So... It's all over. After three months spent in the offsec labs, this week I passed the OSCP exam.
I have endured many exams over my career, and I usually get a relieved feeling when I walk out of an exam with a pass. However, this time around I felt different - almost disappointed.
I had spent the last three months in what I can only describe as a hacker's Disney Land: a virtual lab with around 60 or so vulnerable servers just waiting to get owned. With every OS you can think of this side of the millennium, along with simulated users eager to open whatever payload you decide to email them, you can begin to get an idea of just how much fun is to be had here.
Time quickly came for the fun to stop though. I had root on almost all the lab machines in the student network and one or two on the other networks. It was now my chance to prove that I have been "trying harder", and take on the dreaded 24 hour exam.
I knew the course material cover-to-cover and had completed 90% of the extra mile challenges, so I was confident this was enough to tame this beast. How wrong I was!
24 hours went by like 24 minutes. 8 hours in, and I was still on the first of the five servers! Panic sets in, and you start to feel really demoralised at this point. "I shouldn't be a pentester", I told myself, "I havent even got the first server yet... throw in the towel now - this is not for you - go back to being a sys admin...".
Time out, let's get another coffee. Damn - I wish I still smoked!
Then suddenly things seemed clearer and exploits started working; the time was after midnight and tiredness was now long past. The first hurdle was cleared and I felt good again. So good, in fact, that I breezed throught the second server also. "That's 45 points and I still have 10 hours left. I'm going to make it easily", I thought. "I might even grab some sleep".
10 hours later, no sleep was had and I was still on the third box! I needed this (and another) to get the 70 points required to pass. I had shell, but could not escalate. It was then that I ran out of time (I can now understand why they give you 24 hours).
There aren't any single steps to root in this exam; you need to fight for a limited shell, then fight harder to escalate to admin, before grabbing the trophy from the admin's desktop.
I picked up my sorry ass and re-booked the exam right away. This time I passed, but it was still a 12 hour battle, despite having the knowledge from the first exam.
Anyway, if you're reading this and are considering the course for yourself, then please do. It is not like any other you will take. By the time you finish the exam, you will have earned the right to deservingly call yourself a security professional.
Okay, so now what? Well, other courses just don't do it for me anymore - they are all the same:-
Listen to the instructor, read the book, try a few excersises and pick an answer from a to e.
I am missing the offsec labs already, after only a week! All I can think about now is how to get my next offsec fix.
OSCE maybe ??!
Anyway, I'd like to say thanks, first to offensive security for such a well designed course and lab environment, and secondly to B0nd from http://www.garage4hackers.com/ for the support and encouragement throughout the course.
My only gripe I guess with the course, is that the trademark term "Try Harder!" is often overused when you need help within the labs. It can be rather fustrating sometimes when you are really stuck, to not be given even a point in the right direction, especially if you cannot afford to spend months on end playing around in the labs, and need that little help to get the most out of the course on a limited budget.
That said, some of the offsec admins DID help me out a couple of times with a few tips to help me focus in the right direction, so it would be worth trying a few of them before giving up, you may catch one having a really good day.