OSCP Journey Part 12
Day: +1 PDF: 100 Videos: 100% Boxes: 14 Networks:1
Well I’ve just finished the exam and unsurprisingly I’ve failed. I didn’t exploit a single box.
Now for the excuses:
The main one is my lack of knowledge – simply down to the fact that I needed to put in more time that I could. Now no doubt some people would be able to pass with the time I put in but not me – thus the title of this site, I’m very much a newb.
I was working late on the labs two nights before the exam, the night before I got to bed at a reasonable time but got essentially no sleep. A random event occured, cows from two fields across broke into my garden and wrecked the place! I tried to chase them but they were having none of it. I was equiped to deal with dirty cow exploits but not real cows! Then during my exam I had to find out who owned them and then had the farmers coming round and trying not to accept blame and not wanting to pay for damages. I now have a “garden” full of crap and piss! Looks like the BBQ this weekend is cancelled.
With all that going on perhaps my mind wasn’t in the right place. Saying that I have to be realistic – I would not have passed anyway, but I’d like to think I would have got into a box or two.
This attempt allowed me to get experience of the exam so when I’m in a position to pass (knowledge wise) I will know what to expect.
I had made a plan which I stuck to and it made me feel as if I had quite a lot of time and good amount of breaks. OSCP exam plan. Let me know if you use it any find it useful.
So my exam was a proctored exam and I found it fine on average, about 15 minutes before your starting time you connect to:
https://screenconnect.offensive-security.com:8040/
to share your screen
https://webcam.offensive-security.com/
to view you and do a room scan
You also have to show your ID and compare that to your face.
The only issue I had was I bought a webcam from Amazon Logitech C270 HD Webcam and it was terrible at viewing text – I spent about 30 minutes trying to get it to focus on my ID. In the end I had to get my laptop and use its webcam to focus on it. Make sure you test this before your exam.
What’s next?
When I first purchased lab access I paid for two 3 month access. So before I start my second stint in the labs I’m gonna take a break for a month maybe two. In slow time I’m going to go through and spruce up my exercises report format.
I’ll tackle a couple of hack the box machines and maybe a vulnhub machine.
If you have passed let me know your secret.
I will achieve this certification I don’t care how many resits it takes.
Hi fellow underskilled-hacker. Bad luck with the cows and exam. You sound like you’re at about the same sort of stage as me. I need to book my exam in the next month or so due to end or lab time. I bought an extra 2 weeks lab time and got hit with a really bad back problem (almost certainly from weeks of sitting up at night in front of a computer) and only used 3 days of it! They were not willing to refund or give me extra time and I can’t keep ploughing cash into it.
I do not believe I’d pass right now. So I’m hitting HackTheBox hard now in the hope of getting these skills into my “muscle-memory” so I don’t waste so much time going “hmm…how do I move a file off a Windows PC again?…” or “damnit…I knew I should have spent more time trying to understand basic PHP code”
So re: webcam – can you use your laptop cam or do you need a separate one?
If you’re on HTB let me know your handle. I’m NeilSec
That’s a shame they didn’t refund you. No you can use your webcam from your laptop – my laptop was old (actually forgot I had one which was why I bought one). I’m on hack the box have been VIP subscriber for a year. I love the PDFs you can download – I use them to as a knowledge base. I’m rowbot on HTB.
Good luck in your exam let me know how you get on.
Cheers.
So what is the difficulty level of the exam vs HTB boxes?
Well considering I didn’t get into any my initial response would be harder but in retrospect I have to say they weren’t that hard…if you did the work. I felt as if I was very close on 4 of them. Some HTB machines are a pain and designed to confuse you whereas PwK is not designed to confuse, as far as I can tell.
My brief experience with HTB is that many of them are puzzles – full of tricks and encodings and very artificial setups. I learn from them but spend way too long on pointless stuff that’s never gonna help with OSCP.
I’ve also joined on the VIP and I’ve been asking around for OSCP-like boxes and some of the suggestions look good. I just did Arctic today which was very similar – out of date web app, log onto the admin interface, upload a webshell, privesc. So I guess one has to pick the boxes that suit.I do write-ups as I go along in the vain attempt to fix it in memory https://neilsec.com/penetration-testing/hackthebox-arctic-walkthrough/
Virtual Hacking Labs have some good machines but it’s not cheap compared to HTB: https://www.virtualhackinglabs.com – actually their course e-book is pretty good so i think the month I got was worth it.
I was looking at virtualhackinglabs.com specifically for their e-book. I’m tempted to sign up for a month so I can get it
I just want to say that I laughed so hard when I read the cow part of your story.
Great writing, and good luck.
Thanks, still trying to get the farmers to pay/fix the broken fence.