I expected to fail my first OSCP attempt, but I didn’t expect such a fiasco. Before I had even begun the test, I nearly had to forfeit due to technical difficulties. Worse, I was working with an incomplete and unfamiliar environment. After finishing the buffer overflow, I couldn’t make heads or tails of any of the other target systems, thanks to the compounded stress of the entire situation. In short… I was humbled.
But I was not defeated. Merely delayed.
Let me run through my experience in a little more detail.
My test was supposed to begin at 11am, with the first 15 minutes spent connecting and configuring the screen-sharing and webcam-monitoring software Offensive Security uses for proctoring the tests. I had everything ready to go, all my notes sorted and in order, my methodology written down, my custom tools prepared and my virtual machine configured just the way I liked it. I was on my mark and ready to go. But then the screen-sharing software wouldn’t work. I couldn’t figure out why… It had worked when I tested it before. I contacted OffSec and they told me that if I couldn’t get it fixed, I’d have to forfeit the test. They extended my time by an hour to give me a chance to fix the issue.
I tried uninstalling and reinstalling all the requisite software, but nothing worked. Running out of time, I realized I would have to reinstall my OS, and I wouldn’t have time to back up any of my data. Fortunately, most of it lives in the cloud and in various Git repositories, but my custom-tailored VMs and my nice host-system setup would be lost. I tossed Ubuntu on a USB stick, reinstalled my OS, and finally got connected to the OSCP exam network with only 10 minutes to spare. I would be able to continue my test, but I would be working with an unfamiliar OS (I was used to Linux Mint), and I would have to re-download the custom-tailored Kali VM designed by OffSec for the OSCP exam. I also had to reinstall and reconfigure my documentation software, my Git repositories, etc. And my encrypted second hard drive, upon which a generous portion of my notes and resources were kept? I didn’t know how to decrypt it in Ubuntu. (Probably fairly easy, but I was flustered.) So I took the test with a sterile Kali VM on an unfamiliar OS, entirely frustrated by the entire situation.
All of this aside… I actually did quite well on the Buffer Overflow part of the test. I’ve discovered that I quite enjoy exploit development, so tackling this challenge was quite simple. I’m proud of what I’ve learned in that aspect.
The rest of the test, however, was an embarrassment. I knew what software I was supposed to target for my initial entry into each system. I could tell, with some certainty, what kind of approach each vulnerability required. But for the life of me, I couldn’t get anything to work.
It is painfully apparent that my “practice exam” was in no way a reflection of the actual test. However, despite this setback, I can recognize an observable improvement in my pentesting skills since the start of this adventure, and I expect that another couple months in the PWK and HTB labs will help me grow even further.
To that end, I had to send a bunch of emails to OffSec and jump through a couple hoops in order to be able to purchase additional lab time. They wanted me to specifically state that I knew I had failed the attempt and that I would not be submitting my exam report. With that complete, they sent me a link to the store so I could make the purchase. So, after wrapping up some long-neglected (and unrelated) business, I’ll be returning to the labs for my second round.
I am determined to grow my skills and practice until I am finally able to pass the OSCP. The sooner the better, of course, but I don’t want to rush my education. And this time, I’ll made sure to double-check that the screen-sharing and webcam-sharing software works before the exam begins.
Anyway, stay tuned for more exploit development tutorials (which will be delayed slightly because the VMs I was using for the tutorial got wiped at the start of the OSCP attempt). I might actually re-structure the tutorials so that I can demonstrate a fairly simple exploit first, then follow it up with a more challenging example. We’ll see how it goes!