Oscp failure tips?

drifta303drifta303 Registered Users Posts: 3 ■□□□□□□□□□
Hey all I failed the oscp exam on my first attempt recently. I got the buffer overflow but nothing else.

I couldn't find a way into any of the other boxes.i tried scripts against old versions of software, i tried to find a way to get through funny web scripts and sites, tried brute forcing a mailserver but nothing at all. No way into any box.

I enumerated everything i could think of but could not find any way in.
I used my own enumeration and others scripts too.

I didn't focus on the low point box just the higher ones.

Are the exam boxes different every time? Perhaps i was really unlucky this time.. I'll keep trying, any advice is appreciated.


  • Options
    airzeroairzero Member Posts: 126
    I failed 5 times so I think I have enough experience to give some advice.

    First, you shouldn't ever need to brute force anything in the exam. *Maybe something with rockyou.txt but offsec really tries to make everything possible with the right enumeration rather then depending on brute forcing.

    You really should move between boxes, if you get stuck don't spend more then an hour on a single box or you can end up wasting a lot fo time. scripts can be very useful, but sometimes miss things. The time I passed the exam, I didn't use any scripts, was able to get by on nmap, enum4linux, snmp-check, dirb, nikto and a lot of googling and manual enumeration. Honestly this exam is more about knowing WHAT to look for rather then HOW to exploit into boxes.

    I would suggest working on a more thorough methodology and structured approach to boxes as well as a very defined time management plan. I think time managment makes the biggest difference with this exam.

    Get some more lab time and really practice on what you need to know to exploit boxes, enumeration is the key to this exam. Hope this helps man and good luck!
  • Options
    drifta303drifta303 Registered Users Posts: 3 ■□□□□□□□□□
    Wow! thanks so much... It was really helpful that you posted what tools you used - did you have to modify any exploits? like swapping shell code or ip addresses or more?

    Yeah my methodology could possibly use some work. for example if I find an unknown port do I just nc to it and type help and see what happens or or there another way? I used the nmap script scanning i think.

    Did you have to do any xss/injection kind of stuff?
  • Options
    airzeroairzero Member Posts: 126
    You may or may not have to modify exploits to get them to work, I'm going to leave that up to you to figure out as it will teach you more about the exploits themselves and how to read code. you will need to know web application techniques, but it won't be any more difficult then what you would find in the lab. If you come across something that is unknown I suggest doing research. Banner grab at that port to see if you can get some service info, google common services running on that port, maybe that port is used with a different service on the system. It's all about enumeration and finding the info you need to exploit the box.
Sign In or Register to comment.