Congratulations for deciding to try harder!
While there are no spoilers for the OSCP on this page, here is a small collection of resources that would be useful for pentesters, system administrators and OSCP candidates. If you are willing to try harder, go ahead and explore.
Resources
There are plenty of resources on the Internet. I trust your Googling skills are sufficient to enumerate resources; I do not need to re-invent the wheel. However, I would like to make some mention of what I think are important, and perhaps under-appreciated.
1. Nmap’s Scripting Engine: Many think of nmap as a port scanner. That is correct, but it is able to do far more. Its scripting engine is capable of picking up vulnerabilites, enumeration, and in some cases, even performing command execution!
2. Lab Environment: Many people I know who take the OSCP do take the labs as some sort of capture-the-flag. It isn’t all about proof.txt. It’s about trying as many different things you can think of, exploiting in as many different ways, and trying all sorts of ideas. Once the lab time expires, finding a lab environment as diverse, as rich will be difficult. Treasure the lab time to do things you would do in a network penetration test, such as pivoting! Some people use the lab environment to perform
3. Privilege Escalation: The OSCP discusses privilege escalation in brief. However, the subject of privilege escalation can easily span across so many different areas that one could write a book about all of that. Thankfully, there are some shorter basic guides for Linux and Windows that are “standard reference” for today’s pentesters. The subject of Windows privilege escalation is rich and diverse, far more than simply “getsystem”.
If you use Facebook, you can join a study group.
The Journey
Refer to the main blog. Parts one, two and three are linked for your reference.
Vulnerable Machines
Personally I have created some machines that are OSCP-like. They resemble the rough spirit of the OSCP, though in no way should they be treated as similar to any examination or lab machine.
I have currently FIVE machines featured on Vulnhub. The hostnames for these machines are indicated, and a short sypnosis about these machines will be provided.
MERCY: This machine was destined for a CTF, except that it had ideas that beginners would almost never notice, and so it became a practice machine for said CTF. Try harder and root this box; this box was the very first box written, and was in dedication to passing the OSCP and those that were with me on the journey. If you must spoil yourself with a walkthrough, a friend has kindly helped make a video walkthrough here.
(NOTE! The machine was created before Ubuntu 14.04 LTS was end-of-support. If you find a kernel exploit for anything before Ubuntu 14.04 LTS, take note this is NOT the intended path!)
BRAVERY: This machine was an ex-CTF machine, which was meant to teach budding penetration testers some enumeration skills, as well as avoiding rabbit holes. Are you brave enough to pwn this machine? (This machine was inspired by several OSCP lab machines. Students aiming for the OSCP should find this box a familiar one, and may also notice multiple paths for both user and root. One such path can be found here.)
DEVELOPMENT: This machine was also an ex-CTF machine. Unlike BRAVERY, this machine was designed with a copious amount of in-built torture. In fact, I remembered vividly a participant coming up to us, complaining about this machine’s hostile behaviour towards his arsenal of tools. Sometimes, trying harder does not mean brute-forcing the machine. It means you are supposed to think differently. This machine will teach you all about… not brute forcing. (This machine grinds to a halt the moment you start too much automated scanning. Time to manually enumerate! There are walkthroughs here and here.)
JOY: JOY appears to spark joy among penetration testers. This was built becauae a friend suggested I try to explore other different areas of network exploits. This will be a machine full of interesting misconfigurations. Have fun! (Both user privilege and root can be obtained in multiple ways. One way is covered in this walkthrough, but there is another way.)
TORMENT: Pain, sufferance… and humble… this box is designed to bring you through an experience you may hate me for. TORMENT was designed with keeping the pentester sooooooooo close to the goal, except for ONE small problem. Even the beta testers fume at TORMENT… and said this box shouldn’t have been such a hair-puller. Or do you have what it takes to elegantly put TORMENT in its place? (There is no need to brute force this machine.)