As I continue on my journey towards the OSCP certification, each week brings its unique set of challenges and learnings. Here’s a glimpse into my recent experiences.
Finding My Footing Amidst Technical Hurdles
The end of this week was filled with frustration. On Friday and Saturday, I faced a series of technical difficulties. I wasn’t able to use the tool AutoRecon, one that had come highly praised by several in the OSCP community. Despite me cloning the tool from GitHub, and downloading the requirements file, I hit a roadblock. The tool continuously prompted for additional downloads, leading to a frustrating loop of unmet dependencies. Other challenges I faced were not being able to compile a required exploit and not being able to enumerate a subdirectory. This led to me taking two days off of the challenge labs. I couldn’t face looking at my screen again, only to be faced with another problem. This break was well needed, as I was able to come back to the challenge labs refreshed, with a new sense of vigor.
The technical challenges I faced serve as a stark reminder of the unpredictability and often demanding nature of penetration testing. However, these challenges also highlighted the importance of taking breaks when needed. Stepping away for a couple of days allowed me to return to my studies with renewed energy and a fresh perspective.
Embracing a Need
This week marked a significant shift in my OSCP preparation strategy. I had encountered several challenges with my current technical setup – a MacBook Pro with ARM architecture. These problems included not being able to compile c code and not being able to open some of the challenges required files. Thus, I made the decision to invest in a new PC. After careful consideration and recommendations from several cybersecurity professionals I follow on Twitter, as well as insights from Reddit threads, I chose to purchase the Lenovo ThinkPad X1 Carbon Gen 11. This model came highly praised and seemed like the perfect fit for my needs. My hope is that this new laptop will be the key to overcoming the technical challenges that have been impeding my progress.
Finding New Tools
In an effort to ease my previous frustrations with the challenge labs, one night I decided rather than focus on the labs, I would learn a new tool. This tool turned out to be Ligolo-ng. It’s a tool used for tunneling that has been gaining attention in the OSCP community. Diving into Ligolo-ng, I dedicated several sessions to understanding its functionalities and operations. The learning curve with Ligolo-ng wasn’t too steep, as it is a very easy tool to learn. It only took a few steps to set up, and I was able to use it on OSCP B. It came in handy because the tool I typically use, Chisel, for some reason wouldn’t work on the machine I was trying to use it on.
Successes
In the OSCP challenge labs, there are 3 sets that closely replicate the structure of the actual exam. Having completed the Active Directory portion in the set known as OSCP A, my focus shifted to the standalone machines. Among the highlights of OSCP A, I was able to successfully gain root access on two of the machines. This was a significant confidence booster. However, my journey through OSCP A wasn’t without its challenges. On the third machine, where I managed to get a foothold, I encountered the roadblock that I previously mentioned. I wasn’t able to compile the exploit required for root-level access.
Despite the challenges, the successes in OSCP A, especially gaining root access on two standalone machines, were particularly gratifying.
Conclusion
In summary, this week has been no different from any other in my OSCP journey. It was a blend of highs and lows, setbacks and advancements, frustrations and breakthroughs. It’s a journey that demands resilience, adaptability, and an unwavering commitment to learning and improvement. Each challenge faced is a step towards becoming a more skilled and versatile cybersecurity professional. Every success is a milestone in this demanding yet rewarding path.
Thank you for being part of my journey.
Click here to read my OSCP diaries introductory post.
Click here to read week 2.
