Pentesting
How to fail OSCP
Background
I first started my OSCP journey back in August 2021, and I recently took my exam in March 2022. I was able to root 3/6 of the boxes and got 60/100 points and ultimately failed to get past the AD component of the exam.
As I consider myself to be pretty new in the cyber security field, this article would be mainly about my experience in the PWK course and my reflection on my 6 month-long journey.
Pre-PWK
I'm currently waiting to enter university looking to study Computer Science.
Prior to starting OSCP, I had about a year of experience in cyber and only really started red team stuff when I first discovered TryHackMe. It is around that time when I was introduced to CTFs by a senior that I truly started getting serious about learning red team concepts.
PWK Course
While I took a really long time to get root on my first machine of the OSCP labs learning path, I definitely learned a lot and developed a habit for note-taking. Note-taking is honestly one of the most important skills to develop first as it will save you TONS of time when backtracking and writing the report for the machine.
As I was completing the machines in the PWK labs, I felt that the labs had too many rabbit holes and were time-consuming to fully enumerate the machine. Furthermore, some of the machines are 'chained' machines which meant that you had to check the forums or ask in the discord if the machine is a chained machine.
Ultimately, after finishing about 6 of the machines in the PWK labs, I moved on the PG Practice boxes like many people online who have passed OSCP suggested.
PG Practice
For 19 USD a month, I felt that the machines there was very high quality with a few exceptions. Those boxes generally honed my pentesting methodology which was quite important to not get stuck inside rabbit holes. I enjoyed my time spent doing the PG practice boxes and I highly recommend it to anyone looking into red team even if you aren't taking the OSCP.
Sudden Changes
Halfway through my preparation, in about the November-December period, offsec suddenly announced the changes to the OSCP exam which would include Active Directory(AD) machines in the future.
This caught me off guard as many people online have said that AD would not be tested in the exam and as such, I had then decided to focus more on the Linux and Windows machines.
I however had no choice but to practice AD on the TryHackMe platform and the few AD machines available in PG Practice.
Although I felt that the AD machines on TryHackMe and PG Practice were manageable, I had no idea what to expect in the actual exam since my lab duration had already long expired.
The exam
In March 2022, I decided to take the exam as I felt like I had prepared enough to be able to take the exam. The only part where I lacked confidence was the AD component. Since I did not do the lab exercises and the lab report, I NEEDED to get the full exploit chain for the AD component of the exam which included 1 Domain Controller and 2 Machines part of the domain.
In the first 5 hours, I tried focusing on the AD component but I only managed to gain a low privilege shell on one of the machines in the domain. I then went for a quick lunch and came back to focus on the other 3 standalone machines.
The standalone machines were what I expected with my practice in PG Practice. I was able to get a high privilege user account on the 3 machines in about 8 hours.
However, the problem of not fully exploiting the AD chain persisted. And I was hard stuck 9 in the AD environment for the next 8 hours. I eventually gave up when I only had 3 hours left in the exam.
In the end, I also gave up on writing the report as I already knew it was impossible to pass even with a well-written report.
Post exam reflections
The AD component that I had practiced in TryHackMe and PG Practice was completely different from the AD in the exam. From reading other people passing the new exam, it seems that the AD in the exam is very similar to the AD machines in the PWK labs.
I would highly recommend you to focus on the AD machines in the PWK labs for practice on pentesting AD.
As for the standalone machines in the exam, I feel that community-rated medium to very hard boxes in PG Practice is good practice in preparation for the machines in the exam.
Would I retake OSCP?
The short answer is...no. While I feel that if I extended my lab and bought another exam attempt, I would be able to pass. However, the cost of it is simply too high for me. To be honest, I feel like I have really learned a lot in the past few months and am ready to move on to another part in the cybersecurity field. Maybe in the future when I become interested in red teaming again, I may give the OSCP exam another shot. But as of right now, I'm ready to close this chapter of my life and move on.
If you've read this far, thanks for your time. As a bonus, below are some of the writeups I have done in my OSCP journey. Enjoy the process!
Practice for standalone Windows and Linux machines.
Proving Grounds Practice |
---|
Practice for Buffer Overflow.
Buffer Overflow Practice |
---|
Practice for AD component.
Active Directory Practice |
---|
Last updated