Failed OSCP attempt #1
meni0n
Member Posts: 68 ■■■□□□□□□□
So after some rest today, I'm getting around to posting this. I failed my first OSCP attempt which finished this morning. I took the 60 day package but scheduled the exam around the 30 day mark which was this Monday. I got around 36 machines in the lab and about another 20 hackthebox machines so I was pretty confident going in.
My downfall was the buffer overflow box. For the life of me I couldn't get it to work and spent way too much time on it, around 15 hours. I was able to root the 10 point box and get low privilege shells on the 25 and the other two 20 point boxes. But the I kept going back to the buffer overflow just trying to make it work. It kind of stings going down just due to that box but it's probably my persistence that did me in. If I would have spent all that time in privilege escalation on the three other boxes I would have passed but I was so intent in getting those 25 points, I just let it eat up all of my time.
For the record, I must say that I expected it to behave just what was taught in the training material and went step by step but for some reason the program kept changing the last four EIP digits for the JMP which was landing me in area of memory that I didn't want to be in. I tried so many things to fix it but just couldn't do it. I even started to think there might have been an error in the code of the program. I just wish they would have tested based off what is actually in the material/curriculum. It is a certification exam after all.
I submitted the exam report anyway along with the lab report and just waiting now for confirmation and for them to let me book another attempt hopefully next month.
Let that be a lesson, don't get hung up on one box. I felt getting a foothold on the other four machines wasn't very hard, I spent maybe a maximum of two hours getting low privilege shells and rooting the 10 point box. I'll just work on my privesc more and do some more buffer overflow tutorials.
My downfall was the buffer overflow box. For the life of me I couldn't get it to work and spent way too much time on it, around 15 hours. I was able to root the 10 point box and get low privilege shells on the 25 and the other two 20 point boxes. But the I kept going back to the buffer overflow just trying to make it work. It kind of stings going down just due to that box but it's probably my persistence that did me in. If I would have spent all that time in privilege escalation on the three other boxes I would have passed but I was so intent in getting those 25 points, I just let it eat up all of my time.
For the record, I must say that I expected it to behave just what was taught in the training material and went step by step but for some reason the program kept changing the last four EIP digits for the JMP which was landing me in area of memory that I didn't want to be in. I tried so many things to fix it but just couldn't do it. I even started to think there might have been an error in the code of the program. I just wish they would have tested based off what is actually in the material/curriculum. It is a certification exam after all.
I submitted the exam report anyway along with the lab report and just waiting now for confirmation and for them to let me book another attempt hopefully next month.
Let that be a lesson, don't get hung up on one box. I felt getting a foothold on the other four machines wasn't very hard, I spent maybe a maximum of two hours getting low privilege shells and rooting the 10 point box. I'll just work on my privesc more and do some more buffer overflow tutorials.
Comments
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
Good luck man. You'll knock it out of the park this time.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Can you please let us know what videos / material did help you apart from the Offsec material?
https://backdoorshell.gitbooks.io/oscp-useful-links/content/
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Way to go man. Celebrate. #TreatYoSelf