OffSec OSCP+ Exam with AD Preparation

  • Updated
Follow

This article provides insights into the OffSec OSCP certification exam with AD preparation. This covers the following:

 

OSCP Exam Structure

POINTS NUMBER OF MACHINES NOTES
60 points 3 independent targets

- 2-step targets (low and high privileges)

- 20 points per machine

  • 10 points for low-privilege
  • 10 points for privilege escalation
40 points

2 clients

1 domain controller
40 points
2 clients
1 domain controller
10 points for client #1
10 points for client #2
20 points for domain controller #3

 

Domain Weight (%)
Identifying Vulnerabilities 12
Exploiting Systems 11
Escalating Privileges 18
Active Directory 26
Documenting Findings 33

Approaching the Exam

Exam Structure

  • 3 stand-alone machines (60 points in total)
    • 20 points per machine
      • 10 points for initial access
      • 10 points for privilege escalation
  • 1 Active Directory (AD) set containing 3 machines (40 points in total)
    • For the Active Directory exam set, learners will be provided with a username and password, simulating a breach scenario.
    • 10 points for machine #1
    • 10 points for machine #2
    • 20 points for machine #3
  • Possible scenarios to pass the exam (70/100 to pass)
    • 40 points AD + 3 local.txt flags (70 points)
    • 40 points AD + 2 local.txt flags + 1 proof.txt flag (70 points)
    • 20 points AD + 3 local.txt flags + 2 proof.txt flag (70 points)
    • 10 points AD + 3 fully completed stand-alone machines (70 points)

OSCP+ Exam Preparation

Study Approach

Go over the course materials for each module

  • Read the modules and watch the videos

  • Hands-on Practice with the course lessons with your module labs

  • Take notes!

Complete exercises for each module

  • Complete Module Labs

  • Complete the Capstone labs

Start exploiting labs!

  • Exploit lab challenges

  • Simulate a practice exam

Course Materials & Labs

  • The course materials and module labs are not a waste of time! 
    • Builds a solid understanding of the fundamental concepts and techniques.
  • The Challenges Lab
    • Allows you to directly observe attacks on your machine.
    • Gives you a user/admin perspective to better understand the target.
    • The Windows Client and Server are a mini-AD environment.
    • Accurately simulate the exam conditions and ideal practice for the exam.
  • Topic labs are great for practicing.
     
    • Complete the Module and Capstone Labs.

Start Exploiting the Challenge Labs!

  1. Build your methodology using the walkthroughs.
    • Complete Module 24: Assembling the Pieces to understand the techniques, methodology, and thought process used to exploit a target.
    • Refine and practice your methodology in the Challenge Labs.

Find and Exploit AD Challenge Machines

  • Post-exploitation is as important as initial enumeration.
    • Unlike stand-alone machines, AD needs post-exploitation.
    • Practice by finding dependencies between AD challenge machines.

Practice, Practice, Practice!

Practice as many machines as you can on all challenge labs.

  • Try to exploit a machine using multiple approaches and/or techniques.
  • Revisit challenges and topic labs that were challenging or presented difficulties.
  • Avoid relying on hints and walk-throughs.

Lab Machines Key to Success

The more challenge labs you complete, the more scenarios you’ll have encountered, which can help you build the problem-solving skills relevant to the exam environment.

Simulate a Practice Exam Environment

  • Challenge 4 (OSCP A), 5 (OSCP B), and 6 (OSCP C) contain an AD set environment.
    • If you have already finished all AD sets, redo it without looking at the notes.
    • Practice your report-writing skills after exploiting machines.
  • Repeat the exam environment to build confidence. 
    • Familiarity with time constraints will help you stay calm and centered.
    • Remember, the exam is just another day in the labs.

Time Management

Avoid rabbit holes

  • Set a timer per machine:

    • I.e., 2-3 hours per stand-alone machine and 4 hours for the AD set.

    • The 4 hours can be broken down for each AD machine.

  • After getting a shell, allot another two hours for privilege escalation.
  • If time runs out, move on. It's easy to get lost in troubleshooting.
  • Working on a different machine or taking a break lets you come back with a fresh perspective.

Schedule your breaks

  • The 24 hours is not just for hacking machines.

    • Schedule time for breaks, eating, and sleeping.

    • Stick to your schedule. Fatigue and hunger will slow you down.

  • Take a step back or a short break after your 2-3 hour allotted machine time.

Don't Panic

  • There is more than enough time to finish the exam.

  • If you need to work for 24 hours, you need more preparation.

Reporting

  • Keep a record of your journey through the PEN-200 challenges.
    • Recommended practice for writing your exam report.
  • Prepare a report template prior to your exam.

OSCP+ Exam Tips

Read the Exam Control Panel

  1. Read the instructions for each machine before you start.
    • It will give you an idea of the structure of the AD set.
  2. Plan based on the objectives outlined in your Control Panel.
    • Identify whether you will start with an AD set or stand-alone machines.
    • Format your report template in line with the requirements of each machine.

Enumeration Tips

Initial Enumeration

  • Perform light scans on your targets.

    • E.g., scan for ten common ports on your exam machines.

    • Manually interact with services found while waiting for thorough and longer scans.

Enumerate carefully

  • Avoid heavy scans on multiple targets.

  • Revert machines after running unsafe scans.

  • Re-run scans to ensure all information are correct. Scans can be inaccurate.

    • Use various tools to verify scan outputs.

Enumeration is a cyclical approach

  • After gaining new access, enumerate again in the context of your new privileges.

    • If you gain login access to a webpage, enumerate the webapp as that user

    • If you gain domain user access to a machine, enumerate the domain as that user.

  • This concept is often overlooked.
    • Learners tend to stop enumerating after getting a shell/root access.

Exploitation Tips

Make sure to read exploits prior to using them.

  • Do you need to set up files or permissions prior to running the exploit?

  • Do you need to modify the exploit to match your target?

Check multiple exploits for the same vulnerability.

  • Exploits may use different methods to exploit vulnerabilities.

  • Some exploits might be compatible/incompatible with your target.

Active Directory Tips

AD Enumeration

  • Identify the machine's role (DC/client) and the services present.

  • Identify the initial target in the domain (the low-hanging fruit).

AD Exploitation

  • Have a cheatsheet of AD commands.

    • Be thorough for enumeration, exploitation, and post-exploitation.

  • Do not ignore standard enumeration; check applications and non-AD-related services.
  • Try using the information you obtained on multiple domain machines.

Document & Backup!

  • Document all commands, outputs, scripts, and code you use.
    • Use terminal loggers to automatically log all commands and outputs in your shell.
  • Take snapshots and backups of your work.
  • Ongoing documentation saves time from rerunning any commands if you need the outputs again.

OSCP+ Exam Scheduling

Schedule your Exam

  • Schedule your exam several weeks prior.
    • We recommend at least three weeks before the desired date.
    • You can reschedule your exam up to 3 times.
    • You can reschedule your exam up to 48 hours before exam start time.
  • Be mindful of the time and timezone (e.g., GMT).
    • If you do not arrive within 1 hour of your exam start time, your exam will be canceled.
    • You may check Managing OffSec Certification Exams for more information about scheduling an exam.

 

Exam Confirmation Email

“Penetration Testing with Kali Linux - Proctored Certification Exam Confirmation - OS-XXXX” email contains:

  • How to start the exam and login to the proctoring tool.
  • Technical requirements to take the proctored exam.
  • Exam proctoring rules.
  • Instructions on how to submit your exam report.

Exam Logistics & Proctoring

Exam Logistics

  • Identify where you intend to take the exam.
  • Check government cybersecurity laws. Some countries have strict firewall restrictions.
  • Prepare a backup Internet connection in case of emergencies.
  • Check for scheduled power outages in your area.
  • Prepare food and snacks for the 24-hour exam.
    • Water is critical; remain hydrated.
  • If other people will be in the room during the exam, inform them regarding the exam protocol.

Proctoring Requirements

Technical Requirements

  • Proctoring technical requirements are outlined here.

  • Schedule a test session if you are using a Linux variant.

ID requirements

  • Valid government-issued ID in English.

    • Contains your full name, photo, birthdate, country, issue, and expiry date.

  • Prepare a scanned copy in case your ID is not clear in the camera.

Mentally Prepare Yourself

  • Be confident in the preparation you completed.
    • Remember, the exam is just another day in the labs.
  • Be calm and avoid worrying about the exam.
    • Try eating out or going to the gym (activities that relax your mind).
  • Be healthy.
    • Get plenty of sleep and rest, and stay hydrated.

During the Exam

Proctoring Process

The proctoring process can start 15 minutes before your exam time.

Log in to the proctoring tool with your credentials.

proctoring tool.png

 

Overcoming Stress & Anxiety

  • If you are panicking, take a moment to stop and collect yourself.
    • Do activities that calm you, like meditating or taking a walk.
  • Stick to your time schedule.
    • As long as there is time, keep working.
    • Many learners finish exams in buzzer beaters.
  • It's ok if you don't do well.
    • Many OffSec employees had multiple attempts.
    • You will also learn and gain the exam experience.

Before Ending the Exam

  • Double-check the exam requirements.
  • Review and finalize all of your notes.
  • Make sure you have captured all the necessary screenshots and proofs.
  • If you have the time, re-exploit machines after a revert.
    • Ensures your step results are correct.
    • Double check proofs and screenshots are correct.

Contact Protocol

  • For exam machine or connectivity-related issues please inform the proctoring team immediately via the exam live chat.
  • For issues related to the proctoring application, please reach out to https://chat.offsec.com
  • OffSec Student Mentors (SMs) will not assist with exam objectives.
    • However, reach out if you feel overwhelmed or need a sounding board.

Post Exam

Writing your Report

  • Get sleep & refresh your mind.
    • You have 24 hours for the report; there is time to rest.
  • Take the time to write a detailed report.
    • The report is important; it is the product you deliver to the client.
    • It should be organized, professional, and will be clearly understood.
  • Proofread your report.
    • Double-check if the necessary screenshots and proof files are present and correct.
    • We do not accept changes or updates to submitted reports.

Upload Login Page

Upload_exam_report.PNG

Upload Report Page

Upload_exam_files.PNG

Double Check the MD5 Hash

MD5_Hash.PNG

  1. After uploading your report, upload.offsec.com will provide the MD5 hash of your report.
  2. Compare MD5 hash of the uploaded file with your local copy.
  3. If the values do not match, your file did not upload successfully.

Additional Resources

OSCP+ Exam Resources

Support Channels

What Do You Need? Learners
Exam scheduling orders@offsec.com
Proctoring proctoring@offsec.com 
VPN connectivity issues Inform the proctor via the exam live chat
Exam machine testing
Non-technical exam-related inquiry challenges@offsec.com

Related articles

Powered by Zendesk