OSCP Proctored Exam - Guide - Tips

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

Type your comment> @emaragkos said:

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

The exam breakdown is as follows:
You have access to a total of 6 servers
2 boxes are worth 25 pt each
2 boxes are worth 20 pt each
1 box is worth 10 pt

The extra server you have access to, you are given credentials to and is used for debugging purposes for the Buffer Overflow box.

Minimum score to pass is 75 pts. How you get to 75 pts, is up to you.

Type your comment> @emaragkos said:

Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?

Thanks :slight_smile:

Exactly like what @Boomstick said, you have to at least own 4 out of 5 to pass the test, idk if you own 3 (root) and 2 (local) will suffice though.

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

Thanks this helps! Got my lab scheduled to start July 20. Cant wait!

Type your comment> @emaragkos said:

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

  1. Nope
  2. It’s 50/50 chance on the OS of each server
  3. Nope, each server is a standalone. At least that was my experience.
  4. I would say more like real-life. There isn’t any steganography or some bizarre cryptographic message you have to decode.
  5. Either, sometimes both.

Best of luck!

frolic, conceal

Type your comment> @emaragkos said:

Thanks for the answers! A few more now haha :slight_smile:
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?

No, each exam rotation is different they’re a mix between windows and linux.

They are not correlated, each machine has its own way in.

They are more real life focused!

Common CVEs

https://support.offensive-security.com/oscp-exam-guide/

“You must achieve a minimum score of 70 points to pass the exam”

…not 75

honestly, we should design an HTB certification, as I spoke with a mate, I would rather hire someone who did Endgame than oscp.

Thanks for the info! I just finished eJPT and am taking in OSCP next.

Type your comment> @hvalmas said:

https://support.offensive-security.com/oscp-exam-guide/

“You must achieve a minimum score of 70 points to pass the exam”

…not 75

yup

Type your comment> @AgentSmith said:

Thanks for the info! I just finished eJPT and am taking in OSCP next.

@AgentSmith said:
Thanks for the info! I just finished eJPT and am taking in OSCP next.

Best of luck @AgentSmith

What screen shot tool did u use? I am working out of Kali, was wondering what tool could be used on the Linux side.

Hey, How much points they deduct if someone has submitted local.txt and proof.txt in control panel and also in the exam report, but forgot to add ifconfig command? do they deduct complete 20 points or do they just deduct 5,5 for each ( mean for local and proof)?

Well I guess you may end up with 0 Points if they have a bad day if you read this: https://support.offensive-security.com/oscp-exam-guide/

Point Disqualification:

“Failure to provide the local.txt and proof.txt file contents in both the control panel and in a screenshot”

I guess it kinda depends if OffSec has a good day

Another question,

To what extent do we need to use programming skills here to modify exploits ? Do you recommend we take Python courses or Python for hacking sort of courses ? And what languages should we know

Also, is it true that the exploits are pretty obvious and it’s just a matter of using them correctly or modifying them if need be? This is putting aside falling into rabbit holes

Type your comment> @peek said:

honestly, we should design an HTB certification, as I spoke with a mate, I would rather hire someone who did Endgame than oscp.

If that’s the case then hire away my good sir, I’ll be waiting… ?

Quick question someone might know the answer to. In the new exam can you still you a laptop for the webcam and then run the screen capture software on your exam machine?

I’m concerned about running it all on my exam machine abs having it crash.

Type your comment> @sgniner said:

Quick question someone might know the answer to. In the new exam can you still you a laptop for the webcam and then run the screen capture software on your exam machine?

I’m concerned about running it all on my exam machine abs having it crash.

I used my laptop for the webcam feed and my pc to do the exam. Yeah you can do it.