OSCP for fun and entertainment.
Comments
-
NotHackingYou Member Posts: 1,460 ■■■■■■■■□□Awesome progress!When you go the extra mile, there's no traffic.
-
Jebjeb Member Posts: 83 ■■■□□□□□□□Well something got smashed and it wasn't the exam. I hit a brick wall and just couldn't get anywhere. I got about 35 points, and spent most of my time beating on one machine, that I got half points on. Everything else but one shut me down. I felt like the first month all over again.
Guess I'll have to fall back and evaluate what I would do different. There's certainly some thing I'll need to go back to the lab and reevaluate. -
Sheiko37 Member Posts: 214 ■■■□□□□□□□I did not expect that, most reviews say the exam machines are easier than the lab
-
invictus_123 Member Posts: 56 ■■□□□□□□□□Well something got smashed and it wasn't the exam. I hit a brick wall and just couldn't get anywhere. I got about 35 points, and spent most of my time beating on one machine, that I got half points on. Everything else but one shut me down. I felt like the first month all over again.
Guess I'll have to fall back and evaluate what I would do different. There's certainly some thing I'll need to go back to the lab and reevaluate.
Mate don't be too disheartened, judging by your progress in the labs it just sounds like you had a bad day. Don't let yourself think youve wasted the last few months.
If the retake cost a couple of grand then yeh, it would be sh**, but $60 is more than reasonable. I would go over my notes again, and go for the test again. You are definately more than competent.
Let us know what your next move is.
Ps. What comparison would you make between the lab machines and test ones (I'm sure you'll get asked this alot!) -
Janne4 Member Posts: 29 ■□□□□□□□□□It will probably be easier if you go for a second attempt. You know what to expect and maybe you will get 1-2 machines from your previous exam on which you already have done some work.
If you are close to make it and fail then time management is likely the issue, if you are not close then you have to work harder on the parts where you are weak.
That aside, I thought you would make it on your first attempt, but I guess many people fail on the first attempt (but you hear more about the "success stories" than about the failures ; )
I also failed on my exam attempt, but since I got stuck after 30 machines in the lab network , I pretty much expected to fail on the exam.
The good part is that it is cheap to take a new attempt, the bad part (for me) is that I know that I have to do way more labs and studies to even have a chance to succeed. -
Jebjeb Member Posts: 83 ■■■□□□□□□□I dunno what happened. After doing all the basic scans, I started looking around. Almost nothing matched up with ports I'd previously dealt with in the lab. One was easy. Just go thru the basic steps they taught you and you get an easy 25 points. I had a mix of Linux and windows, and varied services, some with web ports. I went into one with a strong website presence and discovered a basic vulnerability I used for Enum. One thing that became apparent was one of my Reverse Shells doesn't work well on Windows. Something I didn't realize before. I wasted way too much time looking for an RFI. By the end of the night did get something going that gave me a limited shell, but it had quite a few environmental constraints on it.
I did try every machine that was available, one had a exploit available, but it appeared the machine had been tweaked to make sure it would not work. I did not have the luxury to figuring it out if it could be modified to work in time. I'm not unhappy with my time management, I did take short breaks and ate through out it. Sleep wasn't an issue, though I was coming down with a cold as I figured out the next day. Apparently I'm just not fast at it all
I don't know why I had so much trouble, maybe just a bad day. I don't know about my retake yet, I may just book another test asap, or extend for lab time. I don't know yet. Once I came to the realization it wasn't going to happen, I did spend more time enumerating those machines, in case I got them again, so I could research some in advance. Metasploit was useless to me btw. Under the gun it s a different process, to single out the right attack vector. It felt like there were a lot of 'decoys' set up.
Oh well its all about the journey, I wont be stopping until I pass. -
mokaz Member Posts: 172I dunno what happened. After doing all the basic scans, I started looking around. Almost nothing matched up with ports I'd previously dealt with in the lab. One was easy. Just go thru the basic steps they taught you and you get an easy 25 points. I had a mix of Linux and windows, and varied services, some with web ports. I went into one with a strong website presence and discovered a basic vulnerability I used for Enum. One thing that became apparent was one of my Reverse Shells doesn't work well on Windows. Something I didn't realize before. I wasted way too much time looking for an RFI. By the end of the night did get something going that gave me a limited shell, but it had quite a few environmental constraints on it.
I did try every machine that was available, one had a exploit available, but it appeared the machine had been tweaked to make sure it would not work. I did not have the luxury to figuring it out if it could be modified to work in time. I'm not unhappy with my time management, I did take short breaks and ate through out it. Sleep wasn't an issue, though I was coming down with a cold as I figured out the next day. Apparently I'm just not fast at it all
I don't know why I had so much trouble, maybe just a bad day. I don't know about my retake yet, I may just book another test asap, or extend for lab time. I don't know yet. Once I came to the realization it wasn't going to happen, I did spend more time enumerating those machines, in case I got them again, so I could research some in advance. Metasploit was useless to me btw. Under the gun it s a different process, to single out the right attack vector. It felt like there were a lot of 'decoys' set up.
Oh well its all about the journey, I wont be stopping until I pass.
To be honest with you i found my exam systems to be more "up to date" than the labs systems. I found the exam to be harder in terms of steps or routes required in order to be root/admin... My metasploit cartridge did gave me a 10 points on a host that was not really considered a hard one.. Though i'd figured out pretty quickly that i could use my MSF gun at this one and kept notes of that aside so if it turned out i'd be banging on some hosts along the way i'd have that on my side already..
Time management and fatigue where killers for me really, 10 seconds before the VPN shutdown i was still hammering a host with possible local priv escal exploits with no luck...
But well i've been lucky enough to pass it on my 1st try although clearly i've spent 23:45 minutes behind my screen with almost no breaks apart from a coffee here and there...
Good luck mate you'll get it !! -
Jebjeb Member Posts: 83 ■■■□□□□□□□Day 121
Well here's my over due update. After the first exam attempt I started coming down sick, but I had already booked another attempt. I got a completely new batch of machines with a slightly different buffer overflow ( its seems to be a constant machine type, as mentioned elsewhere). I did better getting 55 points, but still falling short, I did use all 24 hours but really wasn't feeling well. I did spend the last 2 hours when I realized I wasn't going to pass trying some off the wall stuff and using metasploit, at minimum just trying to learn.
I can't stress how important it is to keep trying and attempt to learn every thing you can. Even when your going to fail! I really was only 1 escalation attempt away, I had found the oddity in the system I was sure was the path but couldn't get there.
I will mention the machine I was working on I had identified a vulnerable config, and used my 1 shot of Metasploit to generate a remote shell with Local access. This was well worth it and actually was turning point. Even though I couldn't escalate it further it was the last success of that night.
Sunday I took the exam again, oddly enough I got the exact same machines again. I would never have guessed that, and I wouldn't count on it happening to anyone else. It was like starting with 55 points in the bag. It took me 3 hours to redo and document all the machines again, and I was able to go back to the Vulnerable config I found last time. There were some small changes, and again the BO was slightly different. I started with Metasploit for my local shell I found last time trying to escalate it.
I spent quite a bit of time trying what I thought was the path forward, and overcame quite a few small challenges and issues with the shell I was using. My previous time was well spent, the tricks I learned for dealing with things were invaluable. After a couple of hours I started researching again, and immediately found a exploit-db post dealing with the config I had. It took a little time and error but I managed to get it work and escalated to root.
This gave me exactly 70 points (or so I thought) 8 hours in. I wasn't very comfortable with this and I spent the next couple hours trying the remaining 2 machines( 1 already with local access). I didn't get far with them, but I felt comfortable with my work. So I went to bed I left 10 hours on the exam and slept the night thru.
I got up the next day and while at work did my report between tasks, 29 pages, with 10+ of screenshots and appendix of 2 pages of Proof.txt files from the lab in a chart. I did not submit a lab report. I did follow the example report format just about exactly.
I felt decent about it, but as long as you show do-care, there not much chance of them deducting points for the report.
I submitted my report and 2 hours later got a conformation email that they had received it. 24 hours late almost to the minute, 120 days from the start, I got my email that I had passed the exam!
I'm glad its done, and I'm proud to have finished it, and I did try harder! I will mention I was lucky and really should have applied my self a bit more. I did not study between test attempts at all, I spent the time getting over the flu and just getting my head straight. There'd certainly a random factor in what machines you draw, some being easier for some than others. There was still 3 machines across my attempts that I never even found a exploit/foothold on. But 3 full compromised and 1 local was just enough to get by.
Thank you everyone for following my story. -
invictus_123 Member Posts: 56 ■■□□□□□□□□Congrats dude! Out of interest, how many machines in the lab did you have? I know it's different for everyone just thought I'd ask
-
Jebjeb Member Posts: 83 ■■■□□□□□□□I had completed 48 out of my estimated 50 machines. I'm looking forward to reading about the last 2.
-
invictus_123 Member Posts: 56 ■■□□□□□□□□Ah awesome. I'm on 38 with no duplicates at the moment and have my exam coming up soon.
-
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass jebjeb! Your OSCP journey has been awesome to watch.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Sheiko37 Member Posts: 214 ■■■□□□□□□□Congratulations, though really daunting when I'm scheduled to take the exam in the next few weeks.
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Wow! excellent work! congrats!Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX