Offensive Security OSCP Logo

Disclaimer

I failed my second OSCP exam attempt. This is more just a post detailing my new experiences the second time around. Additionally, I’ll be adding to the take-aways from my first attempt.

Introduction

A month after failing my first exam attempt with 55 points, I was determined to try again. I had planned out my method for attacking the exam the second go around. I had also tried to work on various areas that I felt I was weak during my first exam.

Practicing More via HackTheBox

I had purchased a year subscription to HackTheBox and looked up all of the hosts that were OSCP like:

HackTheBox OSCP Like Hosts

Acquiring Additional Useful Tools

After failing my first exam, I went about trying to find some other tools that would automate tasks I would normally perform or help with time management.

  • Performing LFI Fuzzing
  • Pretty Tmux / Tmux Logging
  • Video Recording
  • Time Tracking Software (Just something I wanteed)
  • Mind Mapping Sofware
OBS Studio
Toggl Time Tracking
FreeMind Mind Mapping

Game Day….Again

The exam was scheduled for Saturday, April 6th, 2019 at 1pm local time.

  • 25 point behemoth riddled with rabbit holes
  • 2 x 20 point machines
  • 10 point machine

Lab & Exam Writeup

Due to not acquiring the necessary 65 ponts ( and hoping my notes would bring me to 70) or flat out acquiring 70 points I did not bother creating a report again.

Take-Away

Feel free to review my take-away from the first attempt. Again those can be found here: https://medium.com/@falconspy/oscp-exam-attempt-1-1893df5a0a00 towards the bottom

  1. Get some sleep. Everyone works well after a fairly decent rest. At least 4 to 5 hours minimum I feel. To each and everyone’s own though
  2. Do not rely heavily on scripts like Linux PrivEsc Checker and Windiws PrivEsc Checker. They will not work on the exam hosts or provide substantial exploits for priv esc.
  3. I need to work on my weak areas revolving around Privilege Escalation and finding misconfigurations in systems. (Reinforces #3)
  4. If you find a guide that fits what you need to do, tweak it so it fits your needs. Do not immediately dismiss it saying this won’t work. Make sure it does not work before moving on.