How to get OSCP [OUTDATED]

May 11, 2020 // echel0n

Introduction: Hello from echel0n!

Thanks to Offensive Security for bringing this joy and real challenging certification!

I have some background in network security but I was a web application developer for three years. I met with cyber security with Capture The Flag contests in 2016. I was having fun a lot. I mean a lot! I could not continue my web application developer job and then decided to learn and practice cyber security.

Last year, I decided to accept OSCP challenge and started to study.

My general ideas

I read a lot. At dinner time, while having my coffee, any time, I usually find myself reading articles, watching videos about walkthroughs, proof of concepts, anything about Linux. 

Keeping notes about what have you done, is helping as well. I am trying to explain what have I done in my notes as if I am a stupid person , not going to understand even a word. With doing so, you can be sure that you understood what have you studied.

“If you can't explain it to a six year old, you don't understand it yourself.”

How did I start

Solving VulnHub machines with walkthrough helped me in the beginning. I was improving my methodology by the time. I tried to understand how the vulnerable service works in examples and machines, tried to exploit random vulnerable services in my personal computer too.

Linux distrubution choice

In my opinion, avoiding the linux distributions that are usable out of the box is a good way to learn how linux works. Many people may disagree with me with saying "I am gonna be pentester not Linux Guru!". Well, we will be spending time on linux, trying to code, compile, run tools and everything in our career. Think like an investment. Get out of your comfort zone, you will enjoy it after a while. Also, you can have a unique workspace after some customizations!

i am using arch linux btw


Being able to write code

Another tricky question is " Do I need to know how to code?" . In OSCP, you are dealing with creating basic scripts. I would advise at least know a little python and bash scripting before taking the course. But in general, you will find yourself developing exploits, auditing and monitoring tools to accomplish specific tasks. If you ask me, It is like "don't skip leg day" phrase in sport workout. Maybe you like to show off your auto-pwn tools and mad enumeration skillz but you look awkward because of poor study of data structures and algorithms.

Using Metasploit Framework

I avoided from metasploit framework all the time. Metasploit is a great tool and it is handy on a penetration test but It was not real penetration testing anyway. The important thing to me was learning the steps of exploitations and enumerations, not gaining something quickly or handled automatically. Also, I did not use Metasploit framework in the exam too.

Practice on HackTheBox

I did all active machines after my lab time. HackTheBox is one of the best platforms to study. Also, It has a lot of kind and great players. You can have fun, meet new people and practice more until OSCP exam date. It has been one month since I got my certificate but I did not quit from HTB platform (I was in top 50 players). Moreover, If you wonder, there is no machine like ~50 points HTB machine in the exam. They require some more advanced binary exploitation but OSCP does not cover these topics.

HackTheBox and OSCP labs differences

VulnHub and HackTheBox systems are designed to be capture the flag concept. This means, they are more focused on being a fun challenge and more obfuscated. But in OSCP labs, these system are trying to simulate real world scenario. Also, It gives to chance to experience in client-side exploitation.

Network Knowledge

You should know what an IP address, port and firewalls somehow. After course you are expected to understand how to pivot the network


How hard is Buffer Overflow Machine?

Buffer Overflow machine's difficulty is the same as what you have studied in the course.

Report template

Creating a report template while taking the exam is a good choice because you are not going to want to figure out details of how you exploited the machines and how did you enumerate.

Before PWK course

December 2017 to March 2018

  • FristiLeaks 1.3 , Stapler: 1, PwnLab: init, Brainpan: 1, HackLAB: Vulnix, VulnOS: 2, SickOs 1.2, /dev/random: scream, pWnOS: 2.0, SkyTower: 1, IMF, All Kioptrix levels, Mr-Robot, All Pentestit lab network

March to June 2018 I joined 3 CTF contest and solved Narnia, Leviathan and Bandit wargames on OverTheWire.

I started to solve HackTheBox machines at June 2018

PWK Course

My lab time is started at July and finished at August. I rooted 15 machines in one month. I followed all exercises and created my lab report in first week but I did not upload it. I had a time problem because I was going to my summer school (physics 1&2). Moreover, I joined 2 CTF contest and solved 40 challenges and all active machines in HackTheBox.


I was very excited at the beginning of the exam. I started my enumeration scripts towards all machines. In the meantime, I solved the buffer overflow machine which I knew that I will do easily. I saw one possible vulnerability report on one machine and tried to exploit for hours because I could not compile the exploit properly. Because of my excitement, I was not paying so much attention to read exploitation steps. It worked and got my second machine. I relaxed little bit and slept.

After woke up, I easily got a user token but after this token, I could not find anything for straight four hours. It was like hell. Finally, I realized, I was not paying attention (AGAIN!) to one post exploitation information which is in front of me for hours. I went from there and rooted as well. I took an hour break then started to read manual pages for one service which has a vulnerability. Got a user token, I paid attention (finally!) to post-exploitation outputs and got root in minutes in my last machine.

I did not work on the fifth machine because I was relaxed. Next day, i wrote my 23 pages report which has a lot of screenshots. Also, I checked If everything is okay or not. After two days, I received one of the most desired emails which is;

We are happy to inform you that you have successfully completed the Penetration Testing with Kali Linux certification exam and have obtained your Offensive Security Certified Professional (OSCP) certification.

~ Starting time: 28 October 2018 04:00 AM

~ Final point: 80/100

~ Exam Attempt: Only one

~ Playlist: oh my ears

~ First machine: rooted at 05:30 AM

~ Second machine: rooted at 08:00 AM

~ Sleep time 08:30 AM to 03:00 PM

~ Third machine: rooted at 08:50 PM

~ Nap time: 09:00 PM to 10.00:PM

~ Fourth machine: rooted at 11:00 PM

~ Environment: Arch Linux with Blackarch Linux repos, vim with plugins, xMonad window manager, KeepNote, x86 Kali Linux for the backup.

Thank you for your time and your interest!