OSCP Challenge

November 27, 2016 Schedule for OSCP Challenge start at 8am.

8:00 am I received my credentials. I took my time to eat my breakfast, talked to my beloved Wife and other life stuff.

9:14 am I started reading the OSCP Certification Exam Guide. I’ve asked my self, it’s another certification paper to add in my long list of certifications. My main objective is to review my hacking skill sets and perform in controlled environment. Simulate the live network in private VPN which provides a small numbers of vulnerable machines for me to exploit. I have 24 hours to complete the challenge, and 24 hours for the supporting documentation. The documentation should be thorough enough that your attacks can be replicated step-by-step, using the template provided. I hate documentations, oh well  let’s do it.

Please notes, for document requirements should includes.

• Modified exploit code or URL
• Command used to generate shellcode
• Highlighted changes you have made, and why?
• The exam document must be named OSCP-Exam-Report-OS-XXXXX.pdf. See the exam guide for additional information.
• The report should be converted to a PDF format.
• Submit the reports in a password protected .&z file using your OSID-XXXXX as the password.
• Email the exam report to challenges @ offensive-security.com within 24 hours of completion of the exam and wait for the confirmation within 12 hours.

9:39 am I downloaded my OSCP VPN Connectivity Pack, this is the only way to connect to the lab environment. You will need Kali Linux to connect, good thing I have it installed in my laptop. This save me at least a couple of hours of downloading and setting up.

9:56 am Initiate my VPN connection:  root@kali:~# openvpn OS-XXXXX-OSCP.ovpn

Enter your username and password, provided to me on the day of my exam.

Initialization Sequence Completed. Hooray! Leave that open.

First test, check if I can access all assigned machines. Some machines responded to a basic ping command, of course I can use other tool to gather more information about my targets.

Exam Restrictions
You cannot use any of the following on the exam:

Spoofing (IP, ARP, DNS, NBNS, etc)
Commercial tools or services (Metasploit Pro, Burp Pro, etc.)
Automatic exploitation tools (e.g. db_autopwn, browser_autopwn, SQLmap, SQLninja etc.)
Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Canvas, Core Impact, SAINT, etc.)
Features in other tools that utilize either forbidden or restricted exam limitations
Any tools that perform similar functions as those above are also prohibited. You are ultimately responsible for knowing what features or external utilities any chosen tool is using. The primary objective of the OSCP exam is to evaluate your skills in identifying and exploiting vulnerabilities, not in automating the process.

You may however, use tools such as Nmap (and its scripting engine), Nikto, Burp Free, DirBuster etc. against any of your target systems.

10:23 am I just finished reading the exam guide documentation and set my working environment. I’m taking a quick tea break 🙂 It should be a fun hacking day for me today.

The fun begin …