My OSCP Journey

Vanshal Gaur
5 min readSep 30, 2020

--

“OSCP is a Journey, not a Destination”

Whoami

Hello, I am Vanshal Gaur from Indore, India. I am 16 years old Information Security Enthusiast skilled in the field of Application Security and Penetration Testing. I obtained my Offensive Security Certified Professional (OSCP) Certification at the age of 16. As a researcher, I’ve contributed to the security of the Multiple Indian Government Websites, U.S. Dept Of Defense, and 13 companies on Bugcrowd including (Twilio, Dell Technologies, (ISC)², and 10 others )

For the Infosec community, I share my resources on Github like Pentesting-Cheatsheet which contain a collection of cheat sheets useful for pen-testing and I also posted write-ups of vulnhub machines now enough intro let’s move to my journey

How it All Started

At first, I didn’t know about OSCP or even Offensive Security I always liked computers so I started learning “hacking” for fun and cause its cool right?

I spent the first year on learning the basics of how everything works in Linux and Windows then one of my friend told me that I can test my skills by Taking PWK Course at that time I was 15 and half years old I thought why not and since, I was under 18 I had to get permission from Offsec Team so I mailed them but sadly they replied I need to be minimum 16 years old and Since then I start preparing for OSCP.

Preparation

Back then I started with the small list of OSCP like VM’s by abatchy

and I also made small write-ups of vulnhub machine which can be found at my github

Vulnhub-Writeups

Then I moved to Hackthebox I earned a “pro hacker” rank on HTB from script-kiddie which took a lot lot of time, and was a very hard journey for me

After that, I also took 1 month VIP membership to solve retired machines from TJ_Null’s HTB OSCP like VM’s List which can be found here

Lastly, I move to this Vulnhub OSCP like VM’s list

It took a good amount of time to do all these things then I finally registered the PWK course with the permission of the Offsec Team because I was still 16 years old.

Check the resources section of this blog post for more learning resources.

Lab Journey

I registered on 13-Aug-2020 and my 1-month lab started on 23-Aug-2020 in meantime I did some more vulnhub boxes.

Then Finally my lab starts,

At that time I downloaded the study material and took some time to go through the pdf and videos after that I started doing the lab

In the first 14 days I rooted 37 boxes including (Sufferance, Humble, Ghost, and Pain) and I was feeling confident about it so I planned to schedule my exam I was very nervous I thought, is it too fast? should I solve more lab machines? what if I am scheduling my exam in a hurry?

All these questions in mind that’s why I took 2 days off just to think what to do then

Finally, I scheduled my OSCP Exam on 11 Sept at 9:30 AM.

Now in meantime, I switched to vulnhub and exploited some new boxes

Exam Day

I planned my sleep 2 days before my exam so I could wake up on the correct time,

on the exam day, I woke up at 7:00 AM and took a shower after that had breakfast and set up my room for the examination then at 9:15 AM I connected my machine to offsec ScreenConnect and Webcam and completed all the steps I lost my first 40 minutes in connecting to Exam VPN so I had to restart everything to connect it again, once I was connected I started from the 25 Points buffer overflow machine which took one and half hour for me to get admin access.

It was 11:30 AM and I started My second Machine which is 10 point machine which took almost 15 minutes to complete and there was no privilege escalation in that

At 11:45 AM I started the 20 point machine After Wasting 2 hours I took a little break and then I moved to Another 20 Points machine which I almost rooted in 2 hours with 20 min Lunch Break (easy user and privesc)

So far I got 3 machines and 55 Points and I only need the last 20 point machine to pass the exam

Finally, At 4:00 PM I again started the last 20 Point Machine and got user shell in one and half hour which was little bit tricky but privilege escalation part was easy, took me 30 mins to get root

So I got 4 Machines and 75 points in 8–9 hours

I took a 2-hour break after that although, i had a lot of time left, so I started enumerating the last 25 point machine at 8:00 PM, “I found, what i had to do to get the shell”, “but only one thing left in my bucket to do that, i had to do it manually, i tried to do that for 4 hours then i took a 30 minutes dinner break after that break at around 12:30 AM, again i tried that thing for another 2 hours but still I was unsuccessful in that, so at 2:30 AM, I decided to make a report, I have a habit whenever I do any machine I always make write-up in cherrytree so that’s why I didn’t have any problem in making report i made a rough report nearly till 6:00 AM and then with the permission of proctor i closed my exam VPN and slept, next day i woke up at 11:00 AM and completed my report and submitted to offsec, day after that day I got a mail from offsec that I passed my OSCP exam.

And then finally, on 16th Oct i received my certificate.

Resources I used to study

For Buffer Overflow:

- Watch The Cyber Mentor’s Buffer OverFlows Made Easy Playlist

OSCP Like Vulnhub VMs List -

HacktheBox OSCP-like VMs List By TJnull -

Useful Links:

--

--

Vanshal Gaur
Vanshal Gaur

Written by Vanshal Gaur

18 Y/o | OSCP | OSWE | Security Researcher | Twitter: VanshalG

Responses (2)