Bug-bounty to OSCP Journey
Hey there, qwack qwack!
So after of completion of my CEH on 05-NOV-2018 i planned for OSCP ,but the question which always hit my mind was
- can i do it , with the present skill set?
- what will happen if i fail!
- should i learn more!
- do i have sufficient funds for it?
worst case for me was to rise funds for this cert , well i was 18 years old with a job of security analyst in New Delhi India , it wasn’t easy for me to rise quick 800$ or 1000$ there , so i took time studied stuffs from google , twitter , Medium GitHub , Stack Overflow etc . So after managing living in New Delhi after 3 months of Passed from the day of CEH completion so i lost my job due to some reasons i had no hopes that it would be possible for me to move on with survival so before leaving Delhi i attended the DEFCON 911 in Gurgaon that was my last Hackers meet in Delhi so i met Teck_k2 (@Teck_k2) , Sarthak Saini (@sarthaksaini) these two people gave me the best advice what can i do , so they suggested me to start doing CTF’s on HTB , root-me , vulnhub.
so after spending my time at DEFCON and had nice talk with these two ultimate L33T’s and got bit confidence to get my hands on CTF’s and do PE learn programming , so after DEFCON i came back to Bangalore , without job in the month of March so after all having a good background and experienced hands on Web application’s Pentesting i started to do bug bounty hunting on Bugcrowd to rise funds for my OSCP cert that was the last option i had after 14 days with 40+ duplicates i got my first bounty of Bugcrowd for referrer based XSS got $100 yay!!
so haha , i got more interested on that part , but i know what is my final goal so i planned with my best friend @sarthaksaini ill be doing HTB as well Bugcrowd programs so he was a bit worried and told try it out if things are really happening you’ll reach your destination , so after march bounty i did more recon read blogs on medium and hackerone hactivity and when i felt exhausted a cup of coffee and failure which i felt for my duplicates marks i cheered up myself by doing HTB so i used to spend atleast 5-6 hours on machines and always i had 2 tabs open one with g0tmi1k privilege escalation for linux boxes and for windows fuzzysecurity but still sometimes i failed on those too when i was on hopes to give up i relaxed myself watching @ippsec videos on youtube (im a big fan of ippsec :P ) so 2nd bounty came up with 750$ yippe yay on April 8th so Bugcrowd almost got me OSCP but, i was still not confident to face OSCP labs and due to some personal issues (RIP grandpa) i went back to my hometown and couldn’t do anything there cause of internet issues and still tried to do Bug bounty and earned more i was there for almost 2 months and almost made upto 2500$ in 3 months i came back to my place in June got job in Stickman consulting as Information Security analyst it become more tough to manage things job+bugcrowd+htb but still tried to manage staying up late nights doing HTB after a last bounty from bugcrowd in july of 4500$ i was up completed 18 active machines on htb in 6 months reached almost 7000$ bounty and learnt privilege escalation , i did forget something !! Buffer overflow :D yeah ! so i quickly looked for sources and googled a bit i found few blogs and asked my friends they gave me a vulnerable application named SLmail and told me to setup a windows 7 machine and practice , but still
Sad part :( started to google again followed some post which i got from google search result “SLmail BufferOverflow Tutorial” so this took me more 1 week to learn , so finally took a break for 2 days and had a long chat my friends so my friend Steven and sarthak told me apply for OSCP, on july 25 2019 i was bit nervous and still moved forward and applied for 1 month OSCP labs and selected for the labs to be started on 28th july , i was still nervous went back to HTB solved more machines till the date for labs start. i got emails from offsec i verified my identity sent a gov provided id card once the verification is done you’ll get a email with receipt and the day your labs start you get your course material.
- SOME IMPORTANT POINTS YOU MUST KNOW BEFORE STARTING THE LABS
- Take some time read the PWK.pdf this one really has something interesting and very helpful on the harder machines
- complete the videos if your new
- Do all the exercises which are in PWK.pdf
First week
i spent one day reading the pwk.pdf it really loved it and gave me bit confidence also to face the upcoming nightmare , but the real nightmare was to adjust my regular job and OSCP labs , pfft!! it seemed to be more harder than it was, but happiness is when you have best supporting team & colleagues and my manager helped me in their level best so i was comfortable with my office desktop i continued to do my labs in my personal space in the company with 0% distraction or disturbance from others so first week completed 18 machines stayed up day and night .
- THINGS WHAT I LEARNT IN FIRST WEEK:
- enumeration is the key to success.
- if you cant do it that way ; do try it from the other way
- if you feel your still stuck at some point , always remember if its is a CTF there’s always a vulnerability :D
- if your still stuck with your exploits take a minute to check your pwk.pdf again
so first week was best i was almost tired i just had hardly sleep for not more than 20 hours in first week .
Second week
After surviving 1 st week i took a complete rest for 1 day where i just had to cry and wanted to give up as it was very hard for me, i called up my friends and told them im finding this very hard , and i was able to complete only 18 machines in 1 st week so one of my friend said just take close look that what you have done in one week, which is not at all a small thing your going great just keep on moving so 6 days more to complete 2nd week i faced some really tough machines where i spent a whole day scratching my head to figure out the privilege escalation parts i really got Goosebumps on few machines but still staying strong on my will i googled read some stuffs from very basic so finally in second week it was bit bad i was able to complete 13 machines almost but this week was huge nightmare where i fell sick and was suffering from cold and fever , but offsec song never let me sleep peacefully, always on my mind “TRY HARDER!!” .. so after all in 15 days i was able to complete 31 machines.
Third week
This week was just killing me worst i started to hate the word “TRY HARDER” where i was stuck on some insane machines where i had to ping offsec chat for hints, i had no hopes that will i be able to complete my oscp labs before 28 -august-2019 late nights sleepy eyes with tears , moved more forward one thing always on my mind “ENUMERATION IS THE KEY TO SUCCESS” there i was in the third week working my ass off 24/7 on labs i was able to unlock the other departments where i had to do pivoting this was the best thing i ever did and this was the one stage where i enjoyed my labs so here i almost reached to an end of my labs this week i was able to finish 17 machines and i had one last week so it was 20-august-2019.
Final week
one more week for the lab ends and i still have more 5-6 machines left and i was very tried due to less sleep and sick of cold . i took a break for one day and started my labs again with a fresh mind, and i was able to complete my rest machines in 48 hours where i had one devil machines which broke me badly and it took me 1 whole to to grab her by the root :D ! i was just gone outta my mind to solve that machine but yeah it did take time and i did complete that machine in other 24-30 hours ! that’s how i completed my OSCP labs machines in 4 weeks . it was truly a legendary feeling when i rooted that machine
Exam time
so all these weeks i spent on labs was truly amazing but the here was the final call for exam , so i wanted to celebrate my happiness that i completed my labs in short duration and i decided to schedule my exam on 5-sept-2018 but my friend suggested me that dont drag things long. do it today and end your battle i was very nervous and cold , That was the time where i had to decide either do or die! i chose do! i scheduled my exam on 26th late night 1:30 am i was very nervous and i had one thing on my mind “JUST DO IT” i logged into the proctor portal did my verification it was just 20 mins procedure and verified myself and started with my exam labs !! pfft i was very nervous it was a 24 hours exam where i completed almost 4 machines in 5-6 hours i didn’t know know was i lucky enough or what! the last machine did drag my time alot on privilege escalation so that did take me alot time to learn and enumerate and finally was able to root the final machine :D
- IMPORTANT POINTS HERE
- Don’t panic just stay clam and focus
- Don’t forget to take screenshots as you go on forward
- if you have really worked hard on your machines then all the base belongs to you
Reporting Time
I got 24 hours to make a proper report and follow offsec standard for reporting , so here i did make my report on windows machine as i was comfortable Microsoft word i finished my reports cross checked it more than 15 times to be sure if everything’s fine :D zipped it and sent it .
- IMPORTANT POINTS (VERY IMPORTANT)
- Make sure your report format is good
- Download the report template from official offsec site
- Don’t drag much with you blah blah stories
- Paste all the screenshots
- Strictly follow offsec report submission standards take a minute to read it and understand the procedure
Once done with the above it was my time to :
So Started from the bottom now we are here!!