currently enrolled in Offensive Security’s Pentesting with Kali (PWK) course for the OSCP certification now an OSCP. I see questions on how to prepare for the PWK course and OSCP certification exam repeatedly on Reddit and elsewhere.
The PWK course will teach you everything you need to know to pass the OSCP exam. Well, the course as well as many frustrating hours of googling to solve a problem! HaHa! Seriously, if you want to save yourself some time in the labs and avoid having to pay for lab extensions then read on.
Here’s my six-step process for anyone to prepare for the course:
- Learn linux and be comfortable working from the command line. Download and run Kali from the bootable ISO or the virtual machine. Learn how to navigate from the cli, and how to edit files with nano and vim, how to use chmod to make your scripts executable.
- Learn Bash scripting. You’re going to need it. Make sure you know how to do things like do an nmap scan for a particular open port and output to grepable format, pipe that output to grep and cut, and then run another command on those IP addresses.
- Learn Python. I used Codeacademy.com and found it to be a good, interactive resource for learning Python.
- Learn how to automate Nmap scans and other cli tools with Python. There are many ways to interact with Nmap from Python including libnmap and python-nmap, but I found subprocess.check_output() to be the easiest for a Python newb to understand and implement.
- Read Mike Czumak’s review of the OSCP, which includes a download for recon-scan.py. I found that recon-scan won’t work as-is due to hard coding of file paths in the scripts, but they are an excellent and easy to understand source of info for a Python newb to learn how to use Python to interact with Nmap and other cli tools. After learning the basics of Python, read Mike’s recon-scan scripts to see how he implemented subprocess.check_output() to interact with cli tools.
- Get familiar with tcpdump and filters.
In the PWK labs and exam, pay attention to detail. On the lab hosts where you get an easy win (MS08-067), you may be tempted to get the proof.txt and move on to the next target. ALWAYS take your time and look for more clues! There are some hosts that you won’t get without finding clues on other hosts that you’ve already hacked. Take a packet capture while you’re there too and save it for later! There’s a portable version of Wireshark that doesn’t require installation that I recommend for taking pcaps on Windows hosts. Download it in advance and have it in your arsenal.
Edit: KeepNote is now searchable. The version of Kali downloaded for the course when I started had a version that wasn’t searchable.