Page cover image

Training Program

This page documents my main approach for OSCP preparation, meaning 2 to 6 months before registering for PWK. The three-pronged approach would be: Coding/Scripting + Learning Theory + Machines Practice

Guides for OSCP Prep

TJNULL Comprehensive Links - https://www.netsecfocus.com/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_2.0.html

Scripting or Programming Languages

Focus on Python & Bash scripting (Javascript to help web exploits for freetime)

Machines to Do

These sites with machines or challenges are listed from what an absolute beginner should start with, to the end, right before signing up for the PWK labs. An estimated total of 300 to 400 hours cracking machines along this route is a good target before attempting PWK labs, from what I've gathered from other cybersec community contributors like TCM, TJnull and others.

  • Over the wire (Linux system)

  • TryHackme (Beginner)

  • Vulnhub (Huge numbers of machines with walkthroughs)

  • root-me.org

  • HackTheBox + IppSec videos + Walkthroughs (Definitely not easy, even for those "easy" difficulties)

  • TJNulls HTB list to complete (Absolute essential to go through the boxes in this list)

  • PWK Proving Grounds (Practice and Play)

  • OSCP PWK Labs 90 days (Final)

Tackling the OSCP PWK Course + Labs

  • Do entire PDF (800pages) + exercises (2 weeks to 1 month)

  • Lab writeup (free 5 points)

  • Do writeup for every machine you root

  • AD machines - must be good with windows

PenTesting Categories

4 topics: Enumeration, Initial exploitation, Privilege Escalation (Windows & Linux), Buffer Overflow

Enumeration

  1. Enumerate every gap ( etc. go buster on found directory leads to new directories --> recursive gobuster)

  2. enumerate in background only

  3. Check version service + vulnerability

    • ExploitDB, Github, Searchsploit, Blogs, google

    • Source code, netcat, enumeration tools

Common Exploits - Web Exploits

  1. SQL Injection

  2. Directory Transversal

  3. LFI/RFI

Reverse shells

  1. PayloadAlltheThings

  2. Pentest Monkey

  3. Nishang

  4. MSFVenom

Privilege Escalation (Train for Windows and Linux)

  • Elevate from unprivileged to priv users

  • start off enumeration again: scripts to test possible weaknesses, kernel exploits

  • know how to run scripts and read output ***

Buffer Overflow (25 mins to crack - free 25 points)

  • Get familiar with immunity debugger

  • Process to get ingrained (6-10 steps)***

OSCP Exam tips (On the day itself)

  • start with buffer overflow, mass scan the rest

  • keep good notes (cherrytree or obsidian)

  • take breaks

  • enumerate 100%

  • backup notes and machine in case VM breaks

Writing reports

  • Repo of public sample reports

https://github.com/juliocesarfort/public-pentesting-reports

Last updated