Please read this entire document carefully before beginning your exam!
INTRODUCTION
This guide explains the objectives of the Offensive Security Wireless Professional (OSWP) certification exam. Section 1 describes the requirements for the exam, Section 2 provides important information and suggestions, and Section 3 specifies instructions for after the exam is complete.
The OSWP certification exam simulates a "live wireless network", which contains multiple access points with various configurations.
You have 3 hours and 45 minutes to complete the exam.
Once the exam is finished, you will have another 24 hours to send your documentation to the Offensive Security Challenges Department. Details on how to submit your files are provided below.
SECTION 1: EXAM REQUIREMENTS
Objectives
There are three wireless access points available to attack:
- STAGE 1
- STAGE 2
- STAGE 3
Each scenario (stage) is different. You must obtain the WEP / WPA key in each scenario using the techniques and methodology shown in Offensive Security Wireless Attacks (WiFu). For any stages that require it, please use the psk-crack-dictionary custom wordlist that is provided for you, located at the following location: /root/psk-crack-dictionary
Documentation Requirements
You are required to write a professional report describing your exploitation process for each target. You must document all of your attacks including all steps, commands issued, and console output in the form of a penetration test report. Your documentation should be thorough enough that your attacks can be replicated step-by-step by a technically competent reader.
The documentation requirements are very strict and failure to provide sufficient documentation will result in reduced or zero points being awarded. Please note that once your exam and lab report is submitted, your submission is final. If any screenshots or other information is missing, you will not be allowed to send them and we will not request them.
Screenshot Requirements
For each stage, you must provide at least one screenshot of the successfully cracked wireless network key.
Exam Restrictions
You may see other WLANs in the vicinity: they are not part of the exam and should be avoided.
We continuously monitor the commands being executed and the wireless traffic during the exam. If you are found to be attacking any access points other than the ones in the exam guide, you will be automatically failed and your exam will be terminated immediately.
SECTION 2: EXAM INFORMATION
Exam Connection
You will connect over SSH to a BackTrack 5 system with an Alfa USB card that will be used for your attacks against the exam machines. To have additional shells available, you have the option of SSH-ing to the machine multiple times or by making use of screen.
Passing
You will only pass the exam for successful discovery of all 3 WEP / WPA keys.
Suggested Documentation Templates
Ideally, one of the following templates should be used to document your exam:
- https://www.offensive-security.com/wifu/OSWP-Exam-Report.doc (Microsoft Word)
- https://www.offensive-security.com/wifu/OSWP-Exam-Report.odt (OpenOffice/LibreOffice)
You may use your own template as long as the information is presented in a structured, professional manner and follows all other requirements outlined below.
Internet Connection Issues
This subsection of the exam guide documents what you should do in case you are unable to complete your exam due to severe external factors. Please make sure to read and understand it carefully.
The exam lab is a dedicated environment with no students connected other than yourself. You are expected to have a contingency plan in the event that there is an issue outside your control. (e.g. make sure you have access to a backup Internet connection)
If you have a legitimate issue, please send an email with your OSID to "challenges AT offensive-security DOT com" immediately. Make sure to include all the necessary details and supporting information such as a letter from your power company, ISP or any other relevant documentation.
Please note we are only able to extend the lab time if the issues were present on our side and only when the exam lab is not immediately in use by another student following your exam. In the event of an issue on our side and the exam lab is scheduled immediately following your exam we will provide a free exam retake attempt. We work very hard to ensure our environments are highly available and issues are very rare.
Contact Protocol
If you encounter any connectivity problems with the attacking machine or target access points, inform us immediately. The preferred method of contact is through the live chat available at https://chat.offensive-security.com or via email to "help AT offensive-security DOT com".
Please note that we will not be able to assist with, or give hints on, any exam objectives and will only be available for technical problems during the exam.
All questions related to the exam documentation and submission, or other non-technical exam related issues should be sent to "challenges AT offensive-security DOT com". The live chat administrators will NOT BE ABLE TO HELP you with exam-related queries unless you are having technical issues with the SSH connection or exam environment.
SECTION 3: SUBMISSION INSTRUCTIONS
Submission Checklist:
- Your exam report is in PDF format
- You have used the following format for the PDF file name "OSWP-OS-XXXXX-Exam-Report.pdf", where "OS-XXXXX" is your OSID
- Your PDF has been archived into a .7z file (Please do NOT archive it with a password)
- You have used the following format for the .7z file name "OSWP-OS-XXXXX-Exam-Report.7z", where "OS-XXXXX" is your OSID
- You have uploaded your .7z file to https://upload.offsec.com
Note that the filename is case sensitive. Students must submit their exam file following the exact filename format structure above. If your file does not follow the exact filename format and structure, the application will not accept it.
The following subsections provide details on each of these requirements.
Submission Format and Name
Your exam report must be submitted in PDF format archived into a .7z file. Please make sure to include all your scripts or any PoCs as text inside the exam/lab report PDF file itself. No other file formats will be accepted within the .7z file other than PDF file format.
If you submit your report in any other file format, we will not request or remind you to send a PDF report archived into a .7z file and your exam report will not be scored.
Before submitting your exam report, please review the PDF document to ensure the format and content appear as it did in your original edition document and that there are no formatting errors.
After uploading your exam file to upload.offsec.com, the site will provide you with the MD5 hash of your uploaded file.
Please make sure to verify that you have uploaded your report correctly by checking and comparing the MD5 hashes of your uploaded exam file and the file you have locally.
If the values do not match, that means your file did not upload successfully. Click on "Select a new file" and upload your archive again.
root@kali:~# md5sum OSWP-OS-XXXXX-Exam-Report.7z
12df3d6a8b40712eab94326984aaccc2 OSWP-OS-XXXXX-Exam-Report.7z
Archive File
Please do not archive your .7z and PDF(s) files with a password. Our system will not accept should you upload a password-protected files.
You must submit your documentation in a .7z file.
root@kali:~# 7z a OSWP-OS-XXXXX-Exam-Report.7z OSWP-OS-XXXXX-Exam-Report.pdf
7-Zip 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,2 CPUs)
Scanning
Updating archive OSWP-OS-XXXXX-Exam-Report.7z
Everything is Ok
Submission Upload
Please submit your .7z file via https://upload.offsec.com within 24 hours of completion of the exam and follow the provided instructions in order to upload your archived exam report.
After the file has been uploaded, you will be presented with a "Submit Files" button where a MD5 hash of your exam report will be displayed. Make sure to click the "Submit Files" button after verifying your MD5 hash to submit your files successfully.
If you do not upload your exam-report via https://upload.offsec.com, it will not be graded.
Acknowledgement of Receipt
Once we successfully review and accept your documentation, a confirmation email will be sent acknowledging receipt. If you have not received a confirmation email after 12 hours have passed, please send us an email at challenges AT offensive-security DOT com . We recommend you to check your email spam and junk folders in case it has been flagged as spam.
Additional Required Information
In the unlikely event that we require additional clarification on your exam report, we will get in contact with you via email. You must submit the requested information within 24 hours from the time we have requested it.
Results
You will receive an email with your certification exam results (pass/fail) within ten (10) business days after submitting your documentation. If you have passed the exam, you will receive an exam results email containing a link to update and confirm your certificate delivery address. Please note that we do not provide the exam score, solutions to the exam targets, or digital versions of the certificate.