Failed OSCP attempt #1

So after some rest today, I'm getting around to posting this. I failed my first OSCP attempt which finished this morning. I took the 60 day package but scheduled the exam around the 30 day mark which was this Monday. I got around 36 machines in the lab and about another 20 hackthebox machines so I was pretty confident going in.

My downfall was the buffer overflow box. For the life of me I couldn't get it to work and spent way too much time on it, around 15 hours. I was able to root the 10 point box and get low privilege shells on the 25 and the other two 20 point boxes. But the I kept going back to the buffer overflow just trying to make it work. It kind of stings going down just due to that box but it's probably my persistence that did me in. If I would have spent all that time in privilege escalation on the three other boxes I would have passed but I was so intent in getting those 25 points, I just let it eat up all of my time.

For the record, I must say that I expected it to behave just what was taught in the training material and went step by step but for some reason the program kept changing the last four EIP digits for the JMP which was landing me in area of memory that I didn't want to be in. I tried so many things to fix it but just couldn't do it. I even started to think there might have been an error in the code of the program. I just wish they would have tested based off what is actually in the material/curriculum. It is a certification exam after all.

I submitted the exam report anyway along with the lab report and just waiting now for confirmation and for them to let me book another attempt hopefully next month.

Let that be a lesson, don't get hung up on one box. I felt getting a foothold on the other four machines wasn't very hard, I spent maybe a maximum of two hours getting low privilege shells and rooting the 10 point box. I'll just work on my privesc more and do some more buffer overflow tutorials.

Find more posts tagged with

Comments

Mefistogr

The answer to your problem with BO is very simple..someone, also, mentioned it on a previous post..pay extra attention to the bad characters..follow each result character by character!!!!!

meni0n

It's not so simple. There was only one jmp address and it didn't contain any bad characters but it was being changed. I checked it for bad characters and the digits I was using were good. I spent most of the exam trying to figure it out.

JoJoCal19

Sorry to hear about the fail, but you seem to have the ability and the way forward to pass it next time!

Blucodex

Sounds like you were really close!

Mattusso

Hi, read up on call esp, jmp eax and other methods

meni0n

I will read more but in the test I think it's testing what was taught in the material and it was only the jmp esp method

MalwareMike

When are you going to take the test again?

meni0n

I scheduled another attempt for this upcoming Monday

Ertaz

meni0n wrote: »

I scheduled another attempt for this upcoming Monday

Good luck man. You'll knock it out of the park this time.

meni0n

Thanks. I'm resolved to spend only a few hours on the buffer overflow this time. If I can't get it by 2 hours, I am moving on and not coming back to it.

LonerVamp

Be a little careful talking about specific box details. Just dropping that here like a wet blanket. Good luck on your next attempt! Sounds like you probably know what you're doing to pass the next time!

TechGromit

meni0n wrote: »

I submitted the exam report anyway along with the lab report and just waiting now for confirmation and for them to let me book another attempt hopefully next month.

The nice thing about the OSCP, a exam retake is only 60 bucks. Fail an SANS exam it's $729, and for most other exams, it's the full cost of the exam again.

MalwareMike

I always find this question interesting for people taking the OSCP. Besides the OSCP material, what videos or reading material would you say helped you the most with either your mindset and/or skill?

sunto

...as you've probably figured out by now, the actual exam is just selection of boxes. No need to jump around or pivot from one system to another. Just identification of vulnerabilities, and exploitation. The emphasis on enumeration is rooted in this fact.

LonerVamp

Good luck!

MrAgent

meni0n wrote: »

I scheduled another attempt for this upcoming Monday

How'd the retake go?

meni0n

Went ok, rooted four boxes. Sent in the report a few hours ago. Hope for the best.

LonerVamp

I think that'll be good for a pass, good job, man!!

meni0n

Thanks, fingers crossed write up is good and I didn't do any typos/mistakes in the report. Compared to the first time, it was a lot harder getting a foothold on these machines. I'm still disappointed I couldn't get anything on the last box considering I spent a good 4-5 hours on it.

monavy

Hey,

Can you please let us know what videos / material did help you apart from the Offsec material?

meni0n

I mostly did hackthebox and vulnhub before doing the OSCP material. I've watched a bunch of videos on the hackthebox machines. I found this link to be useful:

https://backdoorshell.gitbooks.io/oscp-useful-links/content/