A Digression: The Offensive Security Certified Professional (OSCP) — Part 1 of 3

Posted on by D.C.

#offsec #pentest #training #tryharder

(Note to all who have read Part I on my other page — yes, I’m in the midst of shifting my blog; this is a replication of Part I on my previous site, with very minor edits.)

(WARNING: This review is very cheesy. If you can’t take it, try harder.)

windows.png
*cues voice narration* And once we send our exploit, and the reverse shell comes back to us. We obtain system privileges. Wonderful.

Many a penetration tester today would have heard about the OSCP and its reputation. I have finally obtained my certification after failing numerous times! Let us reminisce the good times. A year of sufferance, tears and eventually, we obtain our proof.txt file.

type proof.txt

Try Harder

Caring mentors, comprehensive support and close instructional guidance form the basis of a good course for many. This course prefers throwing the student into a deep, dark forest, which are the PWK labs. Lab machines range from the easy to the mind-bindingly confusing ones. To me, it was a playground. It was free play, much like how a child would approach new challenges. The inner child in me refused to give up, and kept on trying harder. With such a fun playground where we could hack, who wouldn’t cherish the time there?

Image result for try harder offsec
What you often get told when you hit a brick wall.

And just like an innocent child, one easily loses sense of time in the labs, easily burning weekends and late nights head-banging.

shikata_ga_nai.png
If this works for our Linux exploit, wonderful! And if it fails, well, try harder.

One more interesting piece of trivia: the “Try Harder” phrase is trademarked.

The First Few Weeks

I started the course with hardly any fundamentals, because I was not a traditional computer scientist or electrical engineer. A physicist will probably have coded quick and dirty Python, but touching C, or Java is something we do not do much, if at all.

boomz
This was NOT what university taught me to do. At first, this was intimidating, like a stranger. But, we slowly befriended each other.

We probably do some quick and dirty Bash scripting too, but that is it. It suffices to say that the first few weeks being immersed in the deep, dark forest was nothing except sheer sufferance. Imagine being stuck in Rome without knowing a word of Italian! For the first time in my life, I had to squint at a debugger, looking out for what was going on in memory! At times, I felt like giving up, and just exclaiming, “Shikata Ga Nai“, which is Japanese for “nothing can be done”.

A Relationship

Slowly, though, I built a relationship with the labs, especially when the relationship became rocky…

eternalfail
Worse than Monday Blues: EternalBlue. BUT IT FAILED? WHERE DID WE GO WRONG?!

The labs felt like puzzles. At first, one had no clue on how to solve them. However, one eventually got better at them, and started feeling more comfortable.

Initial Targets

With really limited knowledge, learning was extremely painful, even for the experienced folk.

challenge.png
Why am I even putting up with such pain? I WANT MY FLUFFYBUNNY! Those with significant others may want to take note, lest their significant other suddenly becomes the OSCP for good.

And each time I want my comfort… I get gently nudged…

Fluffybunny.png
🙁

😦

“Bash-ing” Around the Forest

This course aimed to simulate a real-world penetration test: one where there was extensive information gathering. Sometimes, we had to even think how a human might interact with the network to attack him/her! Just like a black-box, no one mentioned where the start line should be, and all they mention about the finish line:

  • Some aim to gain access to one, two or three networks.
  • Some aim to root all machines in a network.
  • Some aim to gain access to the Administrative network.
  • Some aim to root every machine in the labs.

Essentially, there are no instructor-defined objectives, or rather, “KPIs”.

(skipped are the recounts of numerous episodes of sufferance)

The “Big Four”

To many OSCP students, the boxes “pain”, “sufferance”, “humble” and “gh0st” comprise the Big Four. Ask any student who has taken the course, and the term “sufferance” should probably stick. Worse, ask for a hint, and all you get is:

try harder!.png

Sometimes, you just feel like raging at the bot, only to realise the bot also has something to say about rage!!!

tryharderandharder.png
“Try harder” is an exceptional life maxim if applied right. Telling your wife to try harder, however, is a surefire way for you to return to Coffee Meets Bagel. 😉

If the laboratory machines were real physical servers, one might be tempted to simply take a pair of scissors and snip away at the network cables in frustration.

On my first lab stint, I was too poorly equipped. I did not get any of the Big 4, and I did not pass the exam. But I would try harder… and eventually return.

Apologies to the Poor Friends

Some friends were on the unfortunate receiving end of the frustration and agony suffered from the labs. To those I vented at, or had appointments severely delayed just so that I could maximise lab time, I must say sorry. I hope I am forgiven.

poked fun.png
*asks for a fluffy bunny from friend, while trying to explain the sardonic humour from offsec* *gets laughed at instead* *ouch* *:-(*

*Easter egg alert: I have designed a vulnerable machine in dedication of Offensive Security’s inflicting of pain and sufferance. And in true OffSec spirit, the name of the machine will probably scare you. I shall call the machine’s hostname… MERCY.*

BOOMZ! The Exam

Me: I’m taking an exam. It lasts for 24 hours.
Friend: What kind of crazy course is that?
Me: Well… (inserts what the course is really all about)
Friend: You’re crazy, but all the best.

Predictably, the lack of preparation and sheer rawness led to the exam blow-up. It was somewhat expected. From nothing to exam-ready sounded like a miracle. I would need to suffer this multiple times if I was to get my certification.

The only time Offensive Security gave a fluffy bunny:

buymore.png
From how the reviews sound, they probably meant “many students”, and some never came back after being slapped the first time with a rainbow trout.

Vengeance

Discouraged I wasn’t. I decided to dive back in with almost a singular focus to obtain this certification.

tryhardest.png
If this guy comes back over and over again to try harder, why shouldn’t I?

I had some personal targets, which kept on moving as I moved along. Here are some of the memorable ones. (No spoilers here; don’t bother looking.)

The “feeling of completion” machine: There was one particular machine sitting right in front of me. He laughed each time I looked at him. It made no sense. Throughout the labs, this machine stood with a grin, taunting me to pwn him. I had no clue. The only clue was that I had to go all the way to the deep end just to find something that would help me. RAGE!!!  And try harder I did! Within the lab environment, there are some stories about the corporate environment, which illuminated the relationships across the network. Each machine in the story arc that was rooted meant one step closer to knowing the whole network’s backstory!

SUFFERANCE: It was a decision made out of sheer ego; I must finish the labs with a big: finish it off with the “Big Four”. Only then could I claim to finish in style. When I returned to the labs with a vengeance, other machines started dropping like grapes. This one, however, was left for last. And once it dropped… (with quite a bit of hair-pulling)

awesome
“Whenever I am feeling low, I look around me and I know, there’s a place that will stay within me, wherever I choose to go.” — lyrics from “Home” by Kit Chan. Thanks to the offsec chats, I met with fellow strugglers through the labs, and we share our pains. Slowly, but surely, the journey does get easier.

It was a moment of bittersweet tears. Bitter, because of the year spend just to get competent at this. Sweet, because, it was finally all done!!!

A Life-Changer

The OSCP taught one extremely important life lesson over and beyond just being able to conduct a penetration test — never giving up, and never letting myself down, and most certainly not deserting adversity. It’s probably all too easy deciding to give up at multiple points, especially when all Offensive Security does is to nudge you to try harder. But if I do not try harder, will I ever improve? No pain, no gain!

What Will be in Part 2?

Part 2 will be a more technical review. It will state some basic requirements one should have before embarking on the journey of sufferance. I will also make brief mentions about the approximate mental preparation required (for the exam).

 

Leave a Reply

Your email address will not be published. Required fields are marked *

11 − two =