← All posts
cybersecurityoscpcertification

OSCP — Attempt 1

· 3 min read

OSCP image

Here are my thoughts and experiences after taking the OSCP exam for the first time.

Preparation

Going into the exam, I only did around 20 machines — just enough to get the 5 bonus points for finishing the course exercises and lab report. Aside from the lab machines, I also used Hack The Box (doing TJnull’s list) and going through Virtual Hacking Lab machines.

Exam booking

I booked my exam for 8:00 am on a Saturday through the OSCP console. I suggest anyone reading to book your exam at least a month ahead because weekends will most likely be fully booked, leaving only weekdays open. I learned this the hard way and had to constantly check daily for a closer slot to when my labs ended.

Exam start

Proctoring starts 15 minutes before the exam. The proctoring steps involve logging in, setting up a Chrome extension, doing an ID check, and turning the webcam 360 degrees to let the proctor assess my surroundings. Once this was complete, I just had to wait until 8:00am sharp to get an email about the exam.

8:00 – 10:00

The first machine I did was the BOF. It was straightforward except I forgot a few bad characters which eventually took me an extra hour to finish.

10:00 – 10:30

The second machine was the 10 pointer. I found the exploit and finished this within 10 minutes.

10:30 – 16:00

This was mostly spent trying to crack one of the 20 point machines, which I could never get a shell on but had read access as a user account.

16:00 – 18:00

Got a reverse shell on the other 20 point machine. So far only 45 points. Trying to figure out privilege escalation.

18:00 – 22:00

Can’t figure out privilege escalation. Feeling lost. Trying the 25 pointer machine got me nowhere either.

22:00 – 02:00

Found something interesting on the 25 pointer but still can’t get an initial foothold. I call it a night and go to sleep.

06:00 – 08:00

I wake up to try and push one last time. I got nothing in. I called it a day and messaged my proctor to end my exam 10 minutes early.

Finish

I only ended up with 45 points. Not even close enough to pass. Honestly, a bit through the exam on one of the 20 point machines, I seriously felt that it was an impossible machine. I enumerated all the ports and left no stones unturned yet still couldn’t get a shell. I went into the exam confidently yet left confused.

Lessons learned

  • Enumerate more
  • Learn more about privilege escalation
  • Learn more about networking
  • Take more breaks

Future

For the next exam, I will try to book it at night. This way once I finish the buffer overflow machine and the 10 pointer, I can sleep and feel refreshed to tackle the rest of the machines.