Translate

Monday, 30 September 2019

OSCP - series Before labs


It is very essential to learn the basics before the lab starts so that we can focus on finishing the exercises and hacking the machines.

The best part about OSCP lab is each machine are unique. So I recommend you guys to complete as much as you can.


To learn the basics:

1) Tools

Hope you guys have gone through the syllabus of OSCP. For tools like netcat, nmap, and even wireshark I recommend the official documentation, Take time and go through the documentation

Tip: During the interview, you might be asked what is the default scan type in nmap if we have not mentioned any (flags). Going through the official documentation will help you answer this question

Of course for CLI tools, do not forget -h, --help flags.

Make sure you have worked on all the tools in the syllabus at least once before starting the lab.


2) Programming languages

PYTHON, I am a big fan of it. You will find lots of exploits written in python. Don't try to learn everything in python. Be smart, know how to write a very simple program like how to send a request to a web server and know how to read and understand a python code. Expect lots of tools written in python.

Ruby, Perl - Scripting languages which will help definitely help. You might encounter tools (rare) and exploits.

Javascript - Web application scripting language, will definitely help a lot in exploiting XSS.


3) Networking

Makes sure you know, what is - FTP, HTTP, SMTP, SSH, Telnet, POP3, LDAP, SQL, etc



To practice the machines:

Just practice on OSCP similar machines


1) Overthewire- Bandit and Natas


2) Hackthebox

    Start with easy machines. Find below the OSCP similar machines

Linux machines: Lame, brainfuck, shocker, bashed, nibbles, beep, Cronos, Nineveh, sense, solidstste, kotarak, node, valentine, poison, Sunday, Irked & Friendzoned

Window machines: Legacy, blue, devel, optimum, bastard, granny, arctic, grandpa, silo, bounty, jerry and conceal


3) Vulnhub

Kioptrix 1, 1.1, 1.2, 1.3, Stapler, Fristileaks, Brainpan, Mr-Robot, VulnOS, SickOS, pwnOS.


Tips: Always try to exploit the machines without using Metasploit first, then try exploiting using Metasploit. Remember always exploit a box manually (without Metasploit)



To document the findings:

Documentation is as important as exploitation because if we can't communicate what we have done to the client, the whole pentest done will become meaningless.

Use Cherrytree in Kali Linux (attacking machine) for documentation and taking notes.

I would recommend you guys to start practicing on how to write a report in OSCP format. Once you finish 2 or 3 machines, write a details report with screenshots. OSCP_report_template





OSCP - Series Introduction



Let's start with a simple introduction.

I'm a cybersecurity aspirant and into this cyberspace for around 2 years and my hacking passion started 6 years ago when I was in college. I'm OSCP certified recently.

The motto of this series is to help newbies and experienced in clearing OSCP and get knowledge in offensive security



Here I'll be publishing different OSCP topics in each series. The code, snippets and important URL's will be shared.


Guys, this series will be mainly focussed on OSCP examination only.

First of all, kindly go through the OSCP syllabus and try to understand what #offsec want you to learn, what #offsec try to teach you.

https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf



Note:

There are plenty of resources to prepare and practice in OSCP, but the success will depend on choosing the correct resources and sticking to it. Don't get overwhelmed by the notes and resources available online.

OSCP is all about our will.