This week was my first time stepping in to the OSCP Labs, with a lot of ups and downs.
First, I finished up my reading based side of things. I finished all the 148 videos that the PWK course gives, the Zero to Hero course, and skimming the textbook. The book I found to have extremely granular / under the hood details on how Kali works, so I didn’t think it was that valuable to running a straightforward pentest. Other than that, the Zero to Hero course I found best at watching things be used in real time and with a bit more subjective discussion of them, while the PWK videos felt more like reading a list of wikipedia pages for “top 6 scanners” or whatnot. Both are useful, and should be used together. All that took me until Wednesday night, which is when I fired up the Lab VM for the first time.
There’s a limit to how specifically I’m allowed to talk about the lab, but I can say this: Wednesday, Thursday and Friday I spent just doing ping sweeps and scans. I was feeling pretty hopeless on Thursday night, feeling overwhelmed at this huge network that I felt I wasn’t moving through fast enough. I was planning on spending the entire week just enumerating and running more scans & sweeps, until I did manage to pop a reverse shell on Saturday night. Man, was that a good feeling. Can’t wait until I can get there in a few hours rather than once a week.
I’m still feeling like this is a massive undertaking, and that I have a lot of work to do before I can hope to pass this exam. I’m still going to take my first test by week 12, and would like to pass that one. Classes start up again on week 15, and with that my free time drops off massively; but my last available test date is sometime in week 29, so I know I can get there eventually. I spend a lot of time trolling sites like /r/oscp, and reading comments like “It’s doable in 2 months if you get off your ass and put the fucking work in” is the right kind of motivating to me.
This next week, I’m going to keep enumerating more machines (I’ve only managed to run full scans on 10 of them so far), aim to get a few more reverse/bind shells, and elevate some to higher bash shells or SSH logins.