OSCP - series Before labs

It is very essential to learn the basics before the lab starts so that we can focus on finishing the exercises and hacking the machines.

The best part about OSCP lab is each machine are unique. So I recommend you guys to complete as much as you can.


To learn the basics:

1) Tools

Hope you guys have gone through the syllabus of OSCP. For tools like netcat, nmap, and even wireshark I recommend the official documentation, Take time and go through the documentation

Tip: During the interview, you might be asked what is the default scan type in nmap if we have not mentioned any (flags). Going through the official documentation will help you answer this question

Of course for CLI tools, do not forget -h, --help flags.

Make sure you have worked on all the tools in the syllabus at least once before starting the lab.


2) Programming languages

PYTHON, I am a big fan of it. You will find lots of exploits written in python. Don't try to learn everything in python. Be smart, know how to write a very simple program like how to send a request to a web server and know how to read and understand a python code. Expect lots of tools written in python.

Ruby, Perl - Scripting languages which will help definitely help. You might encounter tools (rare) and exploits.

Javascript - Web application scripting language, will definitely help a lot in exploiting XSS.


3) Networking

Makes sure you know, what is - FTP, HTTP, SMTP, SSH, Telnet, POP3, LDAP, SQL, etc



To practice the machines:

Just practice on OSCP similar machines


1) Overthewire- Bandit and Natas


2) Hackthebox

    Start with easy machines. Find below the OSCP similar machines

Linux machines: Lame, brainfuck, shocker, bashed, nibbles, beep, Cronos, Nineveh, sense, solidstste, kotarak, node, valentine, poison, Sunday, Irked & Friendzoned

Window machines: Legacy, blue, devel, optimum, bastard, granny, arctic, grandpa, silo, bounty, jerry and conceal


3) Vulnhub

Kioptrix 1, 1.1, 1.2, 1.3, Stapler, Fristileaks, Brainpan, Mr-Robot, VulnOS, SickOS, pwnOS.


Tips: Always try to exploit the machines without using Metasploit first, then try exploiting using Metasploit. Remember always exploit a box manually (without Metasploit)



To document the findings:

Documentation is as important as exploitation because if we can't communicate what we have done to the client, the whole pentest done will become meaningless.

Use Cherrytree in Kali Linux (attacking machine) for documentation and taking notes.

I would recommend you guys to start practicing on how to write a report in OSCP format. Once you finish 2 or 3 machines, write a details report with screenshots. OSCP_report_template