From Failure to 100: How Akas Earned His OSCP+

In this guide, we’re sharing an inspiring story from one of our OSCP+ Certified Holders who embodies the journey of Try Harder. We’d like to introduce you to Akas Wisnu Aji (justakazh), a Cyber Security Consultant from Indonesia, who became certified in May 2025 after overcoming two failed attempts.

Instead of giving up, Akas chose to fail forward, refining his approach, deepening his knowledge, and confronting his weaknesses head-on. His persistence paid off when he earned a perfect 100-point score on the final exam, a testament to his resilience, adaptability, and unshakable mindset.

This story is for every learner who’s felt discouraged by setbacks. Akas’s journey is proof that failure is not the end, it’s a powerful step on the path to mastery!

I was a full-time college student working at a consulting firm, juggling an almost impossible schedule with hardly any room to dive into something entirely new.

Then a rare opportunity appeared: a sponsor offered to cover the costs. I said yes immediately — opportunities like that don’t come twice. I knew the risks — limited time, split energy, and the notoriously demanding OSCP material — but I also knew this could be a turning point.

Earning the OSCP had been a personal goal since 2021, and now the chance was right in front of me. I realized the road ahead wouldn’t be easy, and that’s exactly what made it worth pursuing.

Due to time constraints, I made the decision to focus directly on lab challenges as a faster way to grasp the core concepts and techniques. That doesn’t mean I completely ignored the modules. Whenever I got stuck on a lab challenge, I would refer back to the modules to look for relevant methods or techniques. I also occasionally looked for hints and discussions in the OffSec Discord community, which turned out to be super helpful during tough spots.

Four months had passed, and it was exam day. The night before, I prepared my tools, notes, and desktop setup for proctoring.

I managed to complete two machines within the first two hours. In my mind, I thought, “This machine is too easy.” Because I felt the next machines would be just as easy, I started to relax too much. I didn’t use my time efficiently and slightly underestimated the remaining challenges. 

Do you think I got the next flags? No. I didn’t get a single additional flag after the two machines I completed at the start. I didn’t record what I had done, take screenshots, log important output information, or document properly, so I ended up repeating methods I had already tried before, which wasted a lot of time. 

My biggest mistake was letting myself get too confident, thinking I had already won early on.

Time kept ticking, and I began to panic. My focus dropped drastically, my brain felt slow, and my body started to get exhausted. I thought I could “push hard” for 24 hours straight without rest, but that actually destroyed my focus. Eventually, time ran out, and I didn’t manage to add a single flag. Those first two machines made me feel like I had already won too quickly.

Yes, this was my first failure. I felt very down and lost confidence.

What did I miss? What hadn’t I done? What hadn’t I checked? These questions filled my mind. Curiosity, regret, and frustration all mixed into one. 

This was my first retake exam, three months after my first exam failure. This time, I was determined not to repeat my previous mistakes. Thoughts of my previous failure came to mind, but I distracted myself by playing lofi music to stay calm.

I tried to work more systematically, taking notes on important findings from enumeration.

I focused on the Active Directory set, spending 3 hours enumerating, and finally gained initial access on the AD set, securing my first local.txt. I thought this was enough for further exploitation, so I moved on to the standalone machines.

To maintain focus, I used the Pomodoro Timer method: 25 minutes of focused work and 5 minutes break. Honestly, I wasn’t comfortable with this method because when the break alarm sounded, I felt distracted and lost my flow. Maybe I just wasn’t used to it yet.

Unlike my previous exam where I didn’t sleep, this time I took a 4-hour nap to rest my body. Although 4 hours felt short, I decided to continue the exam after waking up.

I refocused on Active Directory, trying to re-enumerate carefully. Time kept ticking; there were about 5 hours left before the exam ended. I kept focusing on AD, hoping to find something to break it open.

But when there were only 2 hours remaining, so with a firm decision, I left Active Directory and switched to tackling the last standalone machine. The same frustration and hopelessness from my first exam started to resurface.

My final attempt was Privilege Escalation. Based on the internal enumeration I did, I found a few promising leads that could give me full system access. But when I tried to execute the exploit, it didn’t work. Maybe I misprioritized the target or overlooked something crucial. Then I failed again.

“Failure” is the inability to achieve something or the failure to reach a desired goal. And now, I found myself once again in the phase I feared the most: the phase of failure. I felt it, I acknowledged it, and I had to admit it.

Accepting that I failed the OSCP exam twice wasn’t easy. I can only accept the result I’ve gotten and focus on what I can control: improving myself to do better next time. And I no longer see it as something shameful — but rather as a valuable lesson for myself.

Then came some good news, I was given the chance to take my second retake — which means this will be my third attempt at the OSCP exam.

I went back to improving myself by focusing on my weak points. In my previous attempts, one of the biggest challenges was Active Directory, so I decided to study it from scratch and truly understand its fundamentals. I started by setting up a lab environment, learning about authentication methods, and exploring advanced exploitation techniques.

Then I scheduled my second OSCP retake, my final exam.

The day I had been waiting for finally arrived.

I had made sure there would be no mistakes during the proctoring process, no errors in note-taking, and no issues with my target prioritization plan. This time, I was determined to give my absolute best — and better than ever before.

I set my Pomodoro Timer and began the first phase: Port and Service Scanning. When the scan results came in, I had a brief thought: “If my old self had encountered this machine, I probably would’ve given up and failed.”

My progress was a bit slower than in the previous attempts — back then, it took me just two hours to compromise two standalone machines. This time, it took me several hours just to get one. But I kept going, because I knew, I’m no longer the person I used to be.

This was the fastest privilege escalation I’ve ever encountered during the exam — it took me less than 5 minutes to gain the highest level of access to that system. And just as expected, after more than 10 hours, I had only compromised one standalone machine. 

Time was ticking — and by that point, I had only earned 30 points. Once again, I got stuck on Active Directory. Instead of dwelling too much, I decided to switch gears and go back to the two remaining standalone machines I hadn’t compromised yet.

Long story short, I managed to get a local.txt from one of them. But after performing internal enumeration, it looked complex and time-consuming — so I decided to go back to AD. At this point, my total was 40 points — the same score I had when I first failed. I was stuck for a while, until I started thinking about the little things I might have missed — and boom, I found my second proof.txt. Now I was at 50 points.

I had fully compromised the entire Active Directory machine, bringing my total to 70 points.

I went back to the standalone machine where I had previously gotten local.txt. It was quite complex, but I pulled through and got proof.txt. Now I was at 80 points, with only one machine left.

Just like in previous exams, my brain started to slow down. But I took it one step at a time. Long story short — I got local.txt, and within 30 minutes, I escalated to full root/system access. I had achieved the full 100 points — on the very opportunity that was still given to me.

I spent the remaining time double-checking all screenshots and commands for the report. I made sure every flag screenshot I had captured met OffSec’s required standards.

I paid extra attention to every little detail — especially the screenshots and notes. I didn’t want all my effort to go to waste just because of a technicality.

All that was left: waiting for the result from OffSec. And then — it came. I passed with a perfect 100 points.

I never imagined that from failing with 40 points, then 60, I would one day hit a perfect 100. I’m a living witness that progress is real, and the process truly pays off.

This journey wasn’t just about technical skills. There were so many other factors — mental, emotional, even spiritual — that brought me to this point. Giving up was never an option. Failure wasn’t the end. It was the beginning of something better, and gives us a reason to grow and push forward.

Did I pass the OSCP on my first try? Absolutely not. This journey was far from easy. It was full of challenges, setbacks, and most importantly-lessons. Not just technical ones, but also those that shaped my mindset and built my mental strength.

My OSCP+ experience is something I’ll never forget — not just for the technical lessons, but for the personal growth it forced me to go through.

For anyone reading this: Believe in yourself — you can make it. And last but not least — Your mind is your power.

If you’re planning to take the OSCP, we hope this story can be a source of motivation to keep learning and growing. Check out our OSCP study tips to help you prepare for your upcoming exam!

Want to read more from Akas? Check out his blog article here!