Failed my first attempt at the OSCP exam

This topic contains 96 replies, has 16 voices, and was last updated by  Phillip Wylie 6 years, 4 months ago.

  • Author
    Posts
  • #8229
     Phillip Wylie 
    Participant

    I completed and failed my first attempt at the OSCP exam. I started PWB in April of last year. I started out with 90 days of lab time and have extended my lab time 7 times. My goal is to retest at the end of my lab time, which is the March 1.

    I at least have a better idea on my weaknesses and how to prepare better. One thing I had a problem with was creating a good password dictionary for Hydra brute force password attacks. Anyone with any tips in that area, it would be much appreciated. I have been putting in a lot of hours studying the past 6 weeks. I average between 35 to 45 hours a week. I need to focus more on quality study time.

  • #51928
     superkojiman 
    Participant

    When I was doing the lab, I had pretty good luck with the RockYou wordlist found here: http://www.skullsecurity.org/wiki/index.php/Passwords

    However, it is a huge list and it’s unlikely you’ll be able to use it all in the limited time you have for the exam. Better to start off with a smaller list – like the one you created as you were going through the machines in the lab.

  • #51929
     MaXe 
    Participant

    A lot of OSCPs and especially OSCEs fall the first time. Recognize your weakness as you did, and make sure you won’t fail the second time  🙂

  • #51930
     Phillip Wylie 
    Participant

    @superkojiman wrote:

    When I was doing the lab, I had pretty good luck with the RockYou wordlist found here: http://www.skullsecurity.org/wiki/index.php/Passwords

    However, it is a huge list and it’s unlikely you’ll be able to use it all in the limited time you have for the exam. Better to start off with a smaller list – like the one you created as you were going through the machines in the lab.

    Thanks for your repsonse, superkojiman. I will give that a try in the lab and work on a smaller list.

  • #51931
     Phillip Wylie 
    Participant

    @maxe wrote:

    A lot of OSCPs and especially OSCEs fall the first time. Recognize your weakness as you did, and make sure you won’t fail the second time  🙂

    Thanks for the words of encouragement, MaXe.

  • #51932
     dynamik 
    Participant

    Skull Security has a great collection. There is also http://www.isdpodcast.com/resources/62k-common-passwords/ (which I believe includes some/all of the Skull Security lists). https://dazzlepod.com/uniqpass/ is also a nice collection if you don’t mind parting with a few dollars.

    They’re not going to make you grind passwords for hours, so if you’re not having any luck, maybe try being smarter about it — i.e. reviewing HTML source for comments (random example unrelated to OffSec training/testing), or look for another attack vector. I found the darkc0de.lst file that’s included with BT to be sufficient for most services with weak passwords in the lab.

  • #51933
     caissyd 
    Participant

    Like MaXe said, many people don’t pass the first time. I passed on my third real attempt…
    Like many, you have probably found that the exam simply continue your learning process. It will only feel better when you’ll succeed on your next attempt!  😉

    They’re not going to make you grind passwords for hours, so if you’re not having any luck, maybe try being smarter about it

    ajohnson is right about this. They don’t expect you to crack password for hours and hours because you’ll run out of time!

    Good luck, don’t despair and keep posting your questions!

  • #51934
     Phillip Wylie 
    Participant

    Thanks for the advice and encouragement, ajohnson and H1t M0nk3y.

  • #51935
     azmatt 
    Participant

    I’ll be taking on the PWB later this year or early next year and I fully intent to pay for extensions and fail a test or two  ::)

    It’s tough to see in times like this but if you take a step back and look to your skill level when you first started the PWB I’d imagine that you’re night and day better now.

    If you stick with it, you will get it. Good luck!!!

  • #51936
     Phillip Wylie 
    Participant

    Thanks for the encouragement, azmatt!

    The course has well been worth it and I have learned a lot. I highly recommend the course and good luck to you when you start.

  • #51937
     Phillip Wylie 
    Participant

    I’m registered to retake the test next Sunday.

  • #51938
     DragonGorge 
    Participant

    Good luck!

    I 3rd (or 4th) what ajohnson said…a password attack shouldn’t be your primary vector. Personally speaking, in the lab and on the exam, I didn’t put much effort into password cracking/guessing other than the obvious ones (username, defaults, etc). I felt that there were more direct/less random ways to get into the machines.

  • #51939
     Phillip Wylie 
    Participant

    @dragongorge wrote:

    Good luck!

    I 3rd (or 4th) what ajohnson said…a password attack shouldn’t be your primary vector. Personally speaking, in the lab and on the exam, I didn’t put much effort into password cracking/guessing other than the obvious ones (username, defaults, etc). I felt that there were more direct/less random ways to get into the machines.

    Thanks, DragonGorge!

  • #51940
     Phillip Wylie 
    Participant

    I failed my 2nd attempt.

  • #51941
     hayabusa 
    Participant

    Sorry to hear it, r0ckm4n.  I know it gets old when folks tell me this, but I’ll pass it along anyway…

    Don’t get discouraged.  As I’m sure you did last time, take it, learn from it, and keep growing.  If it does NOTHING else, it’ll teach you that, no matter how much you know, there’s always things to be learned. 

    It’s both a blessing and a curse, in the IT security realm.  For those who LOVE change, there’s ALWAYS change / updates / new ideas, methods and technologies.  For those who don’t…  well…  😉 

    Either way, I’m confident you’ll continue to grow, and you will succeed, when you’re ready.

  • #51942
     impelse 
    Participant

    Sorry about that, probably you will need to staudy everything and try different ways to attack the machines in the lab

  • #51943
     Phillip Wylie 
    Participant

    @hayabusa wrote:

    Sorry to hear it, r0ckm4n.  I know it gets old when folks tell me this, but I’ll pass it along anyway…

    Don’t get discouraged.  As I’m sure you did last time, take it, learn from it, and keep growing.  If it does NOTHING else, it’ll teach you that, no matter how much you know, there’s always things to be learned. 

    It’s both a blessing and a curse, in the IT security realm.  For those who LOVE change, there’s ALWAYS change / updates / new ideas, methods and technologies.  For those who don’t…  well…   😉 

    Either way, I’m confident you’ll continue to grow, and you will succeed, when you’re ready.

    Thanks for the encouragement, hayabusa.

    If it were easy it wouldn’t be that big of a deal. It just makes me want it that much more and I will appreciate it even more when I do pass the exam.

  • #51944
     Phillip Wylie 
    Participant

    @impelse wrote:

    Sorry about that, probably you will need to staudy everything and try different ways to attack the machines in the lab

    Thanks for your support and advice, impelse.

  • #51945
     hayabusa 
    Participant

    @r0ckm4n wrote:

    If it were easy it wouldn’t be that big of a deal. It just makes me want it that much more and I will appreciate it even more when I do pass the exam.

    That’s the spirit!  Stick with it, and you’ll get it.  Great attitude!

  • #51946
     azmatt 
    Participant

    Very well said by each of you.

    Keep up the great attitude and effort. It’s a matter of when not if.

  • #51947
     Phillip Wylie 
    Participant

    @hayabusa wrote:

    @r0ckm4n wrote:

    If it were easy it wouldn’t be that big of a deal. It just makes me want it that much more and I will appreciate it even more when I do pass the exam.

    That’s the spirit!  Stick with it, and you’ll get it.  Great attitude!

    Thanks!

  • #51948
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Keep up the great attitude and effort. It’s a matter of when not if.

    Thanks!

  • #51949
     Phillip Wylie 
    Participant

    I have been on the bench since the end of December and I have a pentest next week and it will last three weeks. My over abundance of study time will be reduced, but I look forward to using what I have learned in the upcoming pentest. PWB has been very educational and I have improved a lot since I started my job as a pentester last April.

  • #51950
     superkojiman 
    Participant

    @r0ckm4n wrote:

    I have been on the bench since the end of December and I have a pentest next week and it will last three weeks. My over abundance of study time will be reduced, but I look forward to using what I have learned in the upcoming pentest. PWB has been very educational and I have improved a lot since I started my job as a pentester last April.

    Hey as long as you keep learning, it’s not a total loss 🙂 I assume you’ll be tackling the exam again?

  • #51951
     Phillip Wylie 
    Participant

    @superkojiman wrote:

    Hey as long as you keep learning, it’s not a total loss 🙂 I assume you’ll be tackling the exam again?

    Yes, I will be taking the exam again. I won’t give up until I have that certification. I extended my lab time by two weeks, which also gives me another exam attempt. I only studied an additional two weeks after failing the first time before I retested. I figure I will take it again in a month if I feel like I am ready.

  • #51952
     caissyd 
    Participant

    r0ckm4n, you sound like me when I failed my second attempt!

    I then waited a full month and tried again (3rd time), only to stop after 8 hours, totally discouraged…

    So I decided to put OSCP on a shelve for a while. I did GPEN, CISSP and GWAPT and above all, studied quite a lot. I always had this exam in the back of my mind, always thinking about it.

    2 full years after that, I felt ready and passed it with confidence. I really was a different person and it really, really felt good when I finally passed the 70 points mark!!!

    So if you are failing now, it’s because you had the guts to take on a great challenge. I am sure you have learn quite a lot just going through these attempts. This certification is much harder than most other ones and like you mentioned, that’s why it is so good.

    Don’t dispair! Take a break and come back when you feel you’re ready.

    If I did it, you can do it too!  😉

  • #51953
     m0wgli 
    Participant

    It’s great that you still have the determination to continue.  🙂 You already pretty much said it yourself, “Nothing Worth Having Comes Easy”.

    I started the PWB course recently, so can appreciate the difficulty. I would be interested to know, where you felt you went wrong on this attempt.

    Did you do all the extra mile excercises? And, how many of the machines in the lab did you manage to compromise before attempting the exam?

  • #51954
     Phillip Wylie 
    Participant

    @H1t M0nk3y wrote:

    r0ckm4n, you sound like me when I failed my second attempt!

    I then waited a full month and tried again (3rd time), only to stop after 8 hours, totally discouraged…

    So I decided to put OSCP on a shelve for a while. I did GPEN, CISSP and GWAPT and above all, studied quite a lot. I always had this exam in the back of my mind, always thinking about it.

    2 full years after that, I felt ready and passed it with confidence. I really was a different person and it really, really felt good when I finally passed the 70 points mark!!!

    So if you are failing now, it’s because you had the guts to take on a great challenge. I am sure you have learn quite a lot just going through these attempts. This certification is much harder than most other ones and like you mentioned, that’s why it is so good.

    Don’t dispair! Take a break and come back when you feel you’re ready.

    If I did it, you can do it too!  😉

    Thanks for the support, H1t M0nk3y! You’re a good inspiration for those of us that have failed the exam.

  • #51955
     Phillip Wylie 
    Participant

    @m0wgli wrote:

    It’s great that you still have the determination to continue.  🙂 You already pretty much said it yourself, “Nothing Worth Having Comes Easy”.

    I started the PWB course recently, so can appreciate the difficulty. I would be interested to know, where you felt you went wrong on this attempt.

    Did you do all the extra mile excercises? And, how many of the machines in the lab did you manage to compromise before attempting the exam?

    Thanks for the encouragement!

    I didn’t do all the extra mile exercises, although I spent most of my time on the areas I was having problems with. For me that was buffer overflows. I didn’t spend my time wisely from the start. I started PWB last April. I wasn’t studying enough for a long period of time and didn’t study at all when I was doing pentests. If I would have done a better job studying from the start, I would be better off. January and February have been great months for me study wise.

    I didn’t compromise all of the lab machines and only did about half. I would recommend hacking them all. I think that is the best gauge of whether you are ready for the challenge. Yesterday to I 15 of the 16 servers I had previously hacked in the lab for practice. I was hoping this would help me remember some things and think about how I compromised them. At first I spent a lot of time using Metasploit and that would bad from a PWB point of view, but good for my job as a pentester. I am better with Metasploit, which is a tool I use on pentests.

    As far as this attempt goes and to state the obvious, I wasn’t ready. I knew that I would start getting pentests, so my work load would pick up and I wouldn’t have as much time to study. I wanted to pass the exam before work started picking up. I start a pentest next week and I will make sure to study in my free time. I need to get better with buffer overflows and modifying exploits. Due to lack of experience, coding is a weakness for me and this is an area I am emphasizing.

    I would recommend doing all of the extra miles and hacking every machine in the lab. Like others have said, when you can hack everything in the lab you are ready for the challenge. Go over the study material more than once and focus on your weaknesses.

    One of my problems is being impatient and wanting to get things done quickly, but I need to focus more on learning. I am trying to improve my study quality and not focus as much on study quantity.

  • #51956
     caissyd 
    Participant

    I would recommend doing all of the extra miles and hacking every machine in the lab.

    This is obviously a good advice, but hacking all the machines in the lab could be quite time consuming. For me, in my early attempts, I had hack something like 12-18 servers. I still managed to get 60 points in the exam, but still, this didn’t make me pass. The thing I later realize is that these servers were not picked up randomly. I was taking the approach “today, I will go after an FTP server” or “today, I am going after a web application”. So I wasn’t approaching a given host and try to break it, I was looking more at services…

    In addition, all the exercises in the videos can be reproduce in the lab. So it’s like if we are starting at 10 servers…

    But on my last attempt, I felt I was ready because I targeted xxx.yyy.xxx.201, then xxx.yyy.xxx.202, then xxx.yyy.xxx.203, etc… I think I did 9 of the first 10 machines I targeted. At this point, I knew that I would eventually hack any machine I set my mind on. I then started picking up servers with very different configurations: Linux with a web server, FreeBSD with a mail server and things like that. After pwning all the machines I was targeting, I knew I was ready.

    So yes, if you can, go after all machines in the lab. But if you don’t have the time, you can be wise about it…  ;D

  • #51957
     Phillip Wylie 
    Participant

    @H1t M0nk3y wrote:

    I would recommend doing all of the extra miles and hacking every machine in the lab.

    This is obviously a good advice, but hacking all the machines in the lab could be quite time consuming. For me, in my early attempts, I had hack something like 12-18 servers. I still managed to get 60 points in the exam, but still, this didn’t make me pass. The thing I later realize is that these servers were not picked up randomly. I was taking the approach “today, I will go after an FTP server” or “today, I am going after a web application”. So I wasn’t approaching a given host and try to break it, I was looking more at services…

    In addition, all the exercises in the videos can be reproduce in the lab. So it’s like if we are starting at 10 servers…

    But on my last attempt, I felt I was ready because I targeted xxx.yyy.xxx.201, then xxx.yyy.xxx.202, then xxx.yyy.xxx.203, etc… I think I did 9 of the first 10 machines I targeted. At this point, I knew that I would eventually hack any machine I set my mind on. I then started picking up servers with very different configurations: Linux with a web server, FreeBSD with a mail server and things like that. After pwning all the machines I was targeting, I knew I was ready.

    So yes, if you can, go after all machines in the lab. But if you don’t have the time, you can be wise about it…  ;D

    Great advice!

  • #51958
     Phillip Wylie 
    Participant

    @H1t M0nk3y wrote:

    In addition, all the exercises in the videos can be reproduce in the lab. So it’s like if we are starting at 10 servers…

    That’s something I overlooked.

  • #51959
     Phillip Wylie 
    Participant

    My studying has been going well since my last exam attempt. I feel like I am making good progress and figuring some things out. My goal is to take the exam at the end of the month.

  • #51960
     Phillip Wylie 
    Participant

    I scheduled my exam for April 6. I was shooting for a week earlier, but to get an 8:00am Saturday time slot, I had to schedule it a week later. That gives me an extra week. I have made good progress since my last attempt and think I will be ready.

  • #51961
     caissyd 
    Participant

    Good luck!

    I’ll be look for your posts the Monday after…  😉

  • #51962
     superkojiman 
    Participant

    @r0ckm4n wrote:

    I scheduled my exam for April 6. I was shooting for a week earlier, but to get an 8:00am Saturday time slot, I had to schedule it a week later. That gives me an extra week. I have made good progress since my last attempt and think I will be ready.

    All the best 🙂

  • #51963
     esojzuir 
    Participant

    @r0ckm4n wrote:

    I scheduled my exam for April 6. I was shooting for a week earlier, but to get an 8:00am Saturday time slot, I had to schedule it a week later. That gives me an extra week. I have made good progress since my last attempt and think I will be ready.

    Best of luck!!!!  ;D

  • #51964
     Phillip Wylie 
    Participant

    Thanks, guys!

  • #51965
     azmatt 
    Participant

    Awesome man! We’re all pulling for you.

  • #51966
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Awesome man! We’re all pulling for you.

    Thanks!

  • #51967
     Phillip Wylie 
    Participant

    Tomorrow is my exam. I feel more prepared this time.

  • #51968
     DragonGorge 
    Participant

    Kick its ass!!

  • #51969
     azmatt 
    Participant

    What DragonGorge said X 10,000. Good luck!!!

  • #51970
     caissyd 
    Participant

    Good luck buddy!

    I know what you are going through…

  • #51971
     hayabusa 
    Participant

    Looking forward to hearing another ‘pass’

    Good luck!

  • #51972
     dynamik 
    Participant

    Aren’t you done yet? 😉

  • #51973
     Phillip Wylie 
    Participant

    Thanks to everyone for the positive thoughts and wishes of luck. I am very disappointed to say that I have failed the exam for my third time. The month leading up to the exam I was working on an external pentest and haven’t had as much time to study. I had been on the bench most of the year, so I had a lot of time to study. Things have picked up for me and I have to learn to make the most of the time I do have to study. The last two weeks leading up to the challenge I was debating about rescheduling and decided I would do it anyway. I am not giving up and I will take this exam until I pass. This is the first certification exam I have taken since I got my CISSP in 2002. I actually passed the CISSP the first time around. That was my most coveted certification, but that will soon be replace by the OSCP.

    I don’t think I am going to renew my lab time. I spent enough money on lab time that past year. April 16 will mark the one year anniversary of me starting this journey/challenge that is PWB. If I would have put as much effort into the course the first nine months and utilized my lab time better, I am sure I would have passed the exam by now. I will take the exam again, but it will be a matter of months instead of weeks this time.

    If anyone has any advice, I am all ears. As for now, I am going to finish the SecurityTube python course I purchased around the same time I started PWB and go back through the manual and work on mastering each area.

  • #51974
     Phillip Wylie 
    Participant

    @ajohnson wrote:

    Aren’t you done yet? 😉

    LOL!

  • #51975
     dynamik 
    Participant

    Ah, sorry to hear about that. This exam is about as polar opposite from the CISSP as you can get. Doing well in one will do little to help you with the other.

    What general areas do you feel weak in?

  • #51976
     azmatt 
    Participant

    🙁

    Sorry for the bad news but glad you’re sticking with it.

  • #51977
     Phillip Wylie 
    Participant

    @ajohnson wrote:

    Ah, sorry to hear about that. This exam is about as polar opposite from the CISSP as you can get. Doing well in one will do little to help you with the other.

    Thanks, AJ. I agree with your statements about the two exams. I guess my statement about the CISSP is me just trying to save face and deal with failure. I don’t like losing or failing.

    @ajohnson wrote:

    What general areas do you feel weak in?

    I feel my weaknesses are changing shell code in exploits, and Windows privilege escalation in systems that are somewhat secure. That being Windows hosts that don’t allow use of AT, etc.

  • #51978
     Phillip Wylie 
    Participant

    @azmatt wrote:

    🙁

    Sorry for the bad news but glad you’re sticking with it.

    Thanks, azmatt!

  • #51979
     superkojiman 
    Participant

    @r0ckm4n wrote:

    I feel my weaknesses are changing shell code in exploits, and Windows privilege escalation in systems that are somewhat secure. That being Windows hosts that don’t allow use of AT, etc.

    Sorry to hear you didn’t pass. Do you feel that you did better this time round than the last time though? You should still submit your lab + exam report as others have reported getting the certificate even though they didn’t get all the points in the exam.

    With regards to privilege escalation on Windows, perhaps the following links will be helpful if you haven’t yet seen them:

    http://obscuresecurity.blogspot.ca/2011/11/old-privilege-escalation-techniques.html
    http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
    http://www.room362.com/blog/2012/8/25/post-exploitation-command-lists-request-to-edit.html

    Enumeration is key, sometimes you just need to find a misconfiguration somewhere or an exploitable program that will give you SYSTEM privileges.

    As for writing exploits, practice is the only way to really learn it. I recommend reading the Corelan guides. the first few should suffice:

    https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
    https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
    https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
    https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/

    It definitely helps if you have your own lab to practice on. VulnHub.com has several vulnerable virtual machines you can practice on, and I recommend trying out sites such as https://hack.me/ and other war game sites such as http://www.overthewire.org/wargames/ and http://smashthestack.org/

  • #51980
     caissyd 
    Participant

    Hi r0ckm4n,

    I really feel your pain… When it happened to me (failling the exam again and again), I decided to put it on a shelve for a while. I waited a whole 2 years before trying again and finally passing the exam (and with a confortable margin).

    Like me before, you obviously know your weaknesses and you should also know by now that your preparation method is somehow lacking something. Let me tell you what I did in the two years I spent away from this OSCP exam:

    – I passed the GPEN certification (by self-study) exactly 3 weeks after my last OSCP attempt with a very good mark. This was quite a moral boost for me. Honestly, after scoring twice 60 points in my OSCP attempts, GPEN felt like a walk in the park…

    – I then bought the “Cracking the Perimeter” (CTP) course from Offensive-Security and went through the videos several times.

    – After that, I spent the worse 17 days of my life studying like hell and passed the CISSP exam (I really hated my experience, but I need that cert to get contracts…). Like everyone is saying, this is probably the opposite of OSCP.

    – I took Joe McCray’s “Advanced Penetration Testing” course and I loved it. Joe had a different approach than OffSec on pentesting and it really helped me open my eyes.

    – I tried my first hacking competition and guess what? I won! Another great moral boost for me!  ;D

    – I then took a complete year off studying. After studying a lot for more than 3 years and going through a divorce, I needed a break…

    – I self-studied for GWAPT last November (2012) and passed with a very good mark.

    – Tried a locale hacking competition and I won again!  ;D

    So it’s only at this point that I decided to challenge the OSCP exam once again. I bought a 30-day lab period from OffSec and connected to their VPN once again for the first time in 2 years…

    This is when I new I was ready. I was able to pwn any targets, given that I had enough time (between 30 minutes for the easy ones to something like 4 hours for the harder ones). I was completely different guy now. My notes were much better and my mindset was also miles ahead.

    It’s only after my 4th and final attempt that I finally understood what I needed: Another pentest course from someone outside OffSec. I needed  to do things on my own, outside the OffSec lab. I needed to hear the same concepts explained in a different way…

    So, I think you should take a break now. Take several months off studying for OSCP. Read/learn/practice/play with what ever interest you (for example, wireless hacking). Like Yoda said: “Free your mind!”. I suggest you take 6 months off this exam. Then, think about what your weaknesses are and how you can practice getting better. Just don’t take more lab time until you feel you could take the exam tomorrow and pass it. Then, take 30 days of lab time and “confirm” you are ready, as oppose taking lab time to learn new things. You have tried this route and you are at the next level.

    Finally, I don’t know how much you scored in your last attempt, but if you managed to get 50 points or more, man you’re a hacker, not just a script kiddy anymore!! So be proud at yourself, take a break, do something else for a while and come back stronger!  😉

    Hope I could help!  🙂

  • #51981
     azmatt 
    Participant

    To H1t M0nk37 and superkojiman —

    Those were two awesome posts. I’m hoping to take a run at the OSCP late this year and posts like these are worth their weight in gold and very much appreciated.

  • #51982
     YuckTheFankees 
    Participant

    +1 for H1t M0nk37.

    r0ckm4n ,

    Sorry to hear about your fail but knowing you got this far should count for something. Keeping pushing yourself and learning, you’ll pass soon enough.

  • #51983
     Jamie.R 
    Participant

    Sorry to hear you failed but don’t worry about it. I would not look at it as a fail but as by not passing first time you would gained some really good skills that help you pass it next time. Now you know what the exam is you can prepare yourself for it better and I sure you pass next time.

  • #51984
     Phillip Wylie 
    Participant

    @superkojiman wrote:

    @r0ckm4n wrote:

    Sorry to hear you didn’t pass. Do you feel that you did better this time round than the last time though? You should still submit your lab + exam report as others have reported getting the certificate even though they didn’t get all the points in the exam.

    Thanks for your support and advice, superkojiman.

    I did do better this time. The first two times I focused too much on the buffer overflow and really didn’t spend much time trying to penetrate the other boxes. This time I got console access on a Windows box, but couldn’t escalate my privileges. I uploaded a backdoor to a Windows box, but couldn’t get any further. I didn’t get root on any of the servers. I gained more valuable experience in the lab this time, which will help prepare for my next exam attempt. 

  • #51985
     Phillip Wylie 
    Participant

    @H1t M0nk3y wrote:

    Hi r0ckm4n,

    I really feel your pain… When it happened to me (failling the exam again and again), I decided to put it on a shelve for a while. I waited a whole 2 years before trying again and finally passing the exam (and with a confortable margin).

    Thanks for your support and advice, H1t M0nk3y. I appreciated all support and advice from everyone, and I needed your point of view since you can relate to my experience. The next time I take the exam, I will be ready. I will take your advice on getting more lab time when I feel like I am ready and if I can hack everything in the lab I will know I am ready.

  • #51986
     Phillip Wylie 
    Participant

    Thanks for your support, YuckTheFankees and Jamie.R. I appreciate it.

  • #51987
     Phillip Wylie 
    Participant

    I extended my lab time on Tuesday. It’s been a productive week of studying this week and I am more focused. I rooted the most difficult server I have rooted so far. It was a very good experience and I learned a lot from it.

  • #51988
     azmatt 
    Participant

    Great job!!

  • #51989
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Great job!!

    Thanks!

  • #51990
     Phillip Wylie 
    Participant

    My lab time continues to be productive. I rooted 5 servers since I extended my lab time last Tuesday. Things I was having difficulties with like RFI is not a problem anymore.

  • #51991
     caissyd 
    Participant

    @r0ckm4n:

    Good to see you’re already back at it and that you’re making good progress!
    But I have a question for you: What do you think you’re still missing to pass the OSCP exam with confidence?

    Maybe we can help you a bit here…  😉

  • #51992
     Phillip Wylie 
    Participant

    I rooted another one this morning.

  • #51993
     Phillip Wylie 
    Participant

    @H1t M0nk3y wrote:

    @r0ckm4n:

    Good to see you’re already back at it and that you’re making good progress!
    But I have a question for you: What do you think you’re still missing to pass the OSCP exam with confidence?

    Maybe we can help you a bit here…  😉

    Thanks, H1t M0nk3y! I appreciate at your support.

    RFI was a problem, but I’ve improved in that area. I’ve also had problems with servers with a single open port such as 80, but I’ve improved there. Things are really starting to click for me and my last two servers took 2.5 and 2 hours. I’ve been able to figure other ways of rooting when one method didn’t work and I’m not talking about starting over from a totally different approach. I need to work more on changing shell code in exploits and adjusting the code to make it work. Any advice is welcome. I need to look through my notes to determine my weaknesses a little better since my recent improvement. When I get it figured out, I’ll post up my weaknesses.

  • #51994
     azmatt 
    Participant

    Great job r0ckm4n!!

    Are you using any other sources for additional research on the topics you’re working on?

  • #51995
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Great job r0ckm4n!!

    Are you using any other sources for additional research on the topics you’re working on?

    Thanks, azmatt!

    For buffer overflows I used the first two corelan tutorials and one from The Grey Corner blog. The one from The Grey Corner blog was really easy to understand. Also SecurityTube.net has a good assembly video series for both Linux and Windows, as well as a buffer overflow series.

    https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

    https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/

    http://www.thegreycorner.com/2010/01/beginning-stack-based-buffer-overflow.html

    A lot of the resources I have used I got from this message board. G0tmi1k’s blog has helped and especially his Linux privilege escalation post:

    http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html

    Something that has been very useful for me has been nikto. It has made it easier to find web vulnerabilities. Httprint has also been useful for verifying web server fingerprinting done with nmap and nikto.

  • #51996
     Phillip Wylie 
    Participant

    Today I rooted my 25th server in the lab. That makes 8 servers since my last exam fail.

  • #51997
     azmatt 
    Participant

    Great job on the boxes and thanks for the links.

  • #51998
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Great job on the boxes and thanks for the links.

    Thanks and you are welcome.

  • #51999
     Phillip Wylie 
    Participant

    I just rooted my 28th server in the PWB lab!

  • #52000
     azmatt 
    Participant

    Sounds like your hard work is paying off and things are clicking for you  8)

  • #52001
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Sounds like your hard work is paying off and things are clicking for you  8)

    It is for sure. I am glad I extended my lab time. I wasn’t planning to originally.

  • #52002
     Phillip Wylie 
    Participant

    Up to 31 rooted servers as of yesterday afternoon. I started a social engineering project yesterday afternoon, so I won’t have as much study time, but I will make due.

  • #52003
     azmatt 
    Participant

    Great job man, you’re knocking them down by the half dozen.

    Any new revelations or skills this past week?

  • #52004
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Great job man, you’re knocking them down by the half dozen.

    Any new revelations or skills this past week?

    Thanks, azmatt! My RFI skills have improved a lot since the exam. I am starting to think like a hacker, for a lack of better terms. I was making some big mistakes on my last exam attempt and prior to that. One example was not scanning all 65,535 ports. There were ports and services I wasn’t detecting. I figured out something yesterday that was a big help. I ran an exploit that gave me system level access to cmd.exe, but it limited me to on that command prompt. So I tried adding another account to the local administrators group, but I got an error and could not add the account. So I discovered if I launched programs or admin tools from the command prompt, they ran with system level access. So I did some Googling and found a solution. You run this from the command line “control userpasswords2” and it launched the user manager utility. The control part of that syntax refers to the control panel. So if you know the other names for the other control panel apps/utilities, you can launch them from the command line. My Windows local privilege escalation skills have improved over the past two weeks. I learned another cool tick, which is how to turnoff the Windows firewall from the command line, which is “netsh firewall set opmode disable”. That comes in handing when you only have shell access to a Windows box. Then you can connect with remote desktop. More lab time was my key to improvement. I am doing the things you hear everyone say, like sticking to one server at a time and enumeration, enumeration. I am confident I will do a lot better on my exam retake.

  • #52005
     dynamik 
    Participant

    Along those lines, try just launching MMC and then adding the snap-in(s) you need.

  • #52006
     Phillip Wylie 
    Participant

    @ajohnson wrote:

    Along those lines, try just launching MMC and then adding the snap-in(s) you need.

    Awesome idea, thanks!

    If you have other ideas I would like to hear them. I know I may not be doing things the optimal way and would like to have more options.

  • #52007
     Phillip Wylie 
    Participant

    My root count is up to 34 servers. I had a social engineering assignment last week and it allow for as much lab time.

  • #52008
     tr3b0rd 
    Participant

    For those that have taken the exam multiple times, is it always the same or do they have different machines and vulnerable services each time?

  • #52009
     dynamik 
    Participant

    @tr3b0rd wrote:

    For those that have taken the exam multiple times, is it always the same or do they have different machines and vulnerable services each time?

    I think there’s a pool of targets that’s randomly selected. You may see something that’s familiar, but you shouldn’t expect to have the same exam.

  • #52010
     Phillip Wylie 
    Participant

    I failed again, but I was so close. I rooted 3 servers giving me 55 points and I had low level access to 2 other servers, but time ran out before I could get root. I will be retaking the exam on June 22 at the latest.

  • #52011
     impelse 
    Participant

    Every book about hacking I read always tell you patience will always pay off, you try hard and harder, you will get it and it will pay off, why because you really are learning the stuff, keep drilling, you will get it.

    Also you inspire us, good.

  • #52012
     Phillip Wylie 
    Participant

    @impelse wrote:

    Every book about hacking I read always tell you patience will always pay off, you try hard and harder, you will get it and it will pay off, why because you really are learning the stuff, keep drilling, you will get it.

    Also you inspire us, good.

    Thank you for the encouragement, impelse!

    I am even more determined and once I pass, it will mean even more to me. When I think of where my skills and knowledge was at a little over a year ago, I am amazed at what I have learned. Since I started really hitting this course hard back around the holidays, it has paid off even more. At first it was forcing myself to study and now I have to force myself to do other things outside of this.

  • #52013
     impelse 
    Participant

    If you see you are becoming a serius pentester, you keep rooting those boxes in the lab, you attempt to hack 5 servers in 24 hours, with a lot of pressure specially coming from the time frame of the exam and from yourself, normally in a pentest you do not have those shorts time (5 servers in 24 hours, LOL).

    So if you can hack in those circumstances in the exam how is the real pentest?, sure you will be able to hack them and outside the box, without automatic expensive tools (I am not saying you will not use them).

    At the end you are wining and wining every time to attempt the exam, it is not lost, it will pay off.

  • #52014
     hanyhasan 
    Participant

    @r0ckm4n wrote:

    I failed again, but I was so close. I rooted 3 servers giving me 55 points and I had low level access to 2 other servers, but time ran out before I could get root. I will be retaking the exam on June 22 at the latest.

    Hard luck , never give up and i was only scared from taking CCIE ” from Cisco ”  ???. I read the subject from the beginning and let me asking you why there is no support from the trainer or does the material ” Videos & PDF ” not covering those attacks . The CCIE exam is about troubleshoot the network and more you practice to solve the network issues the faster you can solve the exam and pass but the material does cover the exam objective . Hard luck again & sorry i talked about Cisco here  ;D. Forget about my English every 1  ::)

  • #52015
     hayabusa 
    Participant

    @hanyhasan – The videos and PDF’s cover a lot, but because of the ‘adaptive’ nature of pentesting, there is expectation that not everything in the exam is going to be a ‘cut and dry’ example of something that was directly covered by the courseware, leaving the student to use their intuition and research skills to find answers, much like a live, real-world pentest would.

    @r0ckm4n – keep trying, keep studying, keep working at it.  Pass or fail, as impelse noted, you’re learning.  Experience, in this field, comes painfully, sometimes, but it’s well worth the effort, and shows your determination and dedication.

    Wishing you luck on the next (and hopefully final) attempt!  🙂

  • #52016
     Phillip Wylie 
    Participant

    @impelse wrote:

    If you see you are becoming a serius pentester, you keep rooting those boxes in the lab, you attempt to hack 5 servers in 24 hours, with a lot of pressure specially coming from the time frame of the exam and from yourself, normally in a pentest you do not have those shorts time (5 servers in 24 hours, LOL).

    So if you can hack in those circumstances in the exam how is the real pentest?, sure you will be able to hack them and outside the box, without automatic expensive tools (I am not saying you will not use them).

    At the end you are wining and wining every time to attempt the exam, it is not lost, it will pay off.

    Actually I am a pentester and you are correct about getting more time. I needed to improve my hacking skills and that’s why I took this course. I had experience with vulnerability assessments and automated tools.

  • #52017
     Phillip Wylie 
    Participant

    @hanyhasan wrote:

    @r0ckm4n wrote:

    I failed again, but I was so close. I rooted 3 servers giving me 55 points and I had low level access to 2 other servers, but time ran out before I could get root. I will be retaking the exam on June 22 at the latest.

    Hard luck , never give up and i was only scared from taking CCIE ” from Cisco ”  ???. I read the subject from the beginning and let me asking you why there is no support from the trainer or does the material ” Videos & PDF ” not covering those attacks . The CCIE exam is about troubleshoot the network and more you practice to solve the network issues the faster you can solve the exam and pass but the material does cover the exam objective . Hard luck again & sorry i talked about Cisco here  ;D. Forget about my English every 1  ::)

    Thanks and I won’t give up. I am more determined.

    There is a lot of missing instruction from the course materials, but I have learned a lot. It seems to be there teaching approach and it is working, but if it was covered more in depth it would take as long.

  • #52018
     Phillip Wylie 
    Participant

    @hayabusa wrote:

    @hanyhasan – The videos and PDF’s cover a lot, but because of the ‘adaptive’ nature of pentesting, there is expectation that not everything in the exam is going to be a ‘cut and dry’ example of something that was directly covered by the courseware, leaving the student to use their intuition and research skills to find answers, much like a live, real-world pentest would.

    @r0ckm4n – keep trying, keep studying, keep working at it.  Pass or fail, as impelse noted, you’re learning.  Experience, in this field, comes painfully, sometimes, but it’s well worth the effort, and shows your determination and dedication.

    Wishing you luck on the next (and hopefully final) attempt!  🙂

    Thanks, hyabusa! I learn more with each exam attempt. I was close on my last two exam attempts and I believe I will pass it next time.

  • #52019
     azmatt 
    Participant

    Great job r0ckm4n, you’re right there. What are you going to work on during the next month?

  • #52020
     Phillip Wylie 
    Participant

    @azmatt wrote:

    Great job r0ckm4n, you’re right there. What are you going to work on during the next month?

    Thanks, azmatt! I am going to work on Linux privilege escalation with a focus on missconfiguration. I do OK with Linux privilege escalation when an exploit is available.

  • #52021
     azmatt 
    Participant

    The list of things I need to work on is a mile long but privilege escalation is near the top of the list. After this is all done I’d love to read a post on how you improved yours.

  • #52022
     zeebee 
    Participant

    Keep going r0ckm4n! It was very motivational to see that you learned from the failed attempts and got better.
    I am trying too 🙂
    I failed my first attempt at OSCP and in a bad way  :-[ :'( (As many OSCP reviews mentioned I too contemplated a different career in the middle of my exam :P)
    Going back to the basics for a re-attempt before Oct 2013…
    Keep posting!

  • #52023
     Phillip Wylie 
    Participant

    @zeebee wrote:

    Keep going r0ckm4n! It was very motivational to see that you learned from the failed attempts and got better.
    I am trying too 🙂
    I failed my first attempt at OSCP and in a bad way  :-[ :'( (As many OSCP reviews mentioned I too contemplated a different career in the middle of my exam :P)
    Going back to the basics for a re-attempt before Oct 2013…
    Keep posting!

    Thanks, zeebee! I failed very badly on my first two attempts and didn’t even get user level access. What helped me the most was to work on rooting servers in the lab. I worked in the lab for about a month and was close to passing on my next exam attempt. Something else that helped, was for me to try to just get access to a server and the work on privilege escalation. I would get too caught up in trying to get root/admin from the start and once I focused on getting whatever level of access I could get, it made a big difference. I tell myself after each failed attempt, this cert is worth having, if it is this hard then not just anyone can get it or are willing to put in the work to attain the skills to acquire this cert.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?