OSCP

Can someone who has completed the OSCP exam please PM.

Tagged:
«1

Comments

  • strange request ;-)

    1nitiative

  • Maybe state your question here?

  • @KnickLighter said:
    Maybe state your question here?

    +1

    1nitiative

  • I need to ask a few questions about BOF in general. For some reasons I have never heard of someone not being able to get the BOF in the exam but I could not get it when I did the exam.

    So on the debugging PC my BOF worked but not on the actual exam box.

    I tried:

    1. Using different reverse shells
    2. Different encoding
    3. push esp instead of jmp esp

    So what I wanted is for someone to point me to a guide that could help. I have done the SLmail BOF more than 6 times already with no problems. So is there a encoder I should look at other than msfvenom for BOF or am I missing something stupid?

    Please don't "over share" as I don't want to lose the cert before I even get it xD

    I will be doing the exam on Monday and this will be my second time.

  • Everything I just share about the exam is already public knowledge.

    Just in case someone freaks out....

  • edited August 2018

    ok, bo can be pain in the ***

    1nitiative

  • Also this is only for BOF in general so guides and examples are what I am after.

  • Yes I have... I can do that one with my eye closed by now... That is why I am so confused when it comes to the exam BOF

  • BO in exam is almost identical to BO in pdf, there was a student tho in oscp forums who said the BO worked on debug machine during exam and not on actual machine tho so maybe contact offsec admin they may be able to help you out :)

  • Speaking of OSCP, can anyone comment on whether the OSCP is actually easier than HTB? Someone told me that was the case and now I'm feeling dumb for not using my attempt when I had the chance, fearing I wasn't ready.

  • Yes. Even I hear that 30 points machines are equal to the OSCP machines.

    sesha569

  • edited September 2018

    OSCP exam is hard & demoralizing if you fail, but the 'hard' machines in oscp (pain, sufferance, humble, gh0st) imo are far easier than some of the machines on htb

  • edited September 2018

    @wirepigeon said:
    OSCP exam is hard & demoralizing if you fail, but the 'hard' machines in oscp (pain, sufferance, humble, gh0st) imo are far easier than some of the machines on htb

    I think the main issue on this exam is time... It's hard to manage this. It is far from the confort on HTB where, yes, you want to make it the most quickly as you can, but no matter if it take 2-3 hours or more to succeed on one machine. Here you have several machine, limited times and you have to manage stress and the fact that the more time you spent the more you ll be tired and less focus....

    1nitiative

  • I concur the time constraint can rek you mentally

  • you cannot compare OSCP with HTB
    HTB is much more difficult than OSCP if you have done all the machines in HTB or if you are one of the active member from last 1 year you can easily do OSCP in fact earlier many machines were similar like OSCP.

    OSCP will help you to increase your thinking power you don't have to craft any exploit on your own but you should be able to modify it.

    Lab machines are not that tough but exam machines are difficult with limited time constrain

  • @DeepinX said:
    I need to ask a few questions about BOF in general. For some reasons I have never heard of someone not being able to get the BOF in the exam but I could not get it when I did the exam.
    So what I wanted is for someone to point me to a guide that could help. I have done the SLmail BOF more than 6 times already with no problems. So is there a encoder I should look at other than msfvenom for BOF or am I missing something stupid?

    Please don't "over share" as I don't want to lose the cert before I even get it xD

    I will be doing the exam on Monday and this will be my second time.

    If you follow the PDF, you should be good. Keep the following process;

    • Finding buffer length, make sure you can overflow EIP
    • Finding badcharacters is important, you'll have to do this for the BO
    • Use an appropriate amount of NOPs
    • Try first with calc.exe instead of a (reverse) shell

    I've spent a lot of time on the BO during my OSCP exam. At the end I decided to RTFM and noticed I forgot the NOPs. After a facepalm and including some \x90's, it worked flawless.

    Other subject "HTB" is harder than "OSCP" - In my opinion, overall the machines on HTB require some more digging than the average OSCP machine. I find both environments challenging and most of all: a lot of fun!

  • Don't forget about badchars! Test for badchars as described in the course PDF. It's simple.

  • @b1narygl1tch said:
    Don't forget about badchars! Test for badchars as described in the course PDF. It's simple.

    +1

    Hack The Box

  • Do the BOF first as soon as the exam opens up if you can. Get it out of the way. Also, walk into the exam knowing how to find badchars in your sleep. If your box was anything like mine, this is a necessity.

    Don't get discouraged - it's hard to pick up at first but you will get there.

  • The BOF on my exam was very similar to the example in the lab. Once I got the exploit working on the dev machine it worked right away on the target.

  • I bet he was taking a jmp esp from an OS .dll rather than the programme. Then when he tried on exam it failed because of differences in OS.
  • Mastering BOF is all about getting used to assembly level debugging. Single step your target, look at which point it does not execute code you expect and then find out why.

  • edited September 2018

    I had a similar issue on my exam. had it working on the test machine after <1 hr but wasted a further 8 hrs getting to work on the exam box, eventually found the problem. pm me if you wanna discuss.

    As others mentioned, the lost time and the pressure after that was too much and i failed the exam, i felt that i could not walk away for a break and ended spending almost all of the 24hrs at the desk chasing in and spinning my wheels in full brain fog mode.

    I took heart from the fact that i only just fell short and (probably one user shell away), after having 0 pts on the board after 10 hrs. Looking forward to re-taking having learnt from the experience.

  • @AgentTiro said:
    I bet he was taking a jmp esp from an OS .dll rather than the programme. Then when he tried on exam it failed because of differences in OS.

    bingo

  • Can anyone list the most OSCP-like machines on HTB?

    One difference I've noticed is PWK lab machines are less like CTF puzzles and more "realistic"
  • @NeilSec said:
    Can anyone list the most OSCP-like machines on HTB?

    One difference I've noticed is PWK lab machines are less like CTF puzzles and more "realistic"

    Good then. Received my labs access today. Cheers!

    Hack The Box

  • @Pratik said:

    @NeilSec said:
    Can anyone list the most OSCP-like machines on HTB?

    One difference I've noticed is PWK lab machines are less like CTF puzzles and more "realistic"

    Good then. Received my labs access today. Cheers!

    Cool. if your HTB ratings are anything to go by, I imagine you'll be ahead of the game.
    Good luck with it.

  • @NeilSec said:
    Can anyone list the most OSCP-like machines on HTB?

    One difference I've noticed is PWK lab machines are less like CTF puzzles and more "realistic"

    Arctic ,Devel , Solidstate and chatterbox are more or less like the labs in oscp :) Might be some more but thats the ones i noticed.

  • @shellyhx said:

    @NeilSec said:
    Can anyone list the most OSCP-like machines on HTB?

    One difference I've noticed is PWK lab machines are less like CTF puzzles and more "realistic"

    Arctic ,Devel , Solidstate and chatterbox are more or less like the labs in oscp :) Might be some more but thats the ones i noticed.

    Thanks pal :-)

Sign In to comment.