I failed my first OSCP attempt, and I'm looking for some advice.

As said in the title, I failed my first OSCP exam attempt. However, I did better than I thought I would. I got about 55/100. I mostly failed in Privesc. I got user access on 4 machines out of 5, but I didn't get root on any machine. My OSCP lab time was during the summer, which meant that (at the time) I spent most of my time in the OSCP labs. I'm currently in my first year of college, which means I can't put as much time into hacking as I used to.

I also tried to pwn a few machines on HTB's free VPN, but it really seems that the machines are not stable. Is it just me being incompetent, or are the machines in the free VPN not stable?

I only have about $600 of savings that I can invest in my learning journey. I'm definitely trying to save up more, but that's what I have for now. I don't want to put myself in a pickle by using putting the money in the wrong place and not knowing what to do next.

With that situation in mind, what do you think I should do? Should I purchase an HTB VIP monthly subscription? Or is the difference between the VIP access and the free access minimal? Or should I wait until the summer to get an OSCP lab extension and just do some Vulnhub machines until then?

Thank you in advance.

Comments

  • edited November 2018

    I purchased VIP and I think it's an excellent value for me. With all the instability and resets the free lab was really eating up time with no return. So I bought VIP and never looked back.

    Most of the boxes I've done have had some contact with the PWK material. IMO you should keep practicing and not take a very very long break or you will lose some skills. I used HTB during a several month break from the OSCP lab, and it kept me fresh enough so that I passed when I finally got to the exam.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • edited November 2018

    machines on Free can be a nightmare..
    an example is that it took me to 2 hours to transfer a file between 3 systems via ssh.
    but, it is totally doable in the end to get the job done.
    but you will face many frustrating situations.
    1) Machines slow cause many people bruteforce
    2) Machines do not work properly cause someone messes something up intentionally or unintentionally
    3) You will find stuff that people have created, changed, that may not be part of the machine and put you in rabbit holes
    These are some examples.

    Having used VIP in the past i believe it is worth it, especially if you know that you will have enough time within 1-2 months to play a lot in here. As you can also have access to retired machines, so more training time ;)
    In the end its up to you to figure out what is worth your savings.

  • edited November 2018
    I Am Not OSCP & Never Done Any Courses
    So Sorry For Any Mistake In Answer

    Sir ,

    As You Say You Failed In Getting Root Access
    And I Read In Blogs That Metasploit Is Not Used During Exam

    So , Alternative And Fully Depends On Netcat And Exploits

    As My Opinion , IF You Sir , Improve You Skill In Python So It's Pretty Helpful For Rooting

    I Am Total Noob ,

    As I Think Buying HTB VIP [1 month] is Helpful ,
    And I know That You Already Know About That Exploits , But I Just Say You

    Sir , There Is 2 Most Excellent Exploits
    1) 18411 [ For Linux Root ]
    2) 18176 [ For Windows Root ]

    As You Say You Not Have Enough Time
    So sorry about that but I Read Many Blogs They Give 5 h/day

    Also As You say You Get 55/100 , Mean Actually You Get 45 , And 10 Point Of report

    I Prefer You Sir, That You First Give some time
    And Try To Hack HTB Box Without Using Metasploit , Create Own Exploits by python
    Etc ..

    And Most Give Time To Hacking,
    OSCP LAB, i Never See But People Say, Best Lab For Practice , but Now I Think You Not Purchase Is Better

    Sorry if i make any mistake against Your Respect
    I Am Noob So , Possible Make Mistake

    Best Wishes To You Sir For Future @Amzker
  • Thank you all for the swift replies.

    @LegendarySpork I understand. I'll do my best to not lose the skills I have already received, and it's great to hear that HTB is related to the OSCP in some ways.

    @w31rd0 So it's not me being too incompetent. It's good to know. Now I'm much more comfortable purchasing a VIP subscription knowing that I'll actually get something out of it.

    @Amzker I already know a good bit of programming as I got into Netsec from a development background, but I agree. I do have a few hiccups with Python's syntax. Also, I'll definitely try out those Privesc exploits when I'm stuck in a machine. Pretty sure they'll come in handy at some point. About the points I got in the exam, I did actually get the full 55 points during the exam. I didn't do the lab reports because they take up time I could spend learning more and they only give 5 bonus points not 10. However, I do agree with everything else you said.

    I think I will purchase a monthly subscription to HTB so that I don't loose that thrill of hacking just because I don't want to pay less than $15 a month.

    Again, thank you all for the advice.

  • edited November 2018

    @RealUsername22 said:

    @w31rd0 So it's not me being too incompetent. It's good to know. Now I'm much more comfortable purchasing a VIP subscription knowing that I'll actually get something out of it.

    Even if you try things that are wrong, at least you can be more certain that what you are trying is probably wrong and focus more on how to make it work.
    so yeah, I would certainly give it a try for 1 month if i was you..and see if it suits you.
    i mean it is like drinking 2-3 less beers per month.

  • @w31rd0 said:

    @RealUsername22 said:

    @w31rd0 So it's not me being too incompetent. It's good to know. Now I'm much more comfortable purchasing a VIP subscription knowing that I'll actually get something out of it.

    Even if you try things that are wrong, at least you can be more certain that what you are trying is probably wrong and focus more on how to make it work.
    so yeah, I would certainly give it a try for 1 month if i was you..and see if it suits you.
    i mean it is like drinking 2-3 less beers per month.

    Agreed. I will definitely try it out. It feels like the right thing to do at the moment. Even if it isn't right, it won't cause problems.

  • I failed my first attempt as well. I went in knowing a large number of people fail the first time and some more than once. I took the first time as more of a way to calm the nerves and see how much I learned. I plan to renew for another 90 in conjunction with my upcoming gxpen class. Work is paying for the gxpen but I will be laying out the 600 for another 90 day lab time.

    Since you are on a budget you can check out Joe McCray and the training offerings he had one for 50 a month unlimited classes. Though note Joe while well known and has a lot of material is very often late to the classes or reschedules them. I found his class on ceh /oscp to be almost mimicking the oscp course book.

    Other options are VIP on HTB. Well worth the small investment and I have learned tons of things that if I knew when I took the exam I might have passed the first time.

    There is also vulnhub. There is a great list of oscp type machines out there that you can practice on. One thing I have done to help in the learning is to use those machines and shoot youtube videos on them to help me remember but to make sure I understand everything and I can explain it to others. This makes sure I retain the knowledge. http://www.youtube.com/user/genxweb .

    For each renewal, you get one test to retake so even if you don't have the money now or only have enough for 30 days, maybe use some free sources then do a 90 and sit the exam at the very end.

  • I failed my first time too. Dw .reflect and learn you can do it.

    Complete the workbook for 10 points.
    Master buffer overflow . Look over the one in course material.
    Have some scan scripts.
    Have a methodology. Practise it.
    There are lists of Oscp like VMs on vulnhub. Smash them all.
    Eat plenty good food. Sleep well. Excercise before if u can.
    Pick a good time to start the exam. Plan for sleep.
  • @shify0g, the points were dropped from 10 to 5 now for exercises AND labs.

  • Been a while since I looked at it .
    Still worth to get them 5 points.

    I let all scan and enum scripts run whilst doing buffer overflow.

    Organised folder structure and notes helped alot.

    Have a report template ready to go.

    Screenpresso is a good screenshotting tool I used at the time.
  • Type your comment

    Hack The Box

Sign In to comment.