Hi j0rDy,

If someone here understand what you are going through, then I think it is me...

I had the same feeling as you. I spend hours trying to exploit "big and obvious" vulnerabilities without success... At one point, I thought they were playing games with my mind by blocking these "obvious" holes somewhere else. I am sure you know what I am talking about... The exploit should have worked!!! 


It also seem the OSCP v3 exam is tougher than ever...

I, like you j0rDy, pwned many boxes in the lab. But, from my humble point of view, they were "easier" than the one in the exam. First, about ten of them related directly to an exercise from the videos or the PDF. The other ones were harder, but generaly speaking, with 2 or 3 hours of effort, you could succeed getting root/admin.

But I painfully realized that the exam required more experience than what you could get with the course. At least, that's my opinion. But this isn't a bad thing, far from it! The course doesn't teach you at all how to escalate privileges, find your way in all these OS, what tools or script we need to have and how to "put it all together". But again, that's a good thing! We have to take what we have learn and do the extra mile all by ourselves.

But I would I love to have an exam simulation in the lab. For example, if machines 192.168.12.245-192.168.12.249 were representative of the exam. That would have opened my eyes wide open before the exam. But on the other, the exam retake isn't expensive at all ($60), so it isn't that bad I guess.

One last thing j0rDy, it shows everyone here on this forum that we did the exam all alone and that we aren't cheaters! 

I agree with hayabusa, you should feel good with what you've learned and how far you've come.  The OSCP isn't an easy test, and the fact that you got part of the way there is def an achievement.  You should try to setup some of this stuff in your own lab, and do the bonus questions from the class.   I learned a valuable lesson while doing the bonus questions: It's not as easy when you can't follow along what to do.  I spent a lot of time on the extra boxes to own in the lab, which helps a lot for the exam.  These bonus boxes are especially nice as a few of them require you to figure out what to use for priv escalation etc, which is something you don't want to spend a lot of time on once you've already gotten a shell.  Congrats on how far you've come, don't give up   Although "Try Harder" is sort of a bitchy motto, it's pretty applicable to this type of stuff.  There's a whole ton of apps that you can re-create the exploit writing stuff on, and setting up redhat 9 boxes in virtualbox is cake.  This is a great community, and maybe the right place to start working on some sample configurations for ownable boxes so that people can practice this stuff in the privacy of their own PC.  Good luck on your next shot

Sorry for the expenses getting to high, but glad to see the emphasis and good-spirited attitude live on.  Good luck, and go get 'em!

Thanks mambru!

I wonder what is the success rate for the first time attempt of OSCP v3? Was version 2 "easier"? I guess no one can tell...

In a way, I kind of hope it is harder now. Bring it on!

Aww that sucks j0rDy! I think this course is a bit too hardcore for the not so experienced people. And actually I'm getting a bit sick of that "Try Harder" stuff. This course would be much more valuable with a few hints here and there.

Some machines were really difficult for me. I've tried harder and much harder but it just wasn't enough. Then luckily I did get a hint for a fellow student, and I was able to hack the machine. Maybe it was a bit of a spoiler but I really learned something from it.

My exam was supposed to be today but due to some personal and work related issues I had to re-schedule it. It's set for the 30th of October, which gives me plenty of time to prepare. I'm pretty sure I'm not going to pass though, but hey I learned a lot, and I'm going to keep learning.

While I understand your logic, guys, I think of it this way...

If they gave you tons of hints, and step-by-step or even incrementally simpler ideas to work from, they'd decrease the difficulty of things.  The idea is to make you think like a hacker, and it's not like they're going to give you ANY "gimme's" on the exam.  I can tell you, for instance, that NONE of the machines I compromised in the lab were the same as the exam ones.  Similarities, maybe... but not the same.  So you're going to be challenged on the exam, too, and there are reasons for that.

This course and exam are NOT for folks who don't want to work for it.  I commend you, because I know you both ARE working for it.  The simple fact is, though, that if they kept hinting, etc, that takes away from the need to find answers for yourselves, which is what you'll need to do on the exam, and what you'll do in a real-life pentest.  I've not been in many real scenarios where I had enough time built into the scope to just start asking others to help me figure it out.  (Sure, for areas I'm not as good in, and so I have a team setup, with folks who are skilled in those areas too.)

Point is, if they had too many of the "gimme's", what would separate their course / exam from any of the other security certifications out there?  Yes, one difference is that their exam is a practical, hands-on exam.  But if they gave you too much help, along the way, then the course might as well be a written exam, as you're then working from more of a 'book knowledge' scenario, rather than a practical thinking one.

Like I said, I understand your thoughts, and at times, I entertained the same.  But in the end, after I achieved the goal, it was much more rewarding to me, realizing I had been the one who had to really work, study, research and push myself, to reach the goal.

Here's another example (true story from my life):

I was born with physical defects in both feet, and struggled through my childhood and teen years with pain, walking, as a result.  In high school, I was fortunate enough to be chosen by the Shriner's Hospitals, who provided me with foot surgeries on both feet, free of charge to my family, who otherwise, couldn't have afforded them.  My senior year, I ran cross-country and track, and wrestled, and felt a feeling of accomplishment from those, under the circumstances that I'd had surgeries as little as 6 months prior, and had NEVER run any distance, before that. 

Upon graduation, I set my sights a little higher.  6 months after graduation from high school, I ran the Chicago Marathon.  While not any sort of professional runner, my time wasn't even 'competetive', but in the end, I DID complete the race, in the time allowed.  Point of the story is, if you're willing to put the time in, and overcome obstacles in your way, you can do things that everyone else wouldn't expect you to do, even if 'everyone' includes yourself.

Overcome challenges, beat the odds, and live life to it's fullest.  Don't give up because things are tougher than you'd like, and give your all to achieve your goals.  Just as I'd done with the marathon, you can do the same with your OSCP.

Good luck, and as always, keep us posted on how things progress with it, as you keep going after it!

Thanks hayabusa, I know what you say is true. I don't want to give up on things, far from it. I just have other things in my life and there is only so much hours in one day...

Like the story about your feet (congratulations by the way!!!), what does not kill you, makes you stronger!

I have to go, my two daughters are waiting for me!