How did I pass OSWP exam? Tips and Tricks. @offsectraining #PEN-210 #hacking #pentesting #wireless #INVID #dyslexia

Hi!

Today I received my first certification from Offensive-Security (not counting PEN-100). If someone else is in progress of taking this course or thinking about it here are my tips and tricks.

Here are some links from offensive security that you shall read if you will attend an exam from Offensive-Security.

Verification

https://www.credential.net/bac14e8c-24e1-43c5-a2c7-8d0751543caa

Links

https://help.offensive-security.com/hc/en-us/articles/360046904731
 https://proctoring.offensive-security.com/student/login
 https://help.offensive-security.com/hc/en-us/sections/360008126631
 https://help.offensive-security.com/hc/en-us/articles/360050299352
 https://www.offensive-security.com/legal-docs
 https://help.offensive-security.com/hc/en-us/articles/360046293832
 

Exam Goals

You have 3 different networks that you can revert to. One of the network are mandatory to complete. You must “hack” 2 networks in total. You need to do this under 4 hours.

You can revert the networks 50 times during the test.

You must write a report and upload that to Offensive-Security after the exam. In the report you must provide screen shot and proof.txt of the network. Read the links above.

Exam tips

Use external webcam if possible
Use a portable web cam with a long cable, it works with integrated but the proctor want to see the surroundings and that can be sticky with integrated camera. My external camera did not work for this proctor application. It was not possible to change webcam in chrome extension for me. 😦

Use external monitor if possible

I used a laptop and a second monitor.

Prepare your Kali VM ( so you know that it will work)

Have your driver license or passport ready

Clean room and clean desk

Put a sign on the door that it is exam time and if you open the door you will die

Have water or something else you like.

Write the report as you go

Learn how to connect to wireless networks in kali

Make your terminal logging everyting or I use tmux, so you can go back if you miss a screenshot

My Exam timeline

I first receive an email from Offensive-Security

Exam starts 2022-08-07 14.00

12.00 – 14.45

Clean the desk, setup my laptop and monitor.

Startup my laptop, check that my web cam works. Start up my kali vm. My local Kali VM is the vm that I use to connect to the exam-vpn. So openvpn must be installed on the vm.

The proctor application is a chrome extension that is on the laptop. I am running ubuntu 22.04 with VirtualBox.

Installed the Chrome plug-in for the proctoring stuff
https://chrome.google.com/webstore/detail/janus-webrtc-screensharin/hapfgfdkleiggjjpfpenajgdnfckjpaj

In the email from Offensive-Security it says:

The exam package will be sent to the following email address(es):

This will be sent to you after you passed the proctoring people.

14.45

Login to https://proctoring.offensive-security.com/Student/login

Here the proctoring people want to see you ID and you need to share all your screens. They also want to see the surroundings thru the web cam. When they are happy they will start the exam and you will receive the VPN package and the link for the Control Panel.

This is for you kali VM so make sure that you can access your email from the kali vm or transfer files to it.

15:05

Download the vpn package to my kali vm. Connect with openvpn. The on the Control Panel link that you will receive in the email you have an ipadress to connect to.

On the remote machine you do all your work. You will not do anything on you kali vm except connect to the machine that Offensive-Security provided for you.

15:05 – 22.00

I fucked up really hard during the first 2 hours. It was a simple task to do but for some reason it did not work for me. After 2 hours going nowhere I saw that I have misspelled the network name. My dyslexia makes it hard sometimes. I need to use copy and past instead for typing.

After that it went the way that I want. Because I lost 2 hours of the test because of misspelling I finished the exam 5 minutes before the end. Puhhhh

Now to the reporting. Because of my first mistake I did not follow my own words and did not do the correct reporting from the beginning. So that is why my reporting ended at 22.00

Thats all!

Keep hacking

//Roger

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.