OSCP — Passed on the second time — My honest opinion and my journey from zero to OSCP.

Hello guys, its me again! I know that I did not update or post anything for a very long time, and I am sorry about it. Still, I am happy to announce that I finally passed my OSCP not long ago! Wanted to post this on Reddit but I have not enough Karma… (Anyway)

I do really enjoyed reading the experiences and ideas posted by others. I will give my honest opinion and my journey from zero to OSCP.

Happy reading I guess? (Sorry at bit lengthy)

Background:

I am NOT from IT field and with almost 0 IT background, but I do have interest in the field that led me to taking OSCP. I started my research on 2022 while working as a customer support and bought OSCP LearnOne on December 2023. Between those period, I do have access to TryHackMe to have a feel on how hacking machine “works”. But, I do not do it seriously and just go through walkthroughs and do silly things. Once I purchased the bundle, I quit my full-time job and started working on OSCP modules while working a part-time job to earn some money.

Journey:

I completed a few Vulnhub boxes prior starting my journey as you can see it on my Medium story. It take me 6 months (I might be a slower learner, or I might just a lazy human) to complete the learning modules. I do need to have some research on most of the topics.

Pre First Exam Challenges and Labs:

All 3 lab challenges, Relia and Medtech were very difficult for me. I did not try to attempt Skylark at all. I require hints for 80–90% of the labs as I really have no idea on how to do it (I only done 3–4 PG boxes at that time). Then, I realised I am wrong, and started working on PG boxes for a few weeks (3 I think) and I get around 40 boxes before the exam day.

First Exam:

I took my exam after seven months of learning and I failed so hard (Like really hard, 10 points) , and I even thought of quitting OSCP after the first attempt. I am not able to get into AD set and the other standalones. Just 1 foothold and none. It is so depressing and my stress sky rocketed. Yet, I do complete the report and submit it.

Post First Exam:

I tried to release my stress by having a break for 2 weeks by playing games, outing and even sleeping. After the 2 weeks, i do not felt any relief but I do correct my mindset (maybe a little?). Then, I started to push myself to complete more PG practice everyday, 3–4 boxes per day. Then I booked my second exam on August. By that time, I reached 70+ boxes on PG.

Second Exam Attempt:

I am nervous as hell, like seriously. I started my exam and I am able to get into AD first machine in 2 hours and become Admin in another 10 minutes. This really boost my confidence, but I failed to get into the second machine as I have really no idea. I wasted like 10 hours? to get into the second machine which is SO SIMPLE and MY STUPID BRAIN just missed it. After I get into second machine, I am able to get some juicy information but I have no idea how to proceed….

Then I tried to get into standalones. Only one of the box I am able to locate the foothold and get into it. To my surprise, the privilege escalation is pretty simple and I managed to complete the standalone box around an hour (From getting foothold to root). At that moment, I tell myself, this is the time and chance, just push and get it. I push myself for another 4 hours on AD set but I still failed to get escalation. My brain was fried (Crispy and smokey flavor), and I know that nothing will help now, and I decided to sleep.

After 4 hours of sleep, I continue to work on the AD set. As you can see I do not have much time left, as I wasted too much on getting into second machine (2 hours + 10 minutes + 10 hours + 1 hours + 4 hours + 4 hours = 21 hours 10 minutes). I have around 2hours and 35 minutes, at that time to work. I tried everything I know and I dont know on it and suddenly it works (after 2 reverts), and I am managed to escalate my privilege (1 hour and 30 minutes gone). Then, after another half an hour, I am managed to get into DC!

I am so excited and I started to recheck all the notes and hashes. I have about 35 minutes to recheck all the things and I managed to complete all checks in 30 minutes. Then the proctor told me the exam is over and the session is ended.

Report Time!

I am so hyped and I have so much adrenaline (I guess), I started writing my report after my lunch (no breakfast). I am able to complete it after 5 hours, thanks to my notes and take me 3 hours to recheck and modify those parts I think is not good enough. Then, I submitted the report at night and sleep.

Finally!

I am also nervous after I submitted my report, I am worried that I might miss anything important which will cause my points to be excluded. Then after a few days, I received my email. I finally it passed!

DLC part! (My experience in more detailed)

I had power failures and network error during my exam. I am not able to get into anything until I realized that my router is not working at all. Called the service provider but they do not come to help or fix. I switch to my family’s personal hotspot to continue my exam (I am doomed without them like really). The next day when I woke up and trying to complete my AD set, suddenly my residential area have a power surge. That drive me so mad and furious but thankfully it managed to solve in half an hour. But still, my ISP still give excuses not coming to fix my router (I gave up asking them).

Also, I do not have good sleep after a few months studying the materials. I have nightmares and dreams almost every night which make me so exhausted when I wake up. I also saw many posts on failing and getting low scores in exam (Which often appear in my dream). But once I passed, the sleep was so good and without dreams or nightmares. Phewww….

Now, My Opinion:

I had completed almost 70+ Play and Practice PG boxes before my second attempt. I would recommend doing Lainkusanagi list first then only continue with other boxes listed on TJNull. Both are pretty similar, but I do think some boxes in TJNull list is harder (Sorry TJNull, but your list does help me too!). I do not complete Nagoya and Hokkaido boxes.

On HTB or THM boxes:

I did not use or work on any HTB or THM boxes during this period. I do strongly agree that those will help to increase your confidence and skills. But due to the fact that Offsec made OSCP and PG is also by Offsec, I focused on PG boxes.

My honest opinion after passing (and failing):

1. Please complete PG boxes (Play or Practice) as much as possible before trying Challenge exam.
2. Just practice everyday, practice on any platform you want or you like or you can afford. Don’t worry of viewing walkthroughs or hints throughout the process. Everything is a learning point and you might found something really useful and might help in exam.
3. You do not know what you do not know. I understand the spirit and mindset of Try Harder, I do agree until some extent (This does not mean I disagree with Try Harder mindset). This is because if you don’t even know a thing exist, you will not be searching or using it.
4. Enumeration is very important in exam (in other cases as well of course). Sometimes, a small hint is the way to foothold or root.
5. Unless you are experienced (I think?), you will always feel not ready for the exam (like me).
6. Always get the 10 bonus points, it save “lives”. Without it, I will fail.
7. Just take breaks, don’t be like me. Fried and short-circuited brain don’t help.
8. But, I do think Challenge Lab is way easier than OSCP exam in my very honest opinion. I would say OSCP is 1.5–2 times harder from my personal experience as everyone has different background and experience (JUST MY OWN PERSONAL EXPERIENCE).
9. If I can do it, you guys can do it!

Also, special thanks to (Sorry if I missed someone)

@theXSSrat

@thecybermentor

@0xTib3rius

Any advice for me after OSCP or opinions on my post, please let me know!

Any comments or if you like my post, please like, share, and subscribe. It mean a lot to me.

###########################################################

Twitter: @curse_jk