OSCP Proctored Exam - Guide - Tips

Hey everyone!
I wanted to write a review like everyone else but I guess by now you all know what OSCP is and how long the exam is so I just decided to make a quick guide and some tips.

About Me
I’m just a guy who’s cyber security is my hobby, I didn’t major in any computer-related field such as Computer Science and what not.
I know the basics of most of the languages and that’s all, I don’t program my own tools…etc.

Before taking the exam I was your regular black hat hacker lol, I kept hacking here and there until I decided to go the professional path = OSCP.

Material and Lab
The material will guide you through the basics only, and not EVERYTHING the true learning is in the labs.

The PWK lab will prepare you for the exam, however, if you want some resources outside the labs you HAVE to do these machines:

  1. Vulnix
  2. Brainpan
  3. Metasploitable (all)
  4. Mr. Robot
  5. Kioptrix (all)

HTB Windows Machines:

  1. Optimum
  2. Tally
  3. Devel
  4. Active
  5. Jeeves (Priv Escalation Part Is Great)

I know there’s a lot of other boot2root machines you can try, but those are my recommendations.

Exam

You have to connect both your webcam and ScreenConnect software before the exam in 15 minutes so the proctor can finish verifying your identity and some other stuff.

It’s okay to use an external machine for your webcam feed, for me I used my laptop for the webcam and the ScreenConnect on my working PC.

Be relaxed, the exam is for 23 hours and 45 mins, you have time.

for me I didn’t sleep, I just stayed up, finished in 12 hours then started writing my report.

Exam Report
You have to submit your whole walkthrough as a professional report, they have a report template available for you, use the latest one.

Make sure you include tons of screenshots for every command and output, that’s what I did my report ended being around 50 pages so it’s okay to include tons of screenshots.

You can read their exam guide here:

https://support.offensive-security.com/oscp-exam-guide/

They will fail you for the file format submitted and for the screenshot of the local.txt and proof.txt along with whoami/ipconfig/ifconfig so make SURE you don’t miss that.

Tips

  • Get yourself comfortable with windows, I know most of us know exactly how to enumerate a Linux system but do you know windows?
  • Check all the ways you can get a higher privilege other than just spamming kernel exploits (I didn't use a single kernel exploit in MY exam)
  • Enumeration is the key
  • if you have 2 vulnerabilities maybe you need to chain them???? Think out of the box.
  • If you're trying the same thing over and over again, you're in a rabbit hole, GET OUT.

Hope it was kinda informative for you guys, if you have any questions I’m happy to answer without spoiling anything of course.

Thank you!

Thank you so much for the tips! I will start my course next week. After those machines you mentioned here, do you recommend something beyond? Like a book or something like that?

Type your comment> @R3S3T said:

Thank you so much for the tips! I will start my course next week. After those machines you mentioned here, do you recommend something beyond? Like a book or something like that?

You’re welcome!

I never read a book to be honest, just do as much as you can in the PWK labs try to own as much as you can!

it will teach you a lot, trust me!

for me, I only watched a few of the materials videos and then just jumped in the labs immediately.

hey guys i have signed up for OSCP ,now its my third day of OSCP lab.These tips will help me for sure .

Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.

Type your comment> @emmycat said:

Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.

From my experience, the PWK has everything you’ll need to pass the exam. I recommend trying to root as many lab machines as possible before taking the exam. In my opinion, what the OSCP is testing for is not testing your ability to conduct a Penetration Test. If you’re taking the exam, Offensive Security expects you to have gone through the course and learned its concepts. What the OSCP is really testing, is the efficiency in your Penetration Testing methodology. Hence the 24 hour-24 hour format. My advice to those taking the PWK course, is create a standard outline of the steps you will take when conducting a Pen Test. As you move through the course and the labs, continue to refine and improve it. Find a note-taking app of your preference, and for each machine you try to root, create boot2root writeups for each. It’ll be slow going at first, but slog through it. It’ll be worth it in the long run. Best of luck.

Type your comment> @emmycat said:

Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.

Best of luck with the course!

It will throw a lot of stuff you should’ve learned in the labs, not the material so make sure you finish most of the public machines if not all.

Make sure you’re comfortable enumerating different ports.

I found port 2049 that’s nfs, let’s check for available mounts, oh SMB on can I list the shares? Port 80 let’s run dirb and nikto and do some manual scanning while that finish.

Found a web app/service name/version? Just throw it at exploit-db.com or searchsploit

Exploit not working? Don’t give up yet, is there something wrong with the code?

The labs will push you really hard, make sure you don’t go to the offsec forums for hints, you’ll ruin the experience even though they never give a really obvious hint.

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

Type your comment> @emaragkos said:

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

The exam breakdown is as follows:
You have access to a total of 6 servers
2 boxes are worth 25 pt each
2 boxes are worth 20 pt each
1 box is worth 10 pt

The extra server you have access to, you are given credentials to and is used for debugging purposes for the Buffer Overflow box.

Minimum score to pass is 75 pts. How you get to 75 pts, is up to you.

Type your comment> @emaragkos said:

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

Exactly like what @Boomstick said, you have to at least own 4 out of 5 to pass the test, idk if you own 3 (root) and 2 (local) will suffice though.

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

Thanks this helps! Got my lab scheduled to start July 20. Cant wait!

Type your comment> @emaragkos said:

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

  1. Nope
  2. It’s 50/50 chance on the OS of each server
  3. Nope, each server is a standalone. At least that was my experience.
  4. I would say more like real-life. There isn’t any steganography or some bizarre cryptographic message you have to decode.
  5. Either, sometimes both.

Best of luck!

frolic, conceal

Type your comment> @emaragkos said:

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

No, each exam rotation is different they’re a mix between windows and linux.

They are not correlated, each machine has its own way in.

They are more real life focused!

Common CVEs

https://support.offensive-security.com/oscp-exam-guide/

“You must achieve a minimum score of 70 points to pass the exam”

…not 75

honestly, we should design an HTB certification, as I spoke with a mate, I would rather hire someone who did Endgame than oscp.

Thanks for the info! I just finished eJPT and am taking in OSCP next.

Type your comment> @hvalmas said:

https://support.offensive-security.com/oscp-exam-guide/

“You must achieve a minimum score of 70 points to pass the exam”

…not 75

yup

Type your comment> @AgentSmith said:

Thanks for the info! I just finished eJPT and am taking in OSCP next.

@AgentSmith said:
Thanks for the info! I just finished eJPT and am taking in OSCP next.

Best of luck @AgentSmith