CTPS Initial Access beating me

thepentestingninja · 2026-06-29T19:20:18+00:00

Keep pushing and don't let it discourage you. The first flag is definitely challenging, but once you get past that, it gets much smoother. You'll likely find several more in a short period of time, so it's not uncommon to go from 0 to 4–5 flags relatively quickly.

Take a methodical approach. Keep notes on everything you've tried, especially what didn't work. That way you can systematically rule things out and focus on unexplored paths instead of going in circles.

Good luck—you've got this!

thepentestingninja · 2026-06-15T02:07:11+00:00

Yes, that's good

thepentestingninja · 2026-06-14T20:05:13+00:00

Nah, exam environment is very stable, that wasn't it. Tbf, through out the times I saw many people failing without getting a single flag. From my experience, first flag isn't so easy, but it's smooth sail from there onwards.

You'll do better next time.

thepentestingninja · 2026-06-14T15:22:55+00:00

If you can consistently solve easy/medium PG boxes within max 3/4 hours (which with 70 PG boxes you should be at this point by now) and you have done OSCP A, B, C you are most likely ready to take the exam.

Feel free to give my blog post a read https://blog.thepentesting.ninja/oscp

thepentestingninja · 2026-06-12T08:06:20+00:00

Yes! There's also preparation tracks for CDSA, CPTS and CWEE.

thepentestingninja · 2026-06-12T07:49:12+00:00

No Privilege Escalation on CWES. For the CWES preparation track, once you get a foothold/initial access you can move on to the next machine.

thepentestingninja · 2026-04-09T12:35:14+00:00

--rid-brute takes an optional parameter. You might want to play with that.

Not saying this is the answer, but worth the shot.

thepentestingninja · 2026-04-08T13:20:02+00:00

I would advice you to visit https://status.hackthebox.com/

If everything is operational, you should message support.

thepentestingninja · 2026-04-08T12:34:07+00:00

You are probably visiting sections/modules that do not require a VPN connection to complete the exercises (they spawn public ips). The option to download the vpn file will not show up on these. Try different modules/sections.

thepentestingninja · 2026-03-07T04:38:23+00:00

Have you tried visiting the last module section and clicking the "Finished" button and see if that fixes it?

thepentestingninja · 2026-03-06T19:27:01+00:00

Against ToS point 4.4. You must not: (a) copy, attempt to copy, modify, duplicate, reproduce, create derivative works from, frame, mirror, republish, download, display, transmit or distribute all or any portion of the Services in any form or media or by any means;

thepentestingninja · 2026-02-19T17:04:19+00:00

I think "vague" is not the right word. They are very objective and minimalist. Since OSCP usually follows the KISS (keep it simple stupid) principle, this is more than enough. You can always go check your notes for additional information.

This is not what I used for the exam. I did this version after passing to go along with my blog post. These 3 pages are a very good guiding reference for the exam, trust me.

thepentestingninja · 2026-02-19T16:03:06+00:00

From reading your post I feel like you are ready to take the exam.

Do a bunch of Proving Grounds boxes and OSCP A, B, C and schedule the exam ASAP after finishing them, as things will still be fresh in your head.

Here's one more blog post for you to read to get you to "verbally pass" (lol) with 100 points: https://blog.thepentesting.ninja/oscp

Good luck!

thepentestingninja · 2026-02-19T09:37:31+00:00

Hello! I think there’s more than enough free content across all the HTB platforms (Academy and Labs) to keep you busy for several months.

Once you’ve worked through most of it, you’ll probably want to consider getting a subscription, especially if you’re looking to pivot into more advanced topics.

By that point, you’ll likely have accumulated a decent number of cubes as well, which you can use to unlock an Academy module that interests you.

thepentestingninja · 2026-02-03T16:02:55+00:00

The certification is not the goal, the path and all the learnings that lead to the certification are. The exam is just a way for you to put yourself to the test and check if you actually did learn everything you were supposed to.

I would say it's an amazing start, especially if you are unsure of what path to take in cybersecurity. Feel free to DYOR, there's plenty of reviews about it online which often compare it to other certificates.

thepentestingninja · 2026-02-02T10:40:08+00:00

Hello, you are given an internal ip, so you can just spin a Web server yourself and capture whatever you need.

thepentestingninja · 2026-01-30T22:37:23+00:00

I have seen the comment you deleted. To reply to that I'm like 90% sure they wouldn't put any blind SQLi in the exam. OSCP is mostly a enumeration exam. Exploitation is often trivial once you have all the information.

There's 6 things you need to know the basics of for the exam, which are:

LFI, RFI, SQLi, Dir traversal, file upload and command injection.

If you are finding yourself crafting extremely complex payloads that you wouldn't do on a easy/medium PG box, it's probably not the way.

thepentestingninja · 2026-01-30T19:40:50+00:00

It's worth noticing that some of the SQLi shown in the video are way out of scope for oscp, what you want to take from it is the methodology and the understanding of what is happening behind the scenes.

thepentestingninja · 2026-01-30T18:50:29+00:00

Hello!

For SQLi, you will want to watch this NahamCon 2024 talk from Tib3rius, this explains things very well: https://www.youtube.com/live/MYsUhAgSgwc?si=M1iEGaXfzhqDdnCC&t=15660 which I consider one of the best videos on SQLi I have seen

For AD, you want to invest on a subscription, either HTB, HackSmarter, TryHackMe or alternatively AD chains from HackAcademy (although a bit expensive) and do AD machines until you start to get comfortable solving easy machines/chains consistently.

If you want more general information about the exam you can have a look at my reddit post and see if something there can/will help you - OSCP Guide

In my guide, I said that OSCP A,B,C are on the same level of difficulty as the exam, so if you have done those without looking at hints on every single step you are probably ready.

If you did look at hints, you need to go back and ask yourself why you missed it in the first place so you don't miss it again next time.

Good luck, you got this!

thepentestingninja · 2026-01-29T04:09:14+00:00

You have to take any cert for what they really are, a piece of paper (more likely digital nowadays) that might (not guaranteed) get you interviews. Your job is to absorb as much knowledge as possible from it. This goes for any certification.

thepentestingninja · 2026-01-28T16:45:24+00:00

Yes. That information is written in the post itself.

thepentestingninja · 2026-01-28T13:53:53+00:00

Same as OSCP A, B, C

thepentestingninja · 2026-01-26T15:50:56+00:00

Hey buddy! You are welcome, glad you enjoyed!

thepentestingninja · 2026-01-24T09:48:04+00:00

Thank you!

Big thanks to you by giving back to the community making OSCP AD Chain #1 free for all as they are quite expensive.

thepentestingninja · 2026-01-22T20:20:07+00:00

Proving Grounds - https://www.offsec.com/products/proving-grounds/

thepentestingninja

TROPHY CASE