You all must be thinking, there are already a lot of guides on OSCP preparation, then how is this one going to be any different? Well, after reading this blog, I promise you won't have to refer and search on how to prepare. However, there are reference links to prepare for specific sections. Let me know what you think in the comment section.
- First, check out the rules carefully-https://help.offensive-security.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide
- In the above link, the report format is already there. You can earn Five bonus points by submitting your lab report and course exercises.
- Note: Even if you submit a lab report, that doesn't guarantee you five marks. So in case you think you can easily score 65 + 5 marks and pass the exam, then you are in for a disappointment. I failed in the first attempt just because of this misconception I had.
- Prepare for OSCP like VM's list here -https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#
- IPPSEC retired box solutions are a great source of learning (must). Please take it as medicine - One box a day.
- https://www.youtube.com/watch?v=NMGsnPSm8iw&list=PLidcsTyj9JXL8AIU-45CQ9GBfqjArnkkZ
Enumeration-
You will be given 5 machines. So I started enumeration at the start of the exam so that I could simultaneously work on some machine.
I heavily used https://github.com/codingo/Reconnoitre.
Other service enumerations can be found here-
https://bitvijays.github.io/LFC-VulnerableMachines.html
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
http://www.0daysecurity.com/penetration-testing/enumeration.html
Buffer overflow.
You must attempt this first, as it consists of 25 marks. You can complete this in half an hour, which gives you reasonable confidence to proceed. It will be the same as oscp lab, but still, before going to the lab, please use this practice exercise with a video explanation and solution --> https://tcm-sec.com/2019/05/25/buffer-overflows-made-easy/
Reverse shell cheat sheet-
You should know how to get the shell and if the bash shell is not working, check if python, PHP, and Perl are installed.
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Convert limited shell to fully tty shell-
https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
Privesc
You should know various Privilege escalation techniques.
https://github.com/sagishahar/lpeworkshop (workshop, host yourself, and practice)
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md
Compiled exploit
Compiling exploits with specific architecture takes time, and sometimes we may go wrong. So we have already compiled the exploit according to architecture.
https://github.com/abatchy17/WindowsExploits
https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack
Good work