Failed OSCP attempt #1

meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
So after some rest today, I'm getting around to posting this. I failed my first OSCP attempt which finished this morning. I took the 60 day package but scheduled the exam around the 30 day mark which was this Monday. I got around 36 machines in the lab and about another 20 hackthebox machines so I was pretty confident going in.

My downfall was the buffer overflow box. For the life of me I couldn't get it to work and spent way too much time on it, around 15 hours. I was able to root the 10 point box and get low privilege shells on the 25 and the other two 20 point boxes. But the I kept going back to the buffer overflow just trying to make it work. It kind of stings going down just due to that box but it's probably my persistence that did me in. If I would have spent all that time in privilege escalation on the three other boxes I would have passed but I was so intent in getting those 25 points, I just let it eat up all of my time.

For the record, I must say that I expected it to behave just what was taught in the training material and went step by step but for some reason the program kept changing the last four EIP digits for the JMP which was landing me in area of memory that I didn't want to be in. I tried so many things to fix it but just couldn't do it. I even started to think there might have been an error in the code of the program. I just wish they would have tested based off what is actually in the material/curriculum. It is a certification exam after all.

I submitted the exam report anyway along with the lab report and just waiting now for confirmation and for them to let me book another attempt hopefully next month.

Let that be a lesson, don't get hung up on one box. I felt getting a foothold on the other four machines wasn't very hard, I spent maybe a maximum of two hours getting low privilege shells and rooting the 10 point box. I'll just work on my privesc more and do some more buffer overflow tutorials.
«1

Comments

  • MefistogrMefistogr Member Posts: 17 ■■□□□□□□□□
    The answer to your problem with BO is very simple..someone, also, mentioned it on a previous post..pay extra attention to the bad characters..follow each result character by character!!!!!
  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    It's not so simple. There was only one jmp address and it didn't contain any bad characters but it was being changed. I checked it for bad characters and the digits I was using were good. I spent most of the exam trying to figure it out.
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,829 Mod
    Sorry to hear about the fail, but you seem to have the ability and the way forward to pass it next time!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • BlucodexBlucodex OSCP, GCIA, GCIH, GMON, CISSP, CEH, CHFI, CCNA CyberOps, Security+ Member Posts: 430 ■■■■□□□□□□
    Sounds like you were really close!
  • MattussoMattusso Registered Users Posts: 1 ■□□□□□□□□□
    Hi, read up on call esp, jmp eax and other methods
  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    I will read more but in the test I think it's testing what was taught in the material and it was only the jmp esp method
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Member Posts: 147 ■■■□□□□□□□
    When are you going to take the test again?
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    I scheduled another attempt for this upcoming Monday
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    meni0n wrote: »
    I scheduled another attempt for this upcoming Monday

    Good luck man. You'll knock it out of the park this time.
  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    Thanks. I'm resolved to spend only a few hours on the buffer overflow this time. If I can't get it by 2 hours, I am moving on and not coming back to it.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    Be a little careful talking about specific box details. Just dropping that here like a wet blanket. Good luck on your next attempt! Sounds like you probably know what you're doing to pass the next time!

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,042 ■■■■■■■■□□
    meni0n wrote: »
    I submitted the exam report anyway along with the lab report and just waiting now for confirmation and for them to let me book another attempt hopefully next month.
    The nice thing about the OSCP, a exam retake is only 60 bucks. Fail an SANS exam it's $729, and for most other exams, it's the full cost of the exam again.
    Still searching for the corner in a round room.
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Member Posts: 147 ■■■□□□□□□□
    I always find this question interesting for people taking the OSCP. Besides the OSCP material, what videos or reading material would you say helped you the most with either your mindset and/or skill?
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • suntosunto Member Posts: 29 ■■■□□□□□□□
    ...as you've probably figured out by now, the actual exam is just selection of boxes. No need to jump around or pivot from one system to another. Just identification of vulnerabilities, and exploitation. The emphasis on enumeration is rooted in this fact.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    Good luck!

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    meni0n wrote: »
    I scheduled another attempt for this upcoming Monday
    How'd the retake go?
  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    Went ok, rooted four boxes. Sent in the report a few hours ago. Hope for the best.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    I think that'll be good for a pass, good job, man!!

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    Thanks, fingers crossed write up is good and I didn't do any typos/mistakes in the report. Compared to the first time, it was a lot harder getting a foothold on these machines. I'm still disappointed I couldn't get anything on the last box considering I spent a good 4-5 hours on it.
  • monavymonavy Member Posts: 6 ■□□□□□□□□□
    Hey,

    Can you please let us know what videos / material did help you apart from the Offsec material?
  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    I mostly did hackthebox and vulnhub before doing the OSCP material. I've watched a bunch of videos on the hackthebox machines. I found this link to be useful:

    https://backdoorshell.gitbooks.io/oscp-useful-links/content/
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    thanks for sharing this link - very helpful. :)
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Member Posts: 147 ■■■□□□□□□□
    Awesome link!
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    Got the email that I passed. What a huge weight off my shoulders. What a ride this was...
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
  • meni0nmeni0n Member Posts: 66 ■■■□□□□□□□
    Thanks. I'm considering doing the OSWP but not sure if it's any good.
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Member Posts: 147 ■■■□□□□□□□
    Thats awesome! Congrats!
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,829 Mod
    Congrats on the pass! What's next?
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Unfortunately the OSWP is kinda outdated, has no labs and the exam is very easy as well. I recommend doing it for easy CPE points.
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    meni0n wrote: »
    Got the email that I passed. What a huge weight off my shoulders. What a ride this was...


    Way to go man. Celebrate. #TreatYoSelf
Sign In or Register to comment.