Please read this entire document carefully before beginning your exam!
This guide explains the objectives of the Offensive Security Exploitation Expert (OSEE) certification exam. Section 1 describes the requirements for the exam, Section 2 provides important information and suggestions, and Section 3 specifies instructions for after the exam is complete.
You have 71 hours and 45 minutes to complete the exam.
This means that if your exam begins at 09:00 GMT, your exam will end at 08:45 GMT three days later.
Once the exam is finished, you will have another 24 hours to upload your documentation. Details on how to submit your files are provided below.
SECTION 1: EXAM REQUIREMENTS
The Certification Challenge consists of several target machines, accessible over the OSEE Exam Labs. You will access these machines in order to debug any vulnerable software using Remote Desktop. Once you have exploited the target machines, you will find a proof.txt file in the Administrator's desktop directory. You must retrieve the content of these files and include them in your documentation together with your exploit code. Please note that your exploits must be reliable and working code must be provided as our team is going to repeat your steps in order to grade your exam challenge.
You must document your attempts or attacks including all steps, commands issued, and console output in the form of a report, exported in PDF format. Your documentation should be thorough enough that your attacks can be replicated step-by-step and failure to provide sufficient documentation may result in points not being awarded.
The documentation requirements are very strict and failure to provide sufficient documentation will result in reduced or zero points being awarded. Please note that once your exam and lab report is submitted, your submission is final. If any screenshots or other information is missing, you will not be allowed to send them and we will not request them.
Please use our OSEE exam report template for your documentation. It can be downloaded at the following URL:
SECTION 2: EXAM INFORMATION
Your connection to the exam is to be done with Kali Linux using OpenVPN. We are unable to provide any VPN connectivity support if you choose to use another setup. VPN connectivity support will be provided for Kali Linux only, however you are free to use any other operating system which supports OpenVPN.
- Download the _exam-connection.tar.bz2_ file sent to you in the challenge email to your _Kali machine_.
- Extract the files:
kali@kali:~$ tar jxpf exam-connection.tar.bz2
- Initiate a connection using OpenVPN:
kali@kali:~/exam-connection$ sudo openvpn OS-XXXXX-OSEE.ovpn Mon Mar 30 12:18:15 2020 OpenVPN 2.4.7 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019 Mon Mar 30 12:18:15 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
- Enter your provided username and password, sent to you via the challenge email:
Enter Auth Username: OS-XXXXX Enter Auth Password: XXXXXXXXXXX Mon Mar 30 12:18:26 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]126.96.36.199:1194 Mon Mar 30 12:18:26 2020 UDP link local (bound): [AF_INET][undef]:1194 Mon Mar 30 12:18:26 2020 UDP link remote: [AF_INET]x.x.x.x:1194 Mon Mar 30 12:18:26 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Mar 30 12:18:26 2020 [OFFSECOSEESTUDENTVPN] Peer Connection Initiated with [AF_INET]188.8.131.52:1194 Mon Mar 30 12:18:32 2020 TUN/TAP device tun0 opened Mon Mar 30 12:18:32 2020 /sbin/ip link set dev tun0 up mtu 1500 Mon Mar 30 12:18:32 2020 /sbin/ip addr add dev tun0 x.x.x.x/24 broadcast 192.168.x.x Mon Mar 30 12:18:32 2020 Initialization Sequence Completed
- The objective of the Certification Challenge is to demonstrate creative thinking and success in exploitation of the victim targets.
- Points will be rewarded for partial or complete administrative / SYSTEM control of the victim machine.
Exam Student Control Panel
We have introduced a student control panel for exam takers. Through this panel you will be able to revert your own exam machines, with a limit of a total of 50 reverts. Wait patiently for the machine to revert and only click the button once per attempt. Note that reverting a machine will cause it to go to its original state and any changes you've made to it will be lost. Details regarding how to access the exam control panel have been included in the challenge email.
Internet Connection Issues
This subsection of the exam guide documents what you should do in case you are unable to complete your exam due to severe external factors. Please make sure to read and understand it carefully.
The exam lab is a dedicated environment with no students connected other than yourself. The total allotted time of 71:45 hours does take life and its situations into consideration: - You are expected to take rest breaks, eat, drink and sleep - You are also expected to have a contingency plan in the event that there is an issue outside your control. (e.g. make sure you have access to a backup Internet connection)
If you have a legitimate issue, please send an email with your OSID to "challenges AT offensive-security DOT com" immediately. Make sure to include all the necessary details and supporting information such as a letter from your power company, ISP or any other relevant documentation.
Please note we are only able to extend the lab time if the issues were present on our side and only when the exam subnet is not immediately in use by another student following your exam. In the event of an issue on our side and the exam subnet is scheduled immediately following your exam we will provide a free exam retake attempt. We work very hard to ensure our environments are highly available and issues are very rare.
If you encounter any connectivity problems with the VPN or target machines, inform us immediately. The preferred method of contact is through the live chat available at https://chat.offensive-security.com or via email to "help AT offensive-security DOT com".
Please note that we will not be able to assist with, or give hints on, any exam objectives and will only be available for technical problems during the exam.
All questions related to the exam documentation and submission, or other non-technical exam related issues should be sent to "challenges AT offensive-security DOT com". The live chat administrators will NOT BE ABLE TO HELP you with exam-related queries unless you are having technical issues with the VPN connection or exam environment.
While debugging in kernel mode remember to .reload symbols if you encounter issues in getting information about the awedrv.sys driver.
SECTION 3: SUBMISSION INSTRUCTIONS
- Your exam report is in PDF format
- You have used the following format for the PDF file name "OSEE-OS-XXXXX-Exam-Report.pdf", where "OS-XXXXX" is your OSID
- Your PDF has been archived into a .7z file (Please do NOT archive it with a password)
- You have used the following format for the .7z file name "OSEE-OS-XXXXX-Exam-Report.7z", where "OS-XXXXX" is your OSID
- You have made sure that the your archive is not more than 300MB and the extracted files are not more than 400MB
- You have uploaded your .7z file to https://upload.offsec.com
Note that the filename is case sensitive. Students must submit their exam file following the exact filename format structure above. If your file does not follow the exact filename format and structure, the application will not accept it.
The following subsections provide details on each of these requirements.
Submission Format and Name
Your exam report must be submitted in PDF format archived into a .7z file. Please make sure to include all your scripts or any PoCs as text inside the exam/lab report PDF file itself. No other file formats will be accepted within the .7z file other than PDF file format.
If you submit your report in any other file format, we will not request or remind you to send a PDF report archived into a .7z file and your exam report will not be scored.
Before submitting your exam report, please review the PDF document to ensure the format and content appear as it did in your original edition document and that there are no formatting errors.
After uploading your exam file to upload.offsec.com, the site will provide you with the MD5 hash of your uploaded file.
Please make sure to verify that you have uploaded your report correctly by checking and comparing the MD5 hashes of your uploaded exam file and the file you have locally.
If the values do not match, that means your file did not upload successfully. Click on "Select a new file" and upload your archive again.
root@kali:~# md5sum OSEE-OS-XXXXX-Exam-Report.7z
Please do not archive your .7z and PDF(s) files with a password. Our system will not accept should you upload a password-protected files.
You must submit your documentation in a .7z file.
root@kali:~# 7z a OSEE-OS-XXXXX-Exam-Report.7z OSEE-OS-XXXXX-Exam-Report.pdf
7-Zip 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,2 CPUs)
Updating archive OSEE-OS-XXXXX-Exam-Report.7z
Everything is Ok
Please submit your .7z file via https://upload.offsec.com within 24 hours of completion of the exam and follow the provided instructions in order to upload your archived exam report.
The size limit for extracted files is 400MB and the archive is 300MB. If the size constraints are not met, you would not be able to upload your archive. If you are unable to meet the size constraints, we suggest looking at ways to reduce your file size using techniques such as image compression.
After the file has been uploaded, you will be presented with a "Submit File" button where a MD5 hash of your exam report will be displayed. Make sure to click the "Submit File" button after verifying your MD5 hash to submit your files successfully.
If you do not upload your exam-report via https://upload.offsec.com , it will not be graded.
Acknowledgement of Receipt
Once the report is uploaded successfully, a confirmation email will be sent immediately acknowledging the receipt. If you have not received the email, please ensure that you uploaded your report and clicked the Submit File button on the final page of https://upload.offsec.com after verifying your MD5 hash. We also recommend you to check your email spam and junk folders in case the confirmation email has been flagged as spam.
You will receive an email with your certification exam results (pass/fail) within ten (10) business days after submitting your documentation. Please note that we do not provide the exam score or solutions to the exam targets.