OSCP

Can someone who has completed the OSCP exam please PM.

strange request :wink:

Maybe state your question here?

@KnickLighter said:
Maybe state your question here?

+1

I need to ask a few questions about BOF in general. For some reasons I have never heard of someone not being able to get the BOF in the exam but I could not get it when I did the exam.

So on the debugging PC my BOF worked but not on the actual exam box.

I tried:

  1. Using different reverse shells
  2. Different encoding
  3. push esp instead of jmp esp

So what I wanted is for someone to point me to a guide that could help. I have done the SLmail BOF more than 6 times already with no problems. So is there a encoder I should look at other than msfvenom for BOF or am I missing something stupid?

Please don’t “over share” as I don’t want to lose the cert before I even get it xD

I will be doing the exam on Monday and this will be my second time.

Everything I just share about the exam is already public knowledge.

Just in case someone freaks out…

ok, bo can be pain in the ***

Also this is only for BOF in general so guides and examples are what I am after.

Have you ever seen this?

Yes I have… I can do that one with my eye closed by now… That is why I am so confused when it comes to the exam BOF

BO in exam is almost identical to BO in pdf, there was a student tho in oscp forums who said the BO worked on debug machine during exam and not on actual machine tho so maybe contact offsec admin they may be able to help you out :slight_smile:

Speaking of OSCP, can anyone comment on whether the OSCP is actually easier than HTB? Someone told me that was the case and now I’m feeling dumb for not using my attempt when I had the chance, fearing I wasn’t ready.

Yes. Even I hear that 30 points machines are equal to the OSCP machines.

OSCP exam is hard & demoralizing if you fail, but the ‘hard’ machines in oscp (pain, sufferance, humble, gh0st) imo are far easier than some of the machines on htb

@wirepigeon said:
OSCP exam is hard & demoralizing if you fail, but the ‘hard’ machines in oscp (pain, sufferance, humble, gh0st) imo are far easier than some of the machines on htb

I think the main issue on this exam is time… It’s hard to manage this. It is far from the confort on HTB where, yes, you want to make it the most quickly as you can, but no matter if it take 2-3 hours or more to succeed on one machine. Here you have several machine, limited times and you have to manage stress and the fact that the more time you spent the more you ll be tired and less focus…

I concur the time constraint can rek you mentally

you cannot compare OSCP with HTB
HTB is much more difficult than OSCP if you have done all the machines in HTB or if you are one of the active member from last 1 year you can easily do OSCP in fact earlier many machines were similar like OSCP.

OSCP will help you to increase your thinking power you don’t have to craft any exploit on your own but you should be able to modify it.

Lab machines are not that tough but exam machines are difficult with limited time constrain

@DeepinX said:
I need to ask a few questions about BOF in general. For some reasons I have never heard of someone not being able to get the BOF in the exam but I could not get it when I did the exam.
So what I wanted is for someone to point me to a guide that could help. I have done the SLmail BOF more than 6 times already with no problems. So is there a encoder I should look at other than msfvenom for BOF or am I missing something stupid?

Please don’t “over share” as I don’t want to lose the cert before I even get it xD

I will be doing the exam on Monday and this will be my second time.

If you follow the PDF, you should be good. Keep the following process;

  • Finding buffer length, make sure you can overflow EIP
  • Finding badcharacters is important, you’ll have to do this for the BO
  • Use an appropriate amount of NOPs
  • Try first with calc.exe instead of a (reverse) shell

I’ve spent a lot of time on the BO during my OSCP exam. At the end I decided to RTFM and noticed I forgot the NOPs. After a facepalm and including some \x90’s, it worked flawless.

Other subject “HTB” is harder than “OSCP” - In my opinion, overall the machines on HTB require some more digging than the average OSCP machine. I find both environments challenging and most of all: a lot of fun!

Don’t forget about badchars! Test for badchars as described in the course PDF. It’s simple.

@b1narygl1tch said:
Don’t forget about badchars! Test for badchars as described in the course PDF. It’s simple.

+1