Failed with 80 points

ElitisElitis Member Posts: 50 ■■■□□□□□□□
Took the exam a couple days ago and since its been stuck on my mind, I thought it best to get it off my chest somewhere. I got called in to work at the very last hour of my exam, so I may have caught my mistake had I not been called in. What did I do? I submitted the root flag for one of the boxes to the wrong IP. I left the control panel webpage for submitting flags open when I left, so after getting back home, I looked over everything and noticed it then. I haven't gotten my results back yet, of course, so officially I haven't passed or failed yet. But, I'm sure I'll be taking it again here in the next couple weeks. I guess there is a (small) chance, depending on how many points are given for standard user-level access, that I could still, just barely, pass, but I'm not banking on it. 

Overall, I'm happy that the exam was (is) within my ability to do. I agree with those who say the entire exam is doable within 12 hours. Had I not overcomplicated one of the privilege escalation paths, I would have likely stopped at 12 hours myself. I think it took me about 10 hours to root 3 boxes, and get a foothold on a fourth. From then, I bounced between escalating privileges on that fourth box and trying to get a foothold on the fifth.  I am dreading having to do it again though. Breaking into 5 boxes with a time limit of 24 hours and severe restrictions on what tools can be used is mentally exhausting. 

Comments

  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Is this the OSCP?
    Did you list and map the correct flag within your report? You can always fall back onto that to plead your case.

    If you do end up taking it again, at least you get to see even more boxes and solve more puzzles. :) Experience is knowledge is power!

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • ElitisElitis Member Posts: 50 ■■■□□□□□□□
    OSCP yeah. Everything listed correctly in the report, on the off chance that would help but the exam guide clearly says flags have to be both in a screenshot and the control panel so I doubt it will help.

    I agree with the experience statement. I think I only did as well as I did during the exam because I've been exposing myself to a ton of labs, videos, guides, etc for the past year. I would rather see more boxes in a non-test environment though. 
  • Neil86Neil86 Member Posts: 182 ■■■■□□□□□□
  • DatabaseHeadDatabaseHead Member Posts: 2,753 ■■■■■■■■■■
    Talk about a pleasant surprise!
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Congrats @Elitis ! Crazy turn of events :)
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • ElitisElitis Member Posts: 50 ■■■□□□□□□□
    Thanks everyone. My review and comparison is on reddit for anyone who wants to read about it (https://www.reddit.com/r/oscp/comments/ho0j5z/oscp_vs_ecppt_my_experience_with_both/).

    I'll probably take a few days off to recharge and then jump into working on my AD skills. I still have a couple weeks or so of lab time in the PWK labs so I'll use those to practice what I learned during the course and from there its on to the eCPTX. Maybe some wifi hacking here and there since I never did that module in the PTP course.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Elitis said:
     Maybe some wifi hacking here and there since I never did that module in the PTP course.
    That would be all of us hahahaha
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Congrats!

    The review and comparo is always useful and good stuff. OSCP reviews are kinda almost passe over the past couple years, but few have done both and talked about it.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    If you can make your way through the whole PWK lab with your time left, that's always a nice little feather in the cap. :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • ElitisElitis Member Posts: 50 ■■■□□□□□□□
    Thanks LonerVamp. Its a shame more people don't do eCPPT, it really is an excellent exam and course. I'm glad I went through both though, and hopefully my comparison answers some questions I've seen being asked around and helps someone out. And now I'm interested to see what's at the end of the tunnel. I'm pretty sure I've seen it mentioned somewhere else before of a nice little surprise once you root one of the boxes in the admin (?) network too.
Sign In or Register to comment.