I have not taken it so I cannot give any helpful hints.  But I still wanted to wish you good luck.  And like you said, relax.  I did find these links for inspiration and recommendations:

http://www.chris-mohan.com/2010/02/how-to-fail-the-offensive-security-101-exam/

http://xyberpix.blogspot.com/2007/08/oscp-certification-challenge-most.html

http://www.elwood.net/post/39599202/offensive-security-oscp

http://blogs.securiteam.com/index.php/archives/989

Thanks guys, great reading.


@xXxKrisxXx - Could you give me a few examples (in the lab, not the exam!) of multi-step exploitation? I have done many so far in the lab, but I want to know if I have missed some... (which is propably the case!) 

 

Oh yeah, and as I'd said before in a few of the other OSCP-related threads...

Be prepared to take breaks, regain composure and focus, and relax!

Thanks hayabusa

Man it is stressful to wait for this test... It's difficult to know what to do to get ready for this exam...

I guess I will continue working in the lab and hack into more machines...

@Dutchie - Thanks, took me awhile to write it up.


H1t M0nk3y - Sure. These are the machines that have taken multiple steps to penetrate that you've gotten. Like for example, you had to social engineer a client to click a link to enumerate software versions on the machine then social engineer them to open a malicious pdf file. Or even like step 1 - crack an ssh account, 2 - wget a privilege escalation exploit onto the machine 3 - Compile / chmod permissions 4 - run the exploit and get root privs. This would be considered a multi-step process because it's just not like, launch the remote exploit get a shell type thing. These are useful to practice because you can't expect the exam to be a simple launch an existing remote-exploit against a machine and get root privileges on it.

great advice guys! i will look into some of them tomorrow...i think you can all guess why you havent heard from me in a little while. im alos in the last days of my lab time and i want to use every last minute of it. i think i feel the same way as zeroflaw: i have learned a lot these past 2 months, but i am really afraid i am not ready. i got though on about 50% of the systems (some root, some just a shell), which makes it even more exiting to see whats coming at the exam. i must say i enjoyed every minute of it! heck, you would almost intentionally fail the exam just to take the whole course again for the fun of it! expect a new written part of the walkthrough soon!

OK, next hint...

Don't over-stress yourself!  Believe me when I tell you, if you've honestly put in the hours on the lab machines, and have successfully exploited numerous different Windows AND Linux machines, you ARE capable of passing the exam.  That's NOT to say it's a simple thing, but if you understand how to enumerate services, how to find exploits on the exploitdb and other sites, and have some idea how to customize existing exploits, like the course teaches you, for differing OS service packs, etc, then you should be able to pass.

Don't underestimate yourselves, and remember, while you may or may not pass, with a perfect score or otherwise, even after OSCP, the world of pentesting is a neverending learning stream. 

I'll also tell you this.  There may be more than one way to 'skin the cat' against the exam machines, just as some of the lab machines had more than one way to attack / penetrate / exploit them, and you'd often find in real-world pentests.  I can tell you, based on discussions with others who have passed, that in a few cases, we approached some of the exam machines VERY differently, yet we all still exploited / root'd them.  When you pass, you'll enjoy talking to others, and learning from their experiences / methods.  I've already learned some new things, SINCE taking the test, from the others' discussions.  Well worth the time, effort, and comradery that you'll have put in, and received, in the end.

So feel comfortable with what you've accomplished in the labs so far, and if you UNDERSTAND what you've done, and the logic and methods behind it, you're well on your way to a passing score on the exam, already.  Don't stress, relax, and just make sure that you get plenty of rest, prior to taking it.  In fact, someone else on here had mentioned that they'd only spent time on about 7 of the lab machines, before taking and passing OSCP.  Not to say it's EASY, and that means that person has some wealth of knowledge and experience to draw from, obviously, but to say that the key behind the labs is to get you thinking like a hacker / pentester, and to teach you how to engineer your own methods / solutions to situations.  Not necessarily to hand you exact duplicates of exam machines, so that if you've beaten every lab box, you'll definitely know how to accomplish root on every exam machine.  It's all about learning and preparation for things to come.

Good luck to all, and let us know, pass or fail, so that we can congratulate you, or encourage you to work harder and pass the next time!