OSCP Proctored Exam - Guide - Tips

Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.

Type your comment> @emmycat said:

Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.

From my experience, the PWK has everything you’ll need to pass the exam. I recommend trying to root as many lab machines as possible before taking the exam. In my opinion, what the OSCP is testing for is not testing your ability to conduct a Penetration Test. If you’re taking the exam, Offensive Security expects you to have gone through the course and learned its concepts. What the OSCP is really testing, is the efficiency in your Penetration Testing methodology. Hence the 24 hour-24 hour format. My advice to those taking the PWK course, is create a standard outline of the steps you will take when conducting a Pen Test. As you move through the course and the labs, continue to refine and improve it. Find a note-taking app of your preference, and for each machine you try to root, create boot2root writeups for each. It’ll be slow going at first, but slog through it. It’ll be worth it in the long run. Best of luck.

Type your comment> @emmycat said:

Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.

Best of luck with the course!

It will throw a lot of stuff you should’ve learned in the labs, not the material so make sure you finish most of the public machines if not all.

Make sure you’re comfortable enumerating different ports.

I found port 2049 that’s nfs, let’s check for available mounts, oh SMB on can I list the shares? Port 80 let’s run dirb and nikto and do some manual scanning while that finish.

Found a web app/service name/version? Just throw it at exploit-db.com or searchsploit

Exploit not working? Don’t give up yet, is there something wrong with the code?

The labs will push you really hard, make sure you don’t go to the offsec forums for hints, you’ll ruin the experience even though they never give a really obvious hint.

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

Type your comment> @emaragkos said:

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

The exam breakdown is as follows:
You have access to a total of 6 servers
2 boxes are worth 25 pt each
2 boxes are worth 20 pt each
1 box is worth 10 pt

The extra server you have access to, you are given credentials to and is used for debugging purposes for the Buffer Overflow box.

Minimum score to pass is 75 pts. How you get to 75 pts, is up to you.

Type your comment> @emaragkos said:

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

Exactly like what @Boomstick said, you have to at least own 4 out of 5 to pass the test, idk if you own 3 (root) and 2 (local) will suffice though.

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

Thanks this helps! Got my lab scheduled to start July 20. Cant wait!

Type your comment> @emaragkos said:

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

  1. Nope
  2. It’s 50/50 chance on the OS of each server
  3. Nope, each server is a standalone. At least that was my experience.
  4. I would say more like real-life. There isn’t any steganography or some bizarre cryptographic message you have to decode.
  5. Either, sometimes both.

Best of luck!

frolic, conceal

Type your comment> @emaragkos said:

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

No, each exam rotation is different they’re a mix between windows and linux.

They are not correlated, each machine has its own way in.

They are more real life focused!

Common CVEs

https://support.offensive-security.com/oscp-exam-guide/

“You must achieve a minimum score of 70 points to pass the exam”

…not 75

honestly, we should design an HTB certification, as I spoke with a mate, I would rather hire someone who did Endgame than oscp.

Thanks for the info! I just finished eJPT and am taking in OSCP next.

Type your comment> @hvalmas said:

https://support.offensive-security.com/oscp-exam-guide/

“You must achieve a minimum score of 70 points to pass the exam”

…not 75

yup

Type your comment> @AgentSmith said:

Thanks for the info! I just finished eJPT and am taking in OSCP next.

@AgentSmith said:
Thanks for the info! I just finished eJPT and am taking in OSCP next.

Best of luck @AgentSmith

What screen shot tool did u use? I am working out of Kali, was wondering what tool could be used on the Linux side.

Hey, How much points they deduct if someone has submitted local.txt and proof.txt in control panel and also in the exam report, but forgot to add ifconfig command? do they deduct complete 20 points or do they just deduct 5,5 for each ( mean for local and proof)?

Well I guess you may end up with 0 Points if they have a bad day if you read this: https://support.offensive-security.com/oscp-exam-guide/

Point Disqualification:

“Failure to provide the local.txt and proof.txt file contents in both the control panel and in a screenshot”

I guess it kinda depends if OffSec has a good day

Another question,

To what extent do we need to use programming skills here to modify exploits ? Do you recommend we take Python courses or Python for hacking sort of courses ? And what languages should we know

Also, is it true that the exploits are pretty obvious and it’s just a matter of using them correctly or modifying them if need be? This is putting aside falling into rabbit holes