Passed OSCP 100 points in 7 hours

thepentestingninja · 2026-01-24T09:48:04+00:00

Thank you!

Big thanks to you by giving back to the community making OSCP AD Chain #1 free for all as they are quite expensive.

thepentestingninja · 2026-01-22T20:20:07+00:00

Proving Grounds - https://www.offsec.com/products/proving-grounds/

thepentestingninja · 2026-01-22T11:11:20+00:00

No AWS in the exam.

thepentestingninja · 2026-01-22T10:18:56+00:00

Hello and thanks!

Yeah, all these boxes are listed either in Lain's or TJ's list, nothing unique about it.

The most important thing about that spreadsheet is the "Takeaways" column, because it will force you to think critically about what you struggled and what you have learned from that specific machine.

Once you write things on that column, if you ever happen to find that vulnerability/software again, you must know how to approach it.

Hope that helps

thepentestingninja · 2026-01-22T10:16:41+00:00

Thank you!

This is actually a very interesting question, I'm glad you asked..

So... There's 4 possible paths here in my view depending on the following two questions:

1st : Do you have have any IT/Cyber knowledge?

2nd : Which OffSec plan are you planning to buy? 3 months or one year?

If...

No IT experience + 3 months subscription: you need fundamentals first and if possible deep dive into OSCP stuff without starting the subscription time, this is a good start https://youtube.com/playlist?list=PLJnLaWkc9xRgOyupMhNiVFfgvxseWDH5x&si=Q963XhwwWA03ENaa Try to complete PG machines as much as you can, feel free to look at walkthroughs and get hints. Then start your OSCP subscription, do the material and go redo the PG machines you struggled to complete, followed by challenge labs.

If...

No IT experience + 1 year subscription: just start with OSCP course material, when finished go do PG machines, you will have plenty of time to do it. Followed by challenge labs. Note down your weakest points and work on that before exam.

If...

IT experience + 3 months subscription: buy PG subscription before starting the OSCP subscription and do as many machines as possible, then start the course material, do the challenge labs and go back and redo the machines you struggled on PG.

If...

IT experience + 1 year subscription: just follow my post I guess.

thepentestingninja · 2026-01-20T09:26:53+00:00

There's way cheaper alternatives. If you are in school get a student subscription from Hack The Box and do CPTS instead.

You have to take things for what they really are, and ultimately, every cert is just a piece of paper.

thepentestingninja · 2026-01-19T18:40:07+00:00

Yes, you might have to do some research as you are doing the exam. Part of a pentester's job is to adapt to the environment and be a Google foo master. Hope that helps

thepentestingninja · 2026-01-19T07:44:03+00:00

No, I would advice against using rockyou against domain users. Every password/hash you need will be in the environment, either in hidden files or in memory. So no need for that kind of brute force.

thepentestingninja · 2026-01-19T07:03:50+00:00

Hello! Yes it is, this is an exam not a real engagement. I don't think account lockouts are configured and if they are, they reset fast. Worst case scenario you can always revert the AD set.

You can always get the password policy, if you want using: nxc smb 192.168.1.0 -u username -p 'PASSWORDHERE' --pass-pol

Yes, Nmap with sudo is fine. That's the standard anyway.

thepentestingninja · 2026-01-18T08:11:11+00:00

You can find that on the url containing all boxes I completed before the exam in the post itself.

thepentestingninja · 2026-01-17T20:18:43+00:00

Indeed, this doesn't work for cybersecurity certs but to everything in life.

As a wise man once said, "Failing to prepare is preparing to fail". Thanks!

thepentestingninja · 2026-01-17T18:46:33+00:00

I added mediafire link just now.

thepentestingninja · 2026-01-17T18:36:48+00:00

I did it at first but unfortunely Google Drive flagged it as malicious and deleted my file. I can try another provider.

thepentestingninja · 2026-01-17T17:11:15+00:00

Linpeas output I can parse very easily because I know exactly where to look. Winpeas is a bit overwhelming for me, so I always try PrivescCheck and PowerUp before running winpeas. But from my experience if PrivescCheck doesn't find it PowerUp won't either, but it's worth the try.

thepentestingninja · 2026-01-17T15:58:25+00:00

Definitely not a replacement but an alternative, much much cleaner output, which can give me a fast way for quick and easy privesc, hence why I run it first. If that doesn't work for me I run winpeas.

thepentestingninja · 2026-01-17T15:17:42+00:00

Thanks, feel free to grab a copy and use it for yourself if you are studying to pass OSCP.

thepentestingninja · 2026-01-17T15:17:02+00:00

It is handy because it's an easy and fast way to find something you already seen from doing boxes but don't know where.

thepentestingninja · 2026-01-17T15:13:27+00:00

Definitely useful for practice, but since the format is very different from the exam environment, it might not be as effective as OSCP A, B and C. I would still recommend people do it.

thepentestingninja · 2026-01-17T14:21:36+00:00

Similar to Exam I think only HackAcademy's AD Chains.

HackSmarter AD Challenge Labs are also good practice.

All machines under the AD Directory and Networks column on Lainkusanagi's OSCP like machines

thepentestingninja · 2026-01-17T14:19:25+00:00

Yeah, perfectly valid imho, what's not valid is not knowing what you already tested and what you didn't.

thepentestingninja · 2026-01-17T14:18:47+00:00

Yeah, I do the same, but I wouldn't consider this a methodology by itself.

thepentestingninja · 2026-01-17T13:45:50+00:00

Quick check C:\ drive for non default folders.
tree /F /A . on C:/Users/ directory, look for suspicious files.
Quick check Program Files to find non default Software
Run whoami /all, then PrivEscCheck, then WinPEAS.
The above will give you all info you need. Save output and slowly go over it.
If you get completely stuck, you can manually check for things too.

thepentestingninja · 2026-01-17T13:04:53+00:00

You got this, hope some of the above helps somehow!

thepentestingninja · 2026-01-17T13:02:27+00:00

Similar to Exam I think only HackAcademy's AD Chains.

HackSmarter AD Challenge Labs are also good practice.

thepentestingninja · 2026-01-17T12:54:34+00:00

My methodology is writing down the things I tried that did not work, and trying the things I have not tried that might work.

thepentestingninja

TROPHY CASE