Tuesday, 10 December 2013

Pentesting With BackTrack (PWB) & Offensive Security Certified Professional (OSCP) Reviews 2013


My OSCP Certification Journey started on 15th Septmber 2013, It is really a great course, and I really
loved it, However today i became OSCP :)

On "Tue 12/10/2013 7:27 PM" I got an official E-Mail from Offensive Security :

Prerequisites :

  1. You must have hands on experience with Linux as well as Windows.
  2. Web Application Programming experience should be really helpful, as you can grasp it quickly.
  3. I would say get your hands dirty with Python and Shell scripting it will help you a lot.
  4. "Out Of Box" Thinking is required, Spoon feeding will not help you.
  5. It is not for Book Worms!...
  6. Self Learning is very important.
  7. Debugging skills are necessary.
  8. Database knowledge is Advantage, You may get situations where it will be necessary.
  9. Get familiar with Backtrack thoroughly 

OSCP Certification Review Links:

What You Will Need :

  1. I personally recommend Backtrack 5 R3, It has everything you need
  2. You can go for other distros like Gnacktrack if you are familiar with it.
  3. I will post some handy scripts and tools here soon , which you can add it and will same your time

Signing Up For PWB Course:

I decided to go for PWB (Penetration Testing With Backtrack) in early September,I read as many reviews
as I could, before signing up. At first I was a bit worried, as I decided to go for 2 Months lab due to Office works. Apart from this Course fee was 950$ and "Dollar" rates were going Up while "Indian Rupee" was falling, I can say overall hard time!

Couse Material:

Made up my mind, And finally Signed Up for the PWB Course!! Once you sign up for the course, You will get course material within few weeks, and your course material includes, Videos + PDF Guide.

  1. Course syllabus was really good and well designed, you can check it here 
  2. Videos + PDF are purely Conceptual and Highly Practical.
  3. Go through each and every material and try to replicate it on your local machine.
  4. Loop back videos until you are 100% clear about concept mentioned.

PWB Labs:

Most fun part is PWB Labs, where you will get VPN access to PWB lab, consist of Vulnerable Servers, I
dove deep into it since my first day and was simultaneously reading course material, trust me this is not for those who want spoon feeding. Course Material and Labs are completely different.

Lab consist of different networks (IT, Admin, Development), as like corporate environment and your
goal is to penetrate through each network and get "r00t/Admin" access on servers. Since Day 1, My goal was to get into ADMIN department, and after long wait...Patience...Most important  sleepless nights...,
I finally did it!

I would recommend to play minimum 6-7 Hours Daily in PWB Labs, which I was fortunate to do, managing my office work, (from 7 PM to 2-3 AM Night), apart from this you can connect with community interact with different people from different region through IRC channels.

There comes time while working on lab, when I really started feeling exhausted, and All you can here
from everyone is "Try Harder".

Lab Tips:

  1. I recommend to honestly work on Lab's try to get as much hosts as you can
  2. Try to replicate each and every thing mentioned in Videos and PDF
  3. If you are not able to r00t some server in Lab, would say move on to next and am sure you will get it later
  4. Recommend to work on Lab documentation, it will definitely prepare you well, also will help you further in your career.
  5. Interact with people over IRC, am sure you will make some good friends.
  6. Most importantly Don't lose patience while working on any exercise.
  7. If you are not able to find ways, I would say go back to Course Material and you will get some directions.
  8. There are some beautiful boxes, don't Miss them, set your target to get it.
  9. Try to exploit a box, from various perspective, you will find multiple ways to get in.
  10. Try to look for juicy information on each and every exploited box, Its like                               "Alibaba And Chalis Chors....Khul Ja Sim Sim" , You will never know what Offsec Team have planted in machine to surprise you.
  11. If you are neglecting small "X" thing I would say visit it once again.
  12. "Try Hard" to get Joy of exploitation.

All I can say is, "A burning desire is the starting point of all accomplishment.Just like a small fire cannot give much heat, a weak desire cannot produce great results". This is where and an OffSec Student makes a significant difference.


Regarding exam I won't share any details, All I can say is its Challenging, take it as challenge and get it.
Its really tough test of what you have done all over the course period, I took complete 24 Hours to finish up this exam, Sleepless night, Stressed mind, I used to take breaks in between to refresh my mind, but only for 5-10 Minutes, Cup of coffee will surely help you to get rid of your sleeping habits!

Once I finished with my exam, I slept for 10 Hours, and then started working on Report Creation for which I took around 7 hours, I personally submitted both Lab and Exam Documentation.

Within 1 and half days Result was Positive!....:) and Rest was a History!

Exam Tips:

  1. If you have worked on Lab honestly , you would have gathered bunch of information, I would say compile those Links, Important and Handy Commands, and sort it carefully, which will save your time in exam
  2. Get complete rest before starting exam, Most importantly keep Coffee Packets Ready!
  3. Read Exam Instructions carefully word by word don't miss any single word, else it will surely mess up.
  4. Define Max amount of time you will work on each machine, once time is up, move on to next box.
  5. I personally took opposite approach of what others took, I started with machines first which seems a bit tough for me, If you are not sure about yourselves, I would recommend to get low valued machines first.
  6. Do not Update any tools before exam, it will mess up the stability, I updated one of the tool and had to spend 20 minutes on it, but was able to get rid of it.
  7. Take backups frequently, who knows VM may crash due to something.....
  8. Take as much screenshots as you can, step by step, Don't forget to get important screenshot due to excitement, Its natural we get more excited when we get r00tw00t, and later on you realize about missing screenshots, name it appropriately, which will save your time while working on report.
  9. I would say, Attend all, struggle till last moment, don't loose patience, at some point you may feel, you have enough points to pass exam, but trust me it can be an illusion, so always set goal to attend all!..
  10. Even if you are unable to get complete access, document your steps, it may help you.
  11. Enumeration is the key!...if you are unable to get direction loop it back to Enumeration step.
  12. At some point you will feel, You have done it...but when you run it will fail, I would say think about reason behind it, accordingly recreate it and you will succeed.
  13. If "X" way is not working, Try "Y" then try "Z", don't loop back to same way again and again.
  14. It requires Complete Madness, Capacity to struggle till last moment, and most importantly patience!

Documentation Tips:

  1. Include Lab documentation as well with you exam document.
  2. Step by step screenshots with appropriate information.
  3. Once finished, go through documents 2-3 times, and am sure you will find some small mistakes.
  4. Keep same format throughout the document, provide as much information as you can.

Ultimately Remember Few Things:

"The motivation to succeed comes from the burning desire to achieve a purpose"

"Whatever the mind of man can conceive and believe, the mind can achieve"

"The journey to being your best is not easy. It is full of setbacks. Winners have the ability to overcome and bounce back with even greater resolve"

"The best teachers will not give you something to drink, they will make you thirsty. 
They will put you on a path to seek answers" - For Offensive Security

To Be Continued....


  1. hello i have couple of questions
    should i have work experience before taking the course in network or other stuff?
    can i after getting the certificate find a job easily in security/pen-testing field

  2. Hello Anonymous,
    Important here is your Will power and hard work...if you have job experience its well and good, You can take this course and learn lot of things as it will give you a direction, It will start with Web application security, basic tool sets advanced methods like buffer overflow, but when you dive into Labs you will use your skills and methodologies to penetrate into Servers...that's where you will be prepared, initially it may find hard but I would suggest you to go through basic materials i.e Web Application vulnerabilities, metasploit , etc...it will definitely help you..


  3. Hi,

    naice blog. Just a couple of questions.

    1. Is this certification different from the traditional cisco and other certifications ? (go to prometric/ pearson and appear for the exam)
    2. Do you get a hard copy of the certificate after you get certified ?
    3. Do you get any hard copy of the books or only soft copy and videos ?

    Thanks in advance

    1. Hi,

      This is totally different from traditional certifications like Cisco, CEH etc...
      This exam can be given from anywhere!...
      No Prometric centers and no one to monitor, but OSCP exam itself is very challenging because it is a practical exam.

      1. Signup for Course, get material [ 1 Study Guide PDF & Videos ], Play into Lab machines [ VPN Access ].

      2. Opt for exam within specified period, on the day of exam you will get VPN connection details and PDF with challenge and its rules.

      3. Finish the challenge within 24 Hours of time, create report in next 24 Hours submit them to Offensive Security.

      4. You will get email from Offensive Security withing 2-4 days.

      Yes and you definitely get Certificate Hard Copy after passing OSCP challenge, takes around 1 month.

      I would say Offensive Security Certified Professional is the Best & Challenging Course which am sure you will definitely enjoy.

      Hope this helps..


  4. if you need any help email me a.sharabati@gmail.com
    by Ahmad Adel Moh. Sharabati
    address os_name os_sp purpose name Windows XP client SMB MS08-067 Ubuntu Server RFI - priv:Linux Kernel <= 2.6.34-rc3 ReiserFS xattr Privilege Escalation Windows 2000 server WebDav Windows 2000 server WebDav Windows 2000 server pass the hash from 206 Windows 2000 server SMB MS08-067 Windows XP client Linux 2.4.X server RFI - priv:Linux Kernel <= 2.6.34-rc3 ReiserFS xattr Privilege Escalation OpenSolaris device tomcat - default account Windows 2003 server coldfusion 8 Linux 3.X server Linux redhat samba 2.2.7a FreeBSD 7.X device csm php lite admin Windows 2008 server Linux 3.X server Windows 7 client Windows 2008 server ExtremeXOS 12.X device Samba 2.2.3a Windows 2008 server embedded device LFI NIKTO - brute force : bob user bob password Windows 2000 server telnet --> MiniShare /windows/remote/616.c Windows 2003 server using metasploit be fast kill python.exe and migrate the process Windows 2000 server SMB MS08-067 Windows 2003 server SMB MS08-067 NetWare 6.X device Windows 2003 server SMB MS08-067 Linux 2.6.X server https://www.exploit-db.com/exploits/15704/ Linux 2.6.X server embedded device Linux 2.6.X server https://www.exploit-db.com/exploits/18650/ Linux 3.X server Windows 2008 server ms09_050_smb2_negotiate_func_index Linux 2.6.X server Linux 2.6.X server alice user alice Linux 2.6.X server Windows 2008 server ms09_050_smb2_negotiate_func_index Windows 2000 server Android 2.X device FTP Pro Windows Vista client{.exec|C:\Users\Public\Downloads\crypt.exe.} Linux 2.6.X server,0x3a,user_pass%29+from+wp_users%23 Linux 2.6.X server Time Sheet https://www.exploit-db.com/exploits/1518/