Back in February of last year, I had finally saved up enough pennies to purchase the Penetration Testing with Kali Linux. I was not fully aware of what I was getting myself into, despite reading the syllabus. As a side note if you are planning to take this course, please prepare yourself for the headaches, frustration, and especially…time! You’ll need quite a bit of that. Make sure you are decent with networking, and know your way around a Linux environment or you are going to be hurting. Basic knowledge of scripting with your favorite language is always a plus 🙂
If you aren’t already aware, you should be if you’re reading this, the PWK is a very technical course that throws curve balls and actually tests your technical ability. I entered the course not knowing very much besides using a tool here and there and hoping stuff works as any other new guy does. I was really excited when I came across Offensive Security and immediately knew this was the one for me.
To purchase, you need a non-free email e.g Yahoo, Gmail, any of the like. If you were like me and use one of those, you had to provide additional ID. In my case, I just used my drivers license. Finally after waiting a week, I received my material.
The lab…the lab is like no other. It’s your very own playground that ranges from Windows XP, Windows Server, Linux machines, Windows 8. You name it, it’s in there. This is the spot to practice what you learn from the videos and/or PDF. It consists of your public network, IT, dev, and your admin departments. You will be doing webapp, binary, and client side attacks. You will also be doing privilege escalation and…PIVOTING. That was a crazy concept to wrap my head around, but was finally able to get it 🙂
The awesome thing is…since this is a self-study course, you’re essentially thrown into the deep end of the water. It’s just you, your material, and your lab time with no sense of direction. Sounds so scurry!! I was able to get quite a bit of machines. Unfortunately, I wasn’t able to unlock the admin network. Bummer. It’s not too bad I suppose.
The exam is 24 hours. Depending on your ability, it can take you as little as a few hours or take up to almost the full 24 hours…hopefully, that won’t be you! 😮 If so, who cares?! 🙂
I read the PDF that gets sent to you telling the dos and don’ts. Also has the restrictions of Metasploit. Whoa. Ok. You can only use it once and ONLY once.
First time I login to the network…it was alien to me. I had ran my scans and I already knew I wasn’t ready. Unfortunately for me, this isn’t like any other OSCP Review where I pass on the first round. So I did what any other normal person would do…bought an extra 30 days and fight the good fight, haha!! They weren’t consecutive though.
I spent several months learning and going over the course material again. This time, hanging out in the Exploit-DB and going over exploits and how they’re made and dabbling more and more in Python. Everything started coming together more and more when I started and for the next several months…I was breathing sec. Living it, learning it, loving it 🙂
Path to Redemption
After my 30 days were up, I created my own lab with known vulnerabilities and gave myself a variety of exploits to play with. Spent more months, an ungodly amount of man hours, and lots of keyboards learning everything I could and everything that was covered in the material. I felt so proud of myself because I was steering myself away from being dependent on Metasploit. I had finally put my big boy pants on 🙂 During the course of this time, I focused mainly on buffer overflows, privilege escalation, scripting, porting Metasploit exploits and generating payloads using MSFvenom due to them killing off MSFpayload and MSFencode. By the way, MSFvenom for the win!! I also got in the habit of making Google and Exploit-DB my friends 🙂 You only get one use of Metasploit, but I made the choice to not use it at all with the exception of the multi/handler which isn’t as bad as it sounds. I purchased an extra 15 days, and compromised more machines and got comfortable with what to do. I signed up for my exam once again.
Alas! The test day has arrived! So logging in…I started enumeration on my target machines and actually knew what I was doing this time. There were a couple easy ones and a few tricky ones. The tricky ones outweighed the easy ones, haha! A little more than 10/11 hours in, I had documented everything I have done for my report and gained root/admin privileges on all machines except one. That one. And it was giving me quite a fight! After a couple more hours, I threw in the white flag and called it quits 🙁 I lost. It won the fight. It took me a little bit of time to complete, but you know what? I was able to gain root/admin on 4 machines and limited shell on 1. Limited shell is better than no shell. I called it a day 🙂
Next thing to do was to write the report and submit my documentation! Oh! Did I mention that you need to write the report WITH the screenshots of your loot as well?? If you don’t submit, you just don’t pass 🙂 You’re given another 24 hours to complete the report. Once I emailed my docs, I waited for my results 🙂
Hanging out at work, I received an email at 10:26am on October 21 stating I had received my OSCP Certification. What a feeling that was! I threw the papers off my desk, knocked the computer over and walked out the office like a BOSS. Then went back inside because I still needed my job.
This course was fairly difficult, but I had such an AMAZING time doing this and learning along the way. All my hard work had finally paid off. There are plenty of resources online to guide you in the right direction. If you put forth the effort, dedicate the time, try for yourself and not get spoonfed…I promise you, you can do it also!
Also, this course isn’t for you if you are the type to want to get spoonfed. You’ll find out really quick, haha! Anywho, I Tried Harder and became part of the Offensive Security Certified Professional club 🙂 W00t!!
For those of you that are thinking of taking this course, please do! It’s highly rewarding!! And remember folks….ENUMERATION IS KEY!!!
My next goal is to work on Cracking the Perimeter. I still have a few things to learn, and I’m almost positive I’m a sadist due to all the pain the PWK has caused me…yet here I am, begging for more!
Some resources you may find helpful are: