OSCP exam tomorrow (16th)

Viewing 44 reply threads
  • Author
    Posts
    • #7715
      zeroflaw
      Participant

      Hey guys,

      My labtime expires coming Tuesday. But I found out that the 16th is the last day I can schedule my exam, because the Offsec guys will be having vacation starting next week. So I decided to just schedule it and suffer once again. I could have waited another 2 weeks, but it will be right before I start my new job. Also, I don’t like doing it during the weekends.

      So I’ll just give it my best shot tomorrow. I penetrated almost the entire student network and some hosts on the other subnets, so I think I’m ready. Unfortunately I lost the notes from about 15-20 machines I rooted during my lab extension. I was stupid enough to not read the exploit code, and it wiped almost all of my files from my virtual machine >_< But that’s ok, now for sure I’ll never EVER skip reading exploit code. Yeah 91 bytes for a bind shell seems small 😛 And calling a function pointer that points to the shellcode also doesn’t seem harmless :-[ Though, now I can laugh about it. Anyway, tomorrow at 4pm my exam will start. I couldn’t schedule it to be sooner, but oh well. I expect things to go a lot smoother/faster, but who knows. I’ll try to keep you guys up to date during the exam, if time allows it.

    • #48112
      shadowzero
      Participant

      @zeroflaw wrote:

      Hey guys,

      My labtime expires coming Tuesday. But I found out that the 16th is the last day I can schedule my exam, because the Offsec guys will be having vacation starting next week. So I decided to just schedule it and suffer once again. I could have waited another 2 weeks, but it will be right before I start my new job. Also, I don’t like doing it during the weekends.

      So I’ll just give it my best shot tomorrow. I penetrated almost the entire student network and some hosts on the other subnets, so I think I’m ready. Unfortunately I lost the notes from about 15-20 machines I rooted during my lab extension. I was stupid enough to not read the exploit code, and it wiped almost all of my files from my virtual machine >_<

      But that’s ok, now for sure I’ll never EVER skip reading exploit code. Yeah 91 bytes for a bind shell seems small 😛 And calling a function pointer that points to the shellcode also doesn’t seem harmless :-[ Though, now I can laugh about it.

      Anyway, tomorrow at 4pm my exam will start. I couldn’t schedule it to be sooner, but oh well. I expect things to go a lot smoother/faster, but who knows. I’ll try to keep you guys up to date during the exam, if time allows it.

      Good Luck!

    • #48113
      UNIX
      Participant

      Good luck, zeroflaw!

    • #48114
      hayabusa
      Participant

      Best of luck!

    • #48115
      zeroflaw
      Participant

      Thanks guys! Waiting for the e-mail now. Got my command shells with nmap, nikto and dirbuster ready 🙂

    • #48116
      satish.lx
      Participant

      Did you complete your exam? How it went? good luck

    • #48117
      Darktaurus
      Participant

      Good Luck!!! Remember to keep some refreshments and music handy.

    • #48118
      dbest
      Participant

      Good luck.

      Let us know how it was..

    • #48119
      zeroflaw
      Participant

      Got one shell. Few passwords and some interesting things on other boxes. It’s not going well I’m afraid. Though during my previous attempt it took about this long to root the first box. Doing my best at the moment..

    • #48120
      zeroflaw
      Participant

      Thought I’d give you guys an update. Even though things are going kinda bad now, I just did my most epic privilege escalation ever 😀 Rooted one box just now, I’m saving another easier one for later. Slowly getting some points..

      5:43 AM now. I guess I won’t be sleeping tonight  :-[

    • #48121
      j0rDy
      Participant

      Hey, perhaps a little bit late, but good luck! any update on how it went? i’m guessing you are sleeping it off right now, hehe…

    • #48122
      zeroflaw
      Participant

      Still trying.. But it’s all just dead ends so it seems. Guess I’ll be failing this for the third time >_>

    • #48123
      shadowzero
      Participant

      @zeroflaw wrote:

      Still trying.. But it’s all just dead ends so it seems. Guess I’ll be failing this for the third time >_>

      Don’t give up till it’s over.

    • #48124
      zeroflaw
      Participant

      Exam was way different, as expected. Though, I didn’t expect it was much harder then the previous attempt. I only got 2 shells now, and some vulnerabilities that didn’t turn into shells. I skipped one of the machines on purpose and saved it for last. Figured I was going to fail anyway if I didn’t get some of the others first.

      I’m afraid that as this point, I just don’t have what it takes to become an OSCP. On several machines everything checked out, the right kernel version, installed services. It sucks because I thought I was much better prepared this time, bought the labtime after all. Rooted almost the whole student network and some boxes on the other networks.

      On my previous attempt, I even hardly practised beforehand and did better. I guess at this point for me it really depends on the machines. I had a shell on a high point machine, but couldn’t get a shell on a machine that had the lowest points. I didn’t sleep again, but I took some breaks. I had enough energy, and could think straight most of the time.

      Now I’ll be having a go at this again in maybe a month or so. I’m not sure what to learn or to practice on, considering my labtime ends tomorrow. I’ve learned some cool tricks today, and I could say that’s what counts, but I’m just not feeling that right now. I really thought I would pass this time. Better luck next time I hope. I’ll get different machines and different chances.

      I respect those who passed the exam in one attempt 😛 Or actually everyone that passed it lol. I’ll just accept that I still have a lot to learn, and a lot of experience to gain.

    • #48125
      cd1zz
      Participant

      You might want to focus on rooting all the way to the admin network. Just getting the student network might not be enough…

    • #48126
      DragonGorge
      Participant

      @zeroflaw wrote:

      Now I’ll be having a go at this again in maybe a month or so.

      Hey ZF – sorry to hear about your bad luck. Are you still planning on retaking the exam? I’ve heard some say that you’re better off doing it right away because of the likelihood that the exam is the same.

    • #48127
      ZeroOne
      Participant

      zeroflaw.. sorry to hear that, failing leads to success, you will get it sooner or later ;). I am planning to join OSCP sometime this year, even though i’ve seen scary reviews all around about the exam. (this is not one of them :p)

      A few questions to who ever took this course, do they teach you python or C? I am trying to improve my programming skills in Assembly (also memory mapping) + C before entering the OSCP, that actually helped me understanding Buffer Overflow concepts, do you guys have to program or something during the exam?

      Cheers!

    • #48128
      impelse
      Participant

      I keep adding lab time, I do not know how will I remember all the info…..keep working, but let me tell you that this training open me a lot my ayes.

    • #48129
      shadowzero
      Participant

      @ZeroOne wrote:

      A few questions to who ever took this course, do they teach you python or C? I am trying to prove my programming skills in Assembly (also memory mapping) + C before entering the OSCP, that actually helped me understanding Buffer Overflow concepts, do you guys have to program or something during the exam?

      You’re welcome to write code in any language, but for the course, they focus on python and shell scripting. If you prefer perl, ruby, or whatever else, that’s fine too. You should know some shell scripting anyway as you’ll be interacting with Linux machines, so being able to quickly script something is ideal.

    • #48130
      DragonGorge
      Participant

      @ZeroOne wrote:

      A few questions to who ever took this course, do they teach you python or C?

      No, they do not teach python, C, Ruby, Bash, or any other language. “Introduce” might be a better word. The key thing here is that you don’t need to be fluent in any of the languages, just familiar enough so you can understand what’s going on. However, like ZO said, it’s predominantly python & bash. Realistically, if you can read/write python you can probably do enough ruby & perl with a little googling.

    • #48131
      satish.lx
      Participant

      just curious do we need to write buffer overfow (shellcode) in exam to get root shell?

    • #48132
      UNIX
      Participant

      That’s to find out during the exam. Ideally you should be familiar with all topics covered in the syllabus before attempting the exam.

    • #48133
      Jamie.R
      Participant

      Have you done the exam how did it go ? any tips for other that may be taking the exam soon??

    • #48134
      sh4d0wmanPP
      Participant

      As good pentester I always start any certification with some OSINT  😉 So I came across a post that said metasploit can not be used (or just once) and I agree with this limitation but does this also mean we can’t use the scripts for exploit writing? I am talking specificly about pattern_create and patter_offset.

    • #48135
      UNIX
      Participant

      Before your exam starts you’ll receive an exam guide which contains information about what’s prohibited to use.

    • #48136
      Jamie.R
      Participant

      What the best way to prep for OSCP course and good luck with exam

    • #48137
      cd1zz
      Participant

      I think the best way to prep is just to dive in and start. It’s part of the experience to figure it all out as you go along.

    • #48138
      Jamie.R
      Participant

      Cool any advice for the exam apart from pray lol

    • #48139
      UNIX
      Participant

      In my review I gave some general advice regarding the exam. It’s also worth to read other reviews on the exam to pick up some more details and recommendations.

    • #48140
      Jamie.R
      Participant

      Cool thanks will have a look at it

    • #48141
      BillV
      Participant

      Sorry to hear. Did you do the extra mile challenges during the course? Hard to remember but I think when I was going through, I was looking deeper than I needed to look. Taking a quick nap for a few hours was also helpful.

    • #48142
      DragonGorge
      Participant

      @BillV wrote:

      Did you do the extra mile challenges during the course?

      I’m taking the course now but I’m not trying to get exam hints. Does your question imply that the (somewhat uncovered) concepts in the extra mile(s) are needed for the exam? If so, why doesn’t Offsec teach them as part of the core material?

    • #48143
      dynamik
      Participant

      @DragonGorge wrote:

      @BillV wrote:

      Did you do the extra mile challenges during the course?

      I’m taking the course now but I’m not trying to get exam hints. Does your question imply that the (somewhat uncovered) concepts in the extra mile(s) are needed for the exam? If so, why doesn’t Offsec teach them as part of the core material?

      The course materials are just the tip of the iceberg. The most difficult parts of the course are research, problem solving, and staying organized. The Extra Mile exercises and lab activities help you development these skills. It’s not something they can simply teach by expanding on the written/video resources.

      It’s just like how you can’t learn how to juggle by reading about it. If you’re not even putting the time into doing the majority of the Extra Mile exercises and lab systems, you’re not obtaining the skills to do well on the exam (or out in the real-world).

    • #48144
      DragonGorge
      Participant

      I’m going to preface this response by saying that it is in no way, shape, or form meant to come across as snarky or negative.

      Maybe it’s issue of interpretation. I take “extra” literally, i.e. beyond what is usual, expected, or necessary. In the past I’ve seen “extra mile” exercises to mean, “good skill/information to know but not necessary for the exam.” So, if I’m weighing my time (class, work, family, a wife who has only seen the back of my head for the last 5 weeks), I might be tempted to skip the extra mile in favor of brushing up on ruby or catching up on some household chores, etc, etc. And if the extra miles are mean to impart research, problem solving, and organization skills,  critical to passing the exam, then why not simply move the extra mile exercises into the main body of the course?

      If you’re not even putting the time into doing the majority of the Extra Mile exercises and lab systems, you’re not obtaining the skills to do well on the exam (or out in the real-world).

      I don’t have a problem with extra practice, and I think it’s been made very clear that we’re supposed to hone our skills on the lab machines. My issue is with extra mile exercises that cover concepts that may or may not be on the exam but weren’t covered in the lecture.

    • #48145
      Jamie.R
      Participant

      It would be good if the lab time was more flexible from what I understnad your labs time starts and you get the amount days you paid for. It would be better if you could have 30 days worth so that mean sometimes like sunday you can spean all day in labs and other when you have work and other commitments you could spend less but not loss lab time.

    • #48146
      shadowzero
      Participant

      Certain sections in the course can be done offline. You have three months to schedule your exam after your lab time ends, so you could easily spend an extra three months working on those sections you feel weak in before you take the exam. Things like buffer overflows are good a good example of things you can practice offline. You can download vulnerable virtual machine images made to be broken into for practice during that time as well, there’s plenty of material out there to practice on once your lab time ends.

    • #48147
      BillV
      Participant

      @DragonGorge: without going back and looking through the manuals, I don’t believe anything in the ‘extra mile’ challenges was _required_ to pass the exam. The exercises completed within the course itself, along with a little further understanding of what you’re doing and hopefully some previous experience, is what’s required. This is why many people don’t recommend this course for a beginner. The extra mile challenges do help to give you some extra points for the exam though – so if you’re struggling and are “on the ledge,” they may just bump you over to a passing score.

      Personally, I like the fact that they put these in there. They show you where to go to further expand your skills and provide you the direction – it’s up to you to continue the research. This is a critical skill and something important for everyone in this field to understand. Working anywhere in security requires you to constantly keep up-to-date on just about everything.

      I certainly understand where you’re coming from though. It’s very tough working in this field and balancing the rest of life along with it. I believe they state in the guide somewhere that the extra mile challenges are just that, extra.

      @Jamie.R: Maybe they’ll consider doing it that way with the lab time in the future (similar to eLS). I think that’s a great way of going about it.

    • #48148
      Jamie.R
      Participant

      Yes me too billV makes more sense and better value for money for people who work or who have family.

    • #48149
      jjwinter
      Participant

      Just to clarify on lab time, once they let you loose in the lab, your timer starts ticking 24/7 and stops only when your 30/60/90 days are up? No hitting “pause”? So its not “connected to the lab and working” time, its “you have this block of days allotted”

      I am seriously considering this course and want to be sure I take it at the right time. My wife and kids like to see me occasionally too.

    • #48150
      azmatt
      Participant

      Yeah that’s it. I’m planning on getting the 90 version and setting aside money for a 90 day extension. I would rather be way over prepared for the test than face 24 hours of misery 🙂

    • #48151
      KrisTeason
      Participant

      @jjwinter – That’s correct. No hitting pause. Your lab time starts as soon as your admitted into the course. I would advise 90 days just to get the most of your time. The network has been expanded like never before and you get most of your experience by hacking away. You’ll feel most prepared for the exam the more machines you break into. The extra miles are a good way to get more practice too!

    • #48152
      Jamie.R
      Participant

      I heard it was possible to ask just for the lab guide and video first and start your lab time off at later date can anyone confirm this?

    • #48153
      hayabusa
      Participant

      I’ve never heard that, personally.  Sorry I can’t help confirm for you…

    • #48154
      dynamik
      Participant

      @hayabusa wrote:

      I’ve never heard that, personally.  Sorry I can’t help confirm for you…

      Likewise. I’m pretty sure I asked for a delay when I originally purchased the course and was told that wasn’t an option.

    • #48155
      sternone
      Participant

      I think it was just wishful thinking.

      There is no such thing as a pause. The OSCP is all about the labs.

Viewing 44 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?