About Clutchisback

A pentester and security researcher looking to contribute to the community! 💻 💻



Whether you are in preparation for your lab time to begin or you just want to get a feel for what exam day will be like, I’ve put together a few practice exams for future OSCP students to take. These boxes should be comprehensive enough to cover many of the basics that you will face in the labs. All of these boxes will have write-ups available for you to review AFTER your exam time has ended. It is imperative that you do not read these during your practice exam (no matter what) because this will completely destroy all of the mental elements of the exam that you will need to overcome. If you find yourself stuck and the feeling of helplessness starts to creep in, you’re doing it right!

After the exam I encourage you to read the write-ups to see if there are other attack vectors that you missed and to review any boxes that you were unable to compromise. Learn from your mistakes and retry. At the end of this exam, whether you pass or fail, you will have gained knowledge that will be applicable during your lab time and have had an experience that will prepare you mentally for the exam.



TLDR’ers Start here 

  • Schedule a set time for when you would like your 24 hour period to begin
  • Follow the OSCP guidelines here on Metasploit usage and other rules you will encounter on the actual exam to best replicate the real conditions
  • The boxes have points associated to each on a scale of 1-10. The passing score will be 7 out of 10 points
  • As you boot the machines resist the temptation of watching them boot as some of the Vulnhub machines in this practice exam reveal which boxes they are during the boot-up sequences as well as on the login screens
  • Do not read the text file named “Box Names” until you are ready to read the write-ups for each machine
    • The “Box_Names.txt” file will reveal which practice machine correlates to which Vulhub machine
  • This practice exam is very easy to cheat on but try your best not give yourself hints for your own sake
  • Once you are finished, feel free to do a write-up on your own and post it to your own blogs
    • Feel free to link it in the comments
  • Have fun!

Download the following zip archive below to download your exam attempt:

Exam Attempt 1 UPDATED (Aug 3, 2018) to redact file names and fix errors!

Exam Attempt 1

*I need to add attempt 2, been learning webapp stuff*




If you have a discord account hop into the RedSec channel. There are TONS of helpful pentesters who are willing to help you in this channel. If you’re looking for a mentor I would advise you to start looking here!



Please Note: This exam is nothing more than Vulnhub boxes collected into a zip file with the file names changed to create a black box environment. No privileged Offensive Security exam details are disclosed in this exam.



I chose to do this write-up on LazySysAdmin because it is a good box for potential OSCP students to start out on and something that every OSCP pentester and every current OSCP (PWK) student that is ready to take the exam should be able to do without using a walk-through. This box should take 6 hours or less if you do not experience any hang ups or interruptions.

Download LazySysAdmin Here!

NMAP Enumeration

My first initial NMAP scan I did a service scan on all 65535 ports. I usually port scan in two steps; First finding all ports that are open and then running a service scan against only the open ports in order to save time during the reconnaissance phase.


Nmap Service Scan against all ports


Nmap Scan Results

Web Enumeration

To start my web enumeration I began with a basic Nikto scan of the target machine. In doing so reveals several notable webpages to investigate further.


Basic Nikto Web Scan


Scan Detected 2 Notable Webpages

We will note these pages for further enumeration.


Having discovered that a possible WordPress site was running on the target machine, wpscan was used immediately after the web-scan completed. The user Admin was discovered.


Command used to enumerate wordpress users


User enumerated using the “–enumerate u” flag

SMB Enumeration

To begin SMB enumeration, enum4linux was used for the initial scan. The scan results revealed several shares that could be connected to using the smbclient. Using information that was gathered from the initial SMB enumeration via enum4linx along with the username discovered during the wpscan, allowed for a precise SMB connection using the smbclient, to be made.


Enum4linux Share Details


Connecting to the interactive share via the smbclient

Having connected to the SMB share named share$, allowed for the wp-config file and several other files containing passwords to be retrieved.

The /wordpress/wp-config file revealed to following username and password combination:


The deets.txt file revealed to following password:


Continue reading

OSCP – How to Know When You’re Ready to Take the Exam

Read Time: 15 minutes 🥚

If you’ve taken the red pill and decided to begin your journey towards the OSCP certification you will likely come to a point  where you begin to wonder if you are ready to take/pass the exam. This article will serve as a guide in helping you determine just that. Let’s begin!

TLDR’ers Start Here

  1.  You’ve have most of the public network rooted:
    • If you have about 60% of the public network rooted I would say that is a good time to start thinking about taking the exam. This is especially true if you have one or two of the “mammoths” rooted such as pain, gh0st, or humble/sufferance. Of course I can’t say whether or not you will pass with that level of progress in the labs, however, I do think you have a good fighting chance at 60%.

  2. You HAVEN’T been using Metasploit:
    • If you have achieved the first list item without the use of that nasty Metasploit (lol, I promise I don’t hate Metasploit ) then you should be proficient enough at identifying & exploiting vulnerabilities come exam time.

  3. The course materials become review material rater than new information
    • If you find yourself pwning boxes in the labs without ever needing to look at the course materials or you find yourself only referring to the PDF for syntax reasons, this is also a good indicator that you have mastered the techniques necessary to pass the exam.

  4. When you have a comprehensive and routine methodology:
    • New box? Time to: Nmap Nikto Dirb Enumerate Services Open site in browser …Wash, rinse, repeat
    • Once you have developed a solid workflow that you are comfortable with, this too, is an indicator that you are ready to pass the exam.

  5. You are comfortable with the buffer overflow process:
    • A basic buffer overflow in which you are given a proof of concept should only take you about 30-45 minutes to complete.
    • For this too, list item 4 still applies. Doing them should be simply walking through steps one by one.
    • (Not disclosing if BOF will be on the exam but….enumerate!!)

  6. You have an exam strategy! VERY IMPORTANT 😲😲
    • You need 70 points to pass the exam. Hear me closely: I am not allowed to tell you the values of the machines that are allocated to each system on the exam, however, with a little bit of enumeration that information can be discovered quite easily unfortunately (it is privileged information).
    • Do some math  and figure out what you need to do in order to get a passing grade. I repeat: Use math to figure out what you need to do to get a passing grade and do that come exam time!

TLDR’ers End Here

Keep coming back!

That’s all I have at the moment! THANK YOU FOR THE GREAT FEEDBACK! I decided to start this blog after getting such a great response! If you like my content be sure to come back regularly! I will be adding more and more as time progresses. While you’re here check out some wallpapers and other stuff.



Below are wallpapers I like (…and I do not own or claim ownership over);

**Grab what you need and leave** (GWYN&L):

Isn't this awesome!?

My current Kali wallpaper

Minimal Rocket

Mkhd had this in one of his videos once. Took forever to find.

Originally the dimensions on this were jacked up. With some Photoshopping I made the 1920×1080 just for you!

You all might like this one…

Picture from the “How you know you’re ready” article, just in case you liked it


This one is decent…right?


Can’t go wrong with the classic Kali black!


This one’s pretty clean

Starting OSCP From Scratch

Read Time: 16 mins
By: Clutchisback1

I hate reading boring articles so I’m not going to waste any of your time by writing one. Besides, you’re probably an PWK student with lab time ticking away each second as you get closer to your exam date; The very exam date that will determine whether or not you’ve become a man/woman yet in the information security industry. Right now, you’re still a little boy/girl with absolutely nothing going for yourself. That’s how I felt most of the time as I spent countless hours “skateboarding” through the internet trying to find some reverse PHP shell capable of running on windows host:

It actually exists folks:
(Windows PHP Reverse Shell)

The feeling of insufficiency coupled with the euphoria that I felt after gaining root privileges, or learning a new technique motivated me. I was like Neo spending hours in simulation learning Jiu Jitsu (which was really Karate but don’t get me started on that!).

TLDR’ers Start Here ➡️➡️

But you already know all of that so let’s get right into it:

Do these:
If you are just starting PWK, you’ve probably already been told to go and do the OSCP like Vms:

You’ve probably even been told to go and watch some of Ippsec’s videos.

No one probably mentioned that you could find Pre Compiled Windows Exploits out there in the wild which will save you some headache during your time in the labs.

Certainly do these:
And if no one has told you about Nebula for learning Linux privilege escalation techniques they have done you a disservice!

For note taking, I used a beautiful program called Atom. Learn MARKDOWN! Markdown is sort of like HTML and is super easy to use. After launching Atom and creating your folder for note taking make a “.md” file and start from there! It can recognize code and everything!

If you want buffer overflow experience and you don’t have lab access yet, I recommend doing Brainpan on Vulnhub.
Spoiler: It has both a Windows and a Linux buffer overflow for you to pwn!

Now that you have a good starting point, I want to cover some of the unwritten rules along with some additional tips that will help you during your time in the labs and in your pentesting career. Some of these tips will save you from a lot of embarrassment and frustration in your pursuit of the OSCP certification. I want to help you by shining light on how your thinking needs to and will change during your time in the labs.

Tips & Unwritten Rules

1. Google, Google, Google …need I say more?
* Thaw shall not ask another pentester any questions prior to googling the subject for at least 5 minutes on the subject.

2. Offsec admins are not as mean as you think they are.
* Before I used the Offsec Support Chat for the first time, I had already accepted that they were going tell me to try harder, but not once has any Offsec admin ever uttered those words to me. They are very understanding and super helpful.

3. Read the write-ups.
* You should be watching yourself and making sure this doesn’t become your “go to” on every single box you attempt to root, however, you are only hurting yourself when you abandon a machine without ever gaining the knowledge you are missing.

4. You are not a failure if you get stuck and look at the write-up for a box.
* This is something I struggled with for a long time. I ALWAYS felt guilty resorting to someone’s write-up after exhausting all of my knowledge on a target box but once you do read the write up you will likely remember that technique for the rest of your career!
* Pro tip: Peek: scroll down to where you are stuck and only view enough to get you moving again!

* Using Metasploit will severely hinder your ability to pass the exam in my honest opinion. You can only use it on one machine during the exam and it is generally only worthwhile on windows machines. I mean, imagine getting to the exam and having zero manual windows privilege escalation skills because you’ve been using Metasploit for every box in the lab. Yikes! Avoid it as much as possible.

6. Make Friends
* Building relationships is one of the best things you can do while in the labs. The more connected you are within the community the better. Offsec also provides an IRC Channel where you can communicate with other students and admins. I strongly suggest jumping in here before your lab time and asking your questions here Keeping rule #1 in mind.

7. Get a mentor
* Find someone who already passed OSCP or OSCE who can help do exactly what this article is doing in real time. Often times we read articles like this and forget that there is a real life person that wrote it and may be readily available in some Hackthebox forum somewhere. Find someone to “show you de wey!

8. Stay up Until 3AM
* My bedtime is 3am just about every night. It’s gotten to the point where if I go to bed before then I will be laying there with my eyes open staring at the ceiling. Learn to optimize your available hours to pour into the labs and try not to get divorced because all you seem to care about is buffer overflows and rooting pain & sufferance! Make sure you communicate your schedule with your family and don’t slack off doing your responsibilities around the home!!!


Closing thoughts

Relax! You’re going to do well! Check out some of my Github stars to find some really good enumeration scripts and other toys I’ve picked up along my journey to OSCP. If you’re not familiar with Github before starting in your labs you will become familiar with it soon enough!

I leave you with this:

Every machine you face in the labs and in life is a mirror reflecting your pentesting skill and competency.

Every box you gain is a step upward in your ascension towards the glorious OSCP certification! Keep struggling! Keep learning! Keep hacking; and Stop sleeping!