OSCP Exam Result

edited August 2019 in Off-topic

Hi
i recently did oscp exam and successfully get 4 system and 1 localhost than i send detail report with lab and exercise because for extra 5 mark as it mention in there official site for additional 5 mark rewarded if student submit lab and exercise report along with exam report .After 2 week after my exam i get this reply
We regret to inform you that, based upon review of your course and exam documentation, you did not meet the requirements to pass the Penetration Testing with Kali Linux exam.

what went wrong i don't understand i submitted hash in control panel and in my exam report as well with step by step documentation of exam with screenshots

please anyone can tell me what exactly went wrong i am really puzzle now
i ask them but they copy paste something and didn't tell me the exact reason

'''
Thank you for contacting us.

Please note that we are unable to provide individual feedback on the exam attempt or the documentation, however, we can offer you some general tips and suggestions which might help you on your next exam attempt should you wish to take it. We strongly recommend reading this email in full, and going over the additional suggestions and resources.

POINTS:

We do not provide the final exam score for the exam attempts, however, you are able to determine your own score by following the points which are outlined in the Exam Control Panel. Partial points can be awarded for the machines where root/admin access was not achieved, however, you can safely assume that local access will bring half or less points.

OSCP EXAM RULES:

Please take the time to thoroughly and carefully read the OSCP Exam Guide, as it contains important information and rules regarding the exam, and exam documentation. Be aware that not following the exam rules closely and properly, might cause points reductions, which can affect the outcome of the exam result.

DOCUMENTATION:

We suggest following one simple rule when documenting the exploitation steps regarding the exam targets. In case you ask yourself “should you include something or not”, the answer is always “yes”. If you think that additional screenshot or the output will help to explain the process more thoroughly, include it, as it definitely cannot hurt.

You will not lose points for the possible typos, or grammar errors. Do not try to complicate the language in your reports, especially if English is not your native language. The important thing is to include the right commands, exploits, and explanations of the process and steps you have taken, not the grammar.

'''

Sorry for my English as it not my native language

Thank You

EDITED...............

i didn't send screenshot of ipconfig and ifconfig in some machine after pawn it
This is what they told me :'( anyway this is tip for anyone who gonna give oscp exam don't forget to take screenshot of IP-address by ifconfig(linux) ipconfig(Windows) after you pawn the machine and put it in you're exam report.

Tagged:

Comments

  • Did you use metsaploit more than once? Did you have tools that did it automatically for you? Can't really know...

    phase

  • The fact they have mentioned Documentation might mean that you were not thorough enough in detailing how you exploited each machine.

    They need to be able to replicate exactly what you did and get the same results. If they follow your exploitation process and don’t understand how you got to where you got, you will get marked down.

    Don't forget to +respect if I have helped you out at all.

    Happy Hacking!

    https://www.hackthebox.eu/home/users/profile/135164

  • oscp is pure bullshit, it's not transparent, we never know the points, why we failed etc...at school, you know why you failed and you can defend your work, with oscp it's totally arbitrary.

    peek

  • Seriously guys i don't know on what to say on behalf of OSCP.Although i cleared my OSCP but my documentation was rejected.I still regret a lot.It is very hard for me to retake another exam attempt being from a lower middle class family.
    Don't know what do they want from us?

  • @peek i agree.But the problem is that if you need a job in this domain,specially when you are not among those extraordinary pentesters ,you will surely need few certifications like OSCP.

  • Type your comment> @offsecin said:

    @peek i agree.But the problem is that if you need a job in this domain,specially when you are not among those extraordinary pentesters ,you will surely need few certifications like OSCP.

    yeah, recruiters...im wondering if bug bounties in a resume have more effect than a certification ?

    peek

  • @peak yeah, recruiters...im wondering if bug bounties in a resume have more effect than a certification ?

    That's for sure...but the problem is that bounty needs a lot more of skills set and practice in my opinion.

  • edited August 2019

    I don't think OSCP is "bullshit" at all. Clearly the people who are looking for Penetration Testers don't think so either. The number of OSCP's out there shows that the system obviously works the way they do it...without any changes or further explanations. Not to mention the people who get their OSCP and go BACK for another cert. Maybe the system isn't the problem. I just wanted to throw that out there. It's ok to hate me for it. No hard feelings.

    Hack The Box

  • Type your comment> @Phase said:

    Did you use metsaploit more than once? Did you have tools that did it automatically for you? Can't really know...

    no brother i didn't use metasploit at-all

  • edited August 2019

    Sounds like documentation problems dude, it needs to be step by step, super clear so it's repeatable, conclusions and recommendations also need to be solid and above all, everything has to be detailed, so full lab nmap results, same for exam network, plenty of screenshots showing steps etc...forget sleeping immediately after the exam :)

    Just noticed your edit, at least you know, good luck with the next shot !

    If I help you out, drop a respect, two clicks to say thanks, link below.

    https://www.hackthebox.eu/home/users/profile/121966

  • Type your comment> @peek said:

    at school, you know why you failed and you can defend your work, with oscp it's totally arbitrary.

    I disagree it's totally arbitrary. The rules and requirements are well stated. They give you report examples to use (I didn't), FAQs and a forum to consult for additional information.

    Having a tough exam is part of the reason the certification has value.


    OSCP | PMP

  • Type your comment> @sneakypanda said:

    Type your comment> @peek said:

    at school, you know why you failed and you can defend your work, with oscp it's totally arbitrary.

    I disagree it's totally arbitrary. The rules and requirements are well stated. They give you report examples to use (I didn't), FAQs and a forum to consult for additional information.

    Having a tough exam is part of the reason the certification has value.

    it's totally arbitrary, not transparent and you cant defend your work, which is against all democratic rules in all schools from primary to college. but yeah you're a fanboy. good for you.
    I dont even speak about the fact that they dont admit their errors, they dont want to change after critics, the bof is always the same since 2014 etc.

    peek

  • Completely noob question here - I am nearly ready to take my CEH however I now know that employers prefer me to have OSCP, is it better for me to go for OSCP or CEH.... or both?

  • edited August 2019

    I partially agree with @peek and also with @offsecin. @peek has some good points but as @offsecin said OSCP is valuable for finding a job as penetration tester nowadays.

    game0ver

  • Hey, How much points do they deduct if someone has submitted local.txt & proof.txt in control panel and added it in the screenshots as well, but screenshots are without ifconfig?

  • edited November 2019

    Man i can tell you being very sure that you are failed because of your documentation.The incident as of yours took place with the other guy i know.Now when he complained offensive security about it they reviwed their documents and replied that he was missing a single output screenshot in Buffer Overflow machine.Now as far as i could see i found no mistakes there.But now as i have earned my OSCP i can tell you few points regarding that
    . Provide each exploit you ran with their output.If that fits in a windows its ok otherwise you can continue with the next windows.
    2.Wherever you modify the original exploit highlight that and any script you used -any means any even a powershell based Nishang:provide the link of the resource from where you got that.
    3.As known each ipconfig/proof.txt/local.txt
    4.Their report must include their templates which they provide you.
    5.provide each Nmap screenshot and your methodology on how did you approached the target.

Sign In to comment.