of impacket is pretty handy in order to get a reverse shell. If you wanna check network monitors that are related with windows systems, this box is a good candidate for you.
Enumeration of different services, nmap scripts, and the usage of tcpdump are very helpful in this machine. Privilege escalation was a new learning path to check.
Web application testing will be something good to practice with this machine. Things such as path traversal, and ssl certificates are important here as well. Privilege escalation is related to some script that you can manipulate. This machines is “straight forward” as long the enumeration is well made.
- Final Goal – OSCP exam overview
Here there are different kind of things that helped me to go through the exam. The hole practice helped me out to prepare and succeed during the OSCP journey.
All the readers and people who encourage me during the journey.