Failed with 80 points
Elitis
Member Posts: 50 ■■■□□□□□□□
Took the exam a couple days ago and since its been stuck on my mind, I thought it best to get it off my chest somewhere. I got called in to work at the very last hour of my exam, so I may have caught my mistake had I not been called in. What did I do? I submitted the root flag for one of the boxes to the wrong IP. I left the control panel webpage for submitting flags open when I left, so after getting back home, I looked over everything and noticed it then. I haven't gotten my results back yet, of course, so officially I haven't passed or failed yet. But, I'm sure I'll be taking it again here in the next couple weeks. I guess there is a (small) chance, depending on how many points are given for standard user-level access, that I could still, just barely, pass, but I'm not banking on it.
Overall, I'm happy that the exam was (is) within my ability to do. I agree with those who say the entire exam is doable within 12 hours. Had I not overcomplicated one of the privilege escalation paths, I would have likely stopped at 12 hours myself. I think it took me about 10 hours to root 3 boxes, and get a foothold on a fourth. From then, I bounced between escalating privileges on that fourth box and trying to get a foothold on the fifth. I am dreading having to do it again though. Breaking into 5 boxes with a time limit of 24 hours and severe restrictions on what tools can be used is mentally exhausting.
Overall, I'm happy that the exam was (is) within my ability to do. I agree with those who say the entire exam is doable within 12 hours. Had I not overcomplicated one of the privilege escalation paths, I would have likely stopped at 12 hours myself. I think it took me about 10 hours to root 3 boxes, and get a foothold on a fourth. From then, I bounced between escalating privileges on that fourth box and trying to get a foothold on the fifth. I am dreading having to do it again though. Breaking into 5 boxes with a time limit of 24 hours and severe restrictions on what tools can be used is mentally exhausting.
Comments
-
LonerVamp
Member Posts: 518 ■■■■■■■■□□
Is this the OSCP?Did you list and map the correct flag within your report? You can always fall back onto that to plead your case.If you do end up taking it again, at least you get to see even more boxes and solve more puzzles.
Experience is knowledge is power!
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
Elitis
Member Posts: 50 ■■■□□□□□□□
OSCP yeah. Everything listed correctly in the report, on the off chance that would help but the exam guide clearly says flags have to be both in a screenshot and the control panel so I doubt it will help.
I agree with the experience statement. I think I only did as well as I did during the exam because I've been exposing myself to a ton of labs, videos, guides, etc for the past year. I would rather see more boxes in a non-test environment though. -
Elitis
Member Posts: 50 ■■■□□□□□□□
Update: I don't know how, but luck was on my side and I have officially passed OSCP. I'm extremely glad I don't have to pull another all-nighter to do this exam again. I will forever be curious about the point breakdown (points for standard-user level access vs points for rooting the box), and that last box I couldn't get a real foothold on. I'll end up doing a review of OSCP (as seems to be standard) some time later comparing the exam and course to eLearnSecurity's PTP course and eCPPT.
-
chrisone
Member Posts: 2,278 ■■■■■■■■■□
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
Elitis
Member Posts: 50 ■■■□□□□□□□
Thanks everyone. My review and comparison is on reddit for anyone who wants to read about it (https://www.reddit.com/r/oscp/comments/ho0j5z/oscp_vs_ecppt_my_experience_with_both/).
I'll probably take a few days off to recharge and then jump into working on my AD skills. I still have a couple weeks or so of lab time in the PWK labs so I'll use those to practice what I learned during the course and from there its on to the eCPTX. Maybe some wifi hacking here and there since I never did that module in the PTP course. -
chrisone
Member Posts: 2,278 ■■■■■■■■■□
That would be all of us hahahahaElitis said:Maybe some wifi hacking here and there since I never did that module in the PTP course.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
LonerVamp
Member Posts: 518 ■■■■■■■■□□
Congrats!The review and comparo is always useful and good stuff. OSCP reviews are kinda almost passe over the past couple years, but few have done both and talked about it.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
LonerVamp
Member Posts: 518 ■■■■■■■■□□
If you can make your way through the whole PWK lab with your time left, that's always a nice little feather in the cap.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
Elitis
Member Posts: 50 ■■■□□□□□□□
Thanks LonerVamp. Its a shame more people don't do eCPPT, it really is an excellent exam and course. I'm glad I went through both though, and hopefully my comparison answers some questions I've seen being asked around and helps someone out. And now I'm interested to see what's at the end of the tunnel. I'm pretty sure I've seen it mentioned somewhere else before of a nice little surprise once you root one of the boxes in the admin (?) network too.
