Being generous of nature, I thought I’d share how to stuff up the exam of Offensive Security 101 course. All the blog postings I’ve found on the exam is how they succeed. Well this is a bit different. I managed to get a remarkable poor result which I can attribute to the following:
- Not being prepared to spend the full 24 hours to complete the exam
- Not having the right mind set to work through processes and think like an attacker
- Not documenting fully and double checking and confirming results
- Not taking a fresh air breaks
- Not having enough experience
- Quite possibly being a whiner
For mere mortals, like myself, that don’t spend time looking for applications and systems to attack, the simple frustration of working through each service to find a hole to get a foot hold is “interesting”*.
*Insert swear words of choice
When attacking a system, the process is simple:
- Find a live IP address
- Discover the services on the IP address
-
Search for vulnerabilities for that service
After that successful discovery process, I developed this totally unsuccessful process steps:
- Ignore the blinding obvious results from your own scans
- Spend ages Googling and finding nothing that really fits
- Grasp at straws and download anything that had the service name in it or sounds vaguely like it.
- Try to adapt code that mostly wasn’t going to work, while not understanding how the author was attempting to do it in the first place
- Watch the poorly complied code fail to do anything and wonder why I didn’t have a root shell prompt
- Stare into space for long periods
- Muttering to myself
- Contemplate a career in herding mice with elephants, blowing stuff up or becoming a reality-tv star
- Come up with something equally unlikely to work
- Back to step 1
After a number of hours of going through this process it’s somewhat disheartening, especially when you seem to get zip-all back. Letting all that frustration build up and not taking time to have a break is how to fail the exam. Simple 
The exam –a post mortem
While reviewing of what went wrong during the exam, a friend commented that I should be used to dealing with similar frustrations as a sys admin. My response was without experience of the methods to get a foot hole, you effectively end up throwing mud at the target and see what sticks. As a Sys Admin, that’s usually the last resort, which you should never do with production systems.
As a great example of this, I was oddly very hesitant to run things that I didn’t really understand that could break it. I struggled to get the simple statement the lab machine are there to be broken. It was weird, I build hundreds of machines each year with the purpose of testing – and invariably breaking them , so why was this different?
It wasn’t different, it was a failure of adjusting my mindset to fit the situation and letting implied pressure of the exam get to me. I’d read other blogs about how people struggled and let their stories compound the “this is going to be really hard” mindset. I hit a wall at a certain point and refused to attempt to climb it.
That’s when I failed.
I honestly though “Well I’m crap at this, let’s never bother with penetration testing again and I’ll stick with my day job.”
Take Two
This where friends, time and a good night’s sleep make the world of difference.
The few days after the failing the exam I gathered up all my notes and records, review them and cleared them up in to an ordered fashion. I realised I had a huge amount of information I hadn’t applied, taken in to account or even tried. With some, okay – a lot, encouragement from friends the exam re-booked.I had twenty days to get back on the program. I did some serious reading and re-practicing of some of the lessons, while attacking home built systems.
My second exam try was a very different experience. I went in with goals and enforced break times. My notes and thoughts were well detailed and ordered. I review my notes and findings after each break, which helped keep a clear perspective of what I was doing and what I’d tried. This time round I completed the exam in 8 hours, successfully getting all the targets in that time. I still made some stupid mistakes, but being able to review my notes I corrected my mistakes after taking a break or two. The only real mistake I didn’t correct was burning the same pot twice while attempting to cook pasta during food breaks. Oops.
Lessons Learnt
Failing the exam was actually a great lesson in itself and worth the 12 hours I spend feeling sorry for myself , staring at “impossible” targets to hack during the first exam. I knew the targets could be hacked, but by putting them in the” too hard bucket” I wasn’t giving myself a fair chance.
Top three tips
Study with someone else, great to bounce ideas off and helps get a better understanding of questions and topics.
Lurk in the IRC chat room and troll through the forums, there’s great gems in there.
Remember to review your findings and double check your findings. It’s all too easy to make simple mistakes and get dishearten despite having the right freakin’ answer all along.
Thanks Damian and Ash for your encouragement and having to put up with my whining/rants.
hahah .. I spent the whole 24 hours of the first exam and came up with the better part of nothing! We were both very undercooked going into that exam, and those last few weeks is where it all came together I believe.
All I’ll say is that this is a massive body of work, and my head still hurts from it, but this has been the best course/exam I have done to date.
It was awesome doing it with you Chris, now lets smash this WiFu one and move onto CTP!
Pingback: security.crudtastic.com » Blog Archive » OSCP – Offensive Security Pentesting with BackTrack Exam
I will be taking this exam this month thanks for sharing your experience. I am not sure if I will ever feel prepared for this exam.
later
Hello 7son7son,
Annoyingly enough, as long as you’ve worked through the labs, had a good go at the extra mile challenges and feel you understand and can apply the skills learnt from the training videos and pdf; you can pass the exam.
The exam test the ability to put those skills together use them creatively while under a time pressure.
One of the biggest mistakes I made was believing the hype of how hard this was going to be and got locked in to a tunnel vision mode of thinking. If I’d gone into it with an open mind (and re-read my notes) I feel I would have done much better the first time.
Good luck and don’t forget to log in the the IRC channel – the folks in there are really supportive and that does make a difference during the exam.
I found the time constraint to be the biggest hurdle, as I had gotten a 5-hour late start. I work pretty well without a schedule, so I just pummeled through until I couldn’t see straight, took a 2 1/2 hour nap and then continued until the time ran out.
I agree that the class material gives you all of the “tools” (i.e. skills) to be successful on the test and that it’s the creative application of those skills/tools that allow you to succeed. I was sure I failed my first time, but got a nice “present” on Christmas Eve in the form of an email saying that I had passed – so hang in and Good luck!
Chris,
I love your review! I am scheduled to take the live class in April and I will heed your advice when I opt to take the exam. From everything I can find online this is THE pen testing course. Of course BT has been a staple for hackers since it was … if I remember correctly Whoppix and knoppix (sp?)
Thanks for your candor and reminder to breath, and believe in yourself.
Success to you and yours.
Hi,
I’ve passed the OSCP exam recently, and I really want to thank you for your greatest OSCP exam encouragement post you have here. I read lots of exam reviews before I took the exam, but no one talked about the way you did. Its 100% unique
Thanks again Chris, and wish you good luck on your InfoSec career.
Thanks, great write-up. Open, honest. I’m feeling the same.