Failed with 80 points

Took the exam a couple days ago and since its been stuck on my mind, I thought it best to get it off my chest somewhere. I got called in to work at the very last hour of my exam, so I may have caught my mistake had I not been called in. What did I do? I submitted the root flag for one of the boxes to the wrong IP. I left the control panel webpage for submitting flags open when I left, so after getting back home, I looked over everything and noticed it then. I haven't gotten my results back yet, of course, so officially I haven't passed or failed yet. But, I'm sure I'll be taking it again here in the next couple weeks. I guess there is a (small) chance, depending on how many points are given for standard user-level access, that I could still, just barely, pass, but I'm not banking on it.

Overall, I'm happy that the exam was (is) within my ability to do. I agree with those who say the entire exam is doable within 12 hours. Had I not overcomplicated one of the privilege escalation paths, I would have likely stopped at 12 hours myself. I think it took me about 10 hours to root 3 boxes, and get a foothold on a fourth. From then, I bounced between escalating privileges on that fourth box and trying to get a foothold on the fifth. I am dreading having to do it again though. Breaking into 5 boxes with a time limit of 24 hours and severe restrictions on what tools can be used is mentally exhausting.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

LonerVamp

Is this the OSCP?

Did you list and map the correct flag within your report? You can always fall back onto that to plead your case.

If you do end up taking it again, at least you get to see even more boxes and solve more puzzles.

Experience is knowledge is power!

Elitis

OSCP yeah. Everything listed correctly in the report, on the off chance that would help but the exam guide clearly says flags have to be both in a screenshot and the control panel so I doubt it will help.

I agree with the experience statement. I think I only did as well as I did during the exam because I've been exposing myself to a ton of labs, videos, guides, etc for the past year. I would rather see more boxes in a non-test environment though.

Elitis

Update: I don't know how, but luck was on my side and I have officially passed OSCP. I'm extremely glad I don't have to pull another all-nighter to do this exam again. I will forever be curious about the point breakdown (points for standard-user level access vs points for rooting the box), and that last box I couldn't get a real foothold on. I'll end up doing a review of OSCP (as seems to be standard) some time later comparing the exam and course to eLearnSecurity's PTP course and eCPPT.

Neil86

Congrats!

DatabaseHead

Talk about a pleasant surprise!

chrisone

Congrats @Elitis ! Crazy turn of events

Elitis

Thanks everyone. My review and comparison is on reddit for anyone who wants to read about it (https://www.reddit.com/r/oscp/comments/ho0j5z/oscp_vs_ecppt_my_experience_with_both/).

I'll probably take a few days off to recharge and then jump into working on my AD skills. I still have a couple weeks or so of lab time in the PWK labs so I'll use those to practice what I learned during the course and from there its on to the eCPTX. Maybe some wifi hacking here and there since I never did that module in the PTP course.

chrisone

Elitis said:

Maybe some wifi hacking here and there since I never did that module in the PTP course.

That would be all of us hahahaha

LonerVamp

Congrats!

The review and comparo is always useful and good stuff. OSCP reviews are kinda almost passe over the past couple years, but few have done both and talked about it.

LonerVamp

If you can make your way through the whole PWK lab with your time left, that's always a nice little feather in the cap.

Elitis

Thanks LonerVamp. Its a shame more people don't do eCPPT, it really is an excellent exam and course. I'm glad I went through both though, and hopefully my comparison answers some questions I've seen being asked around and helps someone out. And now I'm interested to see what's at the end of the tunnel. I'm pretty sure I've seen it mentioned somewhere else before of a nice little surprise once you root one of the boxes in the admin (?) network too.