On August 21st I attempted the OSCP exam for a second time. Once again I failed. I got full privileges on 4/5 boxes, I had around 10 more hours to try and get the 5th box. But I was exhausted and decided to call it a night and went to sleep.
The day before the exam I was nervous but I felt way more confident than last time. This confidence likely came from the fact that I had already attempted the exam once. I am going to be honest, I am exhausted of this exam and am ready to be done with it or give up. But I don't give up, I mean what is the point in trying in the first place if you care so little that you would give up. Anyways, the night before the exam I fell asleep at around 01:00. Then woke up at 03:30 and couldn't fall back asleep, so I stayed awake until I started my exam at 11:00. Before the exam I had my OSCP machine all setup with a directory for each box and a report directory for each machine I would be attacking. When I began the exam I started about 15 minutes in because I read the requirements one last time. I began breaking into the first machine. I started out very strong and in about 30 minutes I had one box done. Then 30 minutes later I had a second box down. I now had 35 points in a about an hours and 45 minutes. Next I went after a 20 point box that kind of stumped me, but after taking a break and coming back to my computer I saw what I needed to do right away. Boom, 3 boxes down in under 6 hours. Now I had 2 boxes left and 55 points. The last box took me what felt like ages, but eventually I blasted it into the ground. At this point I now had a passing score of 80 points. I was also exhausted and decided to call it a night.
Next up the report writing. I began my report by explaining how I pwnd each box. Each explanation included a high-level summary and a detailed summary. Next I took a look at the sample report which you can find here. I began making my report look close to the one they provided. I included all of my flags and vulnerability summaries for each box. I had enough screenshots etc. I cleaned it up a bit and to my understanding had met all the requirements.
Waiting to hear if I passed or not was extremely stressful. I even left every tab open on my computers just in case they needed more proof or another screenshot or something. After a day and a morning I finally recieved my email telling me I had failed and did not meet their requirements.
Thoughts On Failing
After receiving the news that I had failed I was extremely let down. In my head I'm thinking "seriously?! all that for nothing?" and all of the negative thoughts and dark demon monsters of oblivion filled my head. However, I eventually found my footing again. And once again asking myself "Why am I taking this certification exam? What did I learn? What good came from this new failure?".
Thinking to myself, I answered my questions. Why am I taking this exam? I am taking this exam to further my knowledge of computer security and pentesting, as well as to help assist me in getting my first job. What good came from this failure? Good coming from failure? Ha! what do you mean Pinky?! I am in some ways grateful for failing a second time. This teaches me to try even harder in my future endeavors. Also some of the exam boxes were awesome and can change your perception on attacking a machine. Also from my first exam attempt to this one, I feel like I have greatly improved in my approach to attacking a machine. I have gained once again, priceless knowledge. The last question to myself. What did I learn?
What I Learned
- New ways to look at a machine when attacking it
- That being 100% thorough will mostly end up in success when attacking a machine
- Read every exploit always, even if you think you know how it works already
- Stay calm when enumerating a machine, or you may miss something really simple
It is extremely disappointing to fail twice. To be 100% honest I do not know why I failed, I wish Offensive Security told me why but it is what it is. But I have a goal, and I will achieve it. I also learned a lot more about myself and security. Also thanks to all the people cheering me on thanks umani. Now for some rest and more training.