The OSCP Page

Congratulations for deciding to try harder!

While there are no spoilers for the OSCP on this page, here is a small collection of resources that would be useful for pentesters, system administrators and OSCP candidates. If you are willing to try harder, go ahead and explore.


There are plenty of resources on the Internet. I trust your Googling skills are sufficient to enumerate resources; I do not need to re-invent the wheel. However, I would like to make some mention of what I think are important, and perhaps under-appreciated.

1. Nmap’s Scripting Engine: Many think of nmap as a port scanner. That is correct, but it is able to do far more. Its scripting engine is capable of picking up vulnerabilites, enumeration, and in some cases, even performing command execution!

2. Lab Environment: Many people I know who take the OSCP do take the labs as some sort of capture-the-flag. It isn’t all about proof.txt. It’s about trying as many different things you can think of, exploiting in as many different ways, and trying all sorts of ideas. Once the lab time expires, finding a lab environment as diverse, as rich will be difficult. Treasure the lab time to do things you would do in a network penetration test, such as pivoting! Some people use the lab environment to perform

3. Privilege Escalation: The OSCP discusses privilege escalation in brief. However, the subject of privilege escalation can easily span across so many different areas that one could write a book about all of that. Thankfully, there are some shorter basic guides for Linux and Windows that are “standard reference” for today’s pentesters. The subject of Windows privilege escalation is rich and diverse, far more than simply “getsystem”.

If you use Facebook, you can join a study group.

The Journey
Refer to the main blog. Parts one, two and three are linked for your reference.

Vulnerable Machines

Personally I have created some machines that are OSCP-like. They resemble the rough spirit of the OSCP, though in no way should they be treated as similar to any examination or lab machine.

I have currently 1 machine featured on Vulnhub, and I expect to write a few more. The hostnames for these machines are indicated, and a short sypnosis about these machines will be provided.

MERCY: This machine was destined for a CTF, except that it had ideas that beginners would almost never notice, and so it became a practice machine for said CTF. Try harder and root this box; this box was the very first box written, and was in dedication to passing the OSCP and those that were with me on the journey. If you must spoil yourself with a walkthrough, a friend has kindly helped make a video walkthrough here.

(NOTE! The machine was created before Ubuntu 14.04 LTS was end-of-support. If you find a kernel exploit for anything before Ubuntu 14.04 LTS, take note this is NOT the intended path!)

BRAVERY: This machine was an ex-CTF machine, which was meant to teach budding penetration testers some enumeration skills, as well as avoiding rabbit holes. Are you brave enough to pwn this machine? (This machine was inspired by several OSCP lab machines. Students aiming for the OSCP should find this box a familiar one.

DEVELOPMENT: This machine was also an ex-CTF machine. Unlike BRAVERY, this machine was designed with a copious amount of in-built torture. In fact, I remembered vividly a participant coming up to us, complaining about this machine’s hostile behaviour towards his arsenal of tools. Sometimes, trying harder does not mean brute-forcing the machine. It means you are supposed to think differently. This machine will teach you all about… not brute forcing.

JOY (working name): We are still testing this box. It appears to spark joy among penetration testers. 🙂

TORMENT: This box will be released soon!!!

Simultaneously, I am also working with some friends who run Wizard-Labs, a penetration testing environment. If you want to find Windows boxes to practise on, you may be able to find some creations over here.

: currently awaiting appearance on Vulnhub. (This will be updated upon publication.)

JOY (working name): 15% done. A lot of testing needs to be done.

TORMENT: currently to be tested with some friends.

Simultaneously, I am also working with some friends who run Wizard-Labs, a penetration testing environment. If you want to find Windows boxes to practise on, you may be able to find some creations over here.