If you’re viewing this you’re most likely interested in developing your first box for Vulnhub.

For those that are unaware of what Vulnhub is: Basically a website for individuals to upload vulnerable virtual machines (VMs) for others to perform assessments against to hone their skills.

You can find it at Vulnhub.

There are a few things you should consider before starting the development of your vulnerable box. Think of this like coding. We “pseudocode” our box with the target audience, intended user paths or footholds, intended privilege escalation paths, and finally if you wish to include any rabbit holes. …


The InfoSec Prep Discord server ( ) works closely with the Offensive Security staff. As such, OffSec gave our server an OSCP voucher code to give away.

The voucher code will allow anyone to have 30 days in the labs, receive the course materials (videos + PDF), and most importantly the exam attempt.

The staff for InfoSec Prep wanted to create a challenge for the give away rather than do a typical “click this emoji” and pray to the RNG based gods that you win. No, we decided it would be best to create what we considered to be…

Not my image. Just found a nice one on the interwebs!

I acquired my OSCP Certification back on the 12th of May 2019. It took three attempts to acquire it but I prevailed.

I should note this was for OSCP/PWK v2. The course was recently updated to v3 in early 2020.

You can read my take-aways and experiences per attempt via:

Once I acquired my OSCP Certification, I started to apply to several different companies as Jr. Penetration Tester / Red Team operator. …

SSH tunnels or port forwarding may be a bit confusing to understand.

There are three different types of SSH tunnels:

  1. Local Port Forwarding: Connections from the SSH client are forwarded via the SSH server to a destination server
  2. Remote Port Forwarding: Connections from the SSH server are forwarded via the SSH client to a destination server
  3. Dynamic Port Forwarding: Connections from various programs are forwarded via the SSH client to the SSH server and then the destination server

Throughout the OSCP lab and even potentially the exam you may need to utilize a SSH tunnel. You will most likely not…


This is not a walkthrough guide or tutorial on how to go about obtaining user or root on this system. Simply put, this is a write up of my experience in owning the system Craft.

This system definitely mimics a real world scenario that an individual in the penetration testing field may encounter. You may even see something like this for an interview challenge or at least getting a shell/user access.

I recommend adding craft.htb to your /etc/hosts file and add any other sub-domains you may come across as you work on this machine.

User/Shell Access

In order to successfully complete this…


I wanted to create something that would automatically grab my VPN adapter’s assigned IP address. I started looking into ways to do it and came up with a command that would give me the IP itself. However, it would not create an environment variable for me or do everything fully. As such I recalled a peer that goes by Tib3rius that had created something similar to what I was working for. I can’t take full credit for this!

These scripts are used to automatically set an environment variable IP after connecting to a VPN. …

Image owned and created by Offensive Security

I’ve been asked several times on Discord to create a post regarding my methodology and how to establish one. Mainly the individuals asking me this are new OSCP Students. As such this is primarily targeting the new OSCP students and for those genuinely interested as to my methodology.

Disclaimer: This is not the end all be all or the *best* methodology out there.

I will lay out some useful tools that are necessary for their specific service that are utilized to execute a methodology. The list may not be complete or contain all there is out in the wild. …

The Bob 1.0.1 VM download from Vulnhub can be found here:,226/

The creator of this VM is c0rruptedb1t

Here’s the basic description:

Difficulty: Beginner/Intermediate

Bob is my first CTF VM that I have ever made so be easy on me if it’s not perfect.

The Milburg Highschool Server has just been attacked, the IT staff have taken down their windows server and are now setting up a linux server running Debian. Could there a few weak points in the new unfinished server?

Your Goal is to get the flag in /

Hints: Remember to look for hidden info/files

1. Service Enumeration


Virtual Hacking Labs


I came across the Virtual Hacking Labs (VHL) during a break between failed Offensive Security Certified Professional (OSCP) Certification exams. It was shortly after my second failed attempt that another user on the same OSCP Discord server I was on had mentioned Virtual Hacking Labs.

Determined to pass on my third exam and desperately needing some practice on my weak area of Privilege Escalation, I decided to give VHL an attempt. I spoke with Discord user whoisflynn#1893 whom reassured me that the hosts were fairly similar to the OSCP labs. …

OSCP Certificate

The following is an unofficial list of OSCP approved tools that were posted in the PWK/OSCP Prep Discord Server ( ) and found on the internet.

Please note it is by no means a complete list of all tools. These are merely tools suggested by other users that are deemed “approved” for the exam.

There will be some tools on here that were not suggested on the Discord server as well.

As a general rule of thumb, if a tool can auto-exploit, it is banned on the exam.

The list is subject to additions/removals as time goes by.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store