Linux Privilege Escalation for OSCP & Beyond!
This course teaches privilege escalation in Linux, from basics such as how permissions work, to in-depth coverage and demonstrations of actual privilege escalation techniques.
Reddemy may receive an affiliate commission if you enroll in a paid course after using these buttons to visit Udemy. Thank you for using these buttons to support Reddemy.
Reddit Posts and Comments
0 posts • 16 mentions • top 13 shown below
97 points • gthume
I received the email this morning that I passed my OSCP exam! Thank you to everyone on this sub for providing so many useful resources! Here is how I prepared:
I started prepping for PWK mid-January. At the time I was working helpdesk at a hospital, I have recently been promoted to desktop support. I had no linux or scripting experience prior to preparing for PWK. It was a steep learning curve, but completely doable.
I started PWK in March and failed my first exam attempt on June 15th. I did some more HTB retired machines and brushed up on priv esc skills and passed my second attempt on July 17th.
My Favorite Resources:
TibSec's Linux Privesc course:
TibSec's Windows Privesc course:
Best HTB write-ups around (I read these religiously):
Ippsec OSCP HTB Playlist:
HTB/Vulnhub OSCP like boxes:
Fantastic pentesting note-taking application and reverse shell payload generator:
I want to become proficient in python, learn the ins-and-outs of active directory, and then prep for and enroll in the AWAE/OSWE course.
1 points • londongreyfog
I heard positive feedbacks from this course: https://www.udemy.com/course/linux-privilege-escalation/. It is done by the author of AutoRecon tool.
1 points • Sene0
If you are willing to spend some money, try this Udemy course. If you look for Tib3rius’ twitter account, he frequently posts coupons there so I could get it for 11€. It’s a short but very good course in my opinion and gives you a structure
1 points • chrisbliss13
I learned everything I needed from these videos there a Windows and Linux https://www.udemy.com/course/linux-privilege-escalation/
1 points • Arc-ansas
Do the https://www.udemy.com/course/linux-privilege-escalation/ course. Some local libraries give free udemy subscriptions.
16 points • Plotk1ne
My learning tips after passing on the 1st attempt
-1) My background
eJPT, eCPPT and hacked a few HTB machines
0) Exercises/lab report
Whether you do exercises and lab report is your personal choice. Since the 2020 update there are alot of exercises (\~90 sets if I remember correctly); taking you at least 15 days if you work hard on it.
On one side, if you do quick maths you'll realize it's easy to be stuck at 65 or 67.5 points in the exam so it's good to secure passing score. On the other side, time spent doing the exercises could be better spent in the labs rooting boxes.
Personally I didn't do exercises/lab report because I wanted to focus on the labs. I didn't even read all the PDF. Lab is the place where you really learn things.
1) Rooting boxes
Root as many boxes as you can in the PWK labs.
I rooted around 35-40 boxes, skipping dependent boxes/AD boxes/client-side attacks boxes. More importantly than rooting boxes: take notes about what you learned rooting each boxes and the mistakes you did. The thing to keep in mind when taking notes about a box is that they should help you overcome the difficulties you encountered doing the box, when facing a similar box. Also don't spend too much time on a single box if you don't find the entry point: use PWK forum and discord communities to get hints. I never spent more than 2-3 hours without asking for hints.
2) TJNull OSCP-like boxes list
I personnally only did \~8 boxes from the HTB list and none from the vulnhub one but these are really good resource to help you prepare for the exam.
3) Write an enumeration methodology
From all your pwned box in PWK labs/HTB & vulnhub lists, write an enumeration methodology and personal tips to not fall in the same traps as the ones you falled into.
This is crucial. You should have a methodical way of enumerating boxes and their services.
4) Privilege escalation
I recommend taking those two udemy courses:https://www.udemy.com/course/windows-privilege-escalation/https://www.udemy.com/course/linux-privilege-escalation/
They are truly awesome and help you have a good methodology to enumerate boxes for privilege escalation vectors.
For enumeration: You can use autorecon by tib3rius: https://github.com/Tib3rius/AutoRecon. I personnally made my own bash enumeration script to add more enumeration commands and to use the commands I prefer but this tool helped me alot in the labs.
Take your time. Be methodical and enumerate everything you can, you'll end up finding the way in. As people use to say: "don't leave any stone unturned".
You'll be most probably blocked at some points in the exam. Don't panick and review your methodology: what did you miss? what could you try?
As people already said there are "lots of rabbit holes in the exam", meaning you'll get alot of things to enumerate and that's why you should be as methodical as you can.
During my exam my focus dropped dramatically after \~15 hours in, also due to the fact that I couldn't sleep the night before. I took regular breaks (around 5 minutes every hour, and a longer break to eat).
One thing I wasn't expecting in the exam is that the proctoring software took alot of resources on my computer (streaming 3 screens and a webcam). You should take that into account because when I launched my enumeration script at the beginning of the exam my CPU peaked regularly at 100% because of this proctoring software running in parallel. That didn't lead to freezing or other problems but my computer was clearly pushed.
Don't underestimate the time needed to write your report: I took \~7 hours to make it while I thought I would be done in 2-3 hours. You really don't want to write you report in a hurry like I did. My advice would be to sleep some hours after the exam and immediately start writing your report afterwards. I used offensive security templates.
I wish you the best of luck. If I did it, so can you!
1 points • yelenz
This is free.
Remember, length of a course doesn't matter. This course is a great example: https://www.udemy.com/course/linux-privilege-escalation/.
It's 20$ for 1.5 hours, but it's absolutely worth it.
1 points • TibSec
Latest coupons are: https://www.udemy.com/course/windows-privilege-escalation/?couponCode=JULY2020 and https://www.udemy.com/course/linux-privilege-escalation/?couponCode=JULY2020
You can always grab the latest coupons from the pinned tweet on my Twitter (https://twitter.com/tibsec) 🙂
3 points • WasZurHecke
Yes, i acutally would recommend to start with HTB or TryHackMe since VIP access is really cheap (8-11 € per month). I did it the other way around and it probaly was a waste of ressources and time to be honest. All in all i did around 120 boxes on different platforms before taling the exam.
I took these two courses and i can recommend them without any hesitation. (Tiberius posts a discount code on his twitter every month with which you can get the course for 14.99$ each, which is a steal imho)
Linux Privilege Escalation:https://www.udemy.com/course/linux-privilege-escalation/Windows Privilege Escalation:https://www.udemy.com/course/windows-privilege-escalation/
As for VHL. I just bought a month of access. If you are a beginner or did not do the offsec labs, think about buying a longer period and safe on the offsec labs. Their PDF guide is really nice imho and they have around 42 machines with various difficulties. (Also they have hint panel for around 25 of them, so if you are stuck you don't need to lurk around in forums and decipher cryptic hints. This is very helpful, especially if you are just starting and need to learn the ropes.
I'll update my post to include this TryHackMe room that really boosted my time for the BOF in the exam. Took me roughly around 45 Minutes to an hours, so i can really recommend to train BOF there. (The ones in the exam will be very very similar if not the same) (Also it's free!)
BOF on TryHackMe:
1 points • planet-express-212
Passed the OSCP with extra Help with 3 Udemy Course: Privilege Escalation is vital, and these 2 Udemy Courses are highly recommened for anybody pursing OSCP or other similar penetration testing endeavors: Windows Privilege Escalation for OSCP & Beyond! https://www.udemy.com/course/windows-privilege-escalation/
Linux Privilege Escalation for OSCP & Beyond! https://www.udemy.com/course/linux-privilege-escalation/
For Layer 7/Application Layer attacks check out: Website Hacking / Penetration Testing & Bug Bounty Hunting https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/
1 points • c1ssp
It is not free content, but it is well worth it.
2 points • FalconSpy
While failing obviously sucks, try to take it as a learning experience.
I failed my exam twice before finally passing on the third attempt. All of my experiences can be found via
If your methodology and priv esc are your weak areas, take a look at the following resources:
As others have probably mentioned there is TryHackMe and Virtual Hacking Labs as well for extra practice.
1 points • Konzr
Also for privilege escalation try Linux Privilege Escalation for OSCP & Beyond! From Tib3rius