(最新)OSCP 官方考试指南-双语翻译精校版

vortex5

已于 2025-02-17 15:59:34 修改

阅读量1.8k

点赞数 40

文章标签： web安全安全 OSCP 渗透

于 2024-12-29 07:45:00 首次发布

本文链接：https://blog.csdn.net/2301_79518550/article/details/144796298

版权

🍬 写在前面

👨‍🎓 博主介绍：大家好，我是 vortex5 ，很高兴认识大家 ➤ 主页传送门

✨主攻领域：【网络安全】【渗透领域】【SRC挖掘】【靶场复现】
📝欢迎大家关注我的 vx 公.众.号：飓风瞭望
🎉如果本文对您有所帮助，请点赞➕评论➕收藏一键三连😋
🎉欢迎关注💗一起学习👍一起讨论⭐️一起进步
🙏作者水平有限，欢迎各位大佬指点，相互学习进步呀~

请添加图片描述
在这里插入图片描述

本文提供的信息包括：

INTRODUCTION 介绍

This guide explains the objectives of the OffSec Certified Professional Plus (OSCP+) certification exam. Section 1 describes the requirements for the exam, Section 2 provides important information and suggestions, and Section 3 specifies instructions for after the exam is complete.
本指南介绍了 OffSec Certified Professional Plus （OSCP+）认证考试的目标。第 1 部分描述了考试的要求，第 2 部分提供了重要信息和建议，第 3 部分指定了考试完成后的说明。

The OSCP+ certification exam simulates a live network in a private VPN, which contains a small number of vulnerable machines.
OSCP+ 认证考试模拟私有 VPN 中的实时网络，其中包含少量存在漏洞的机器。

You have 23 hours and 45 minutes to complete the exam.
您有 23 小时 45 分钟的时间完成考试。

This means that if your exam begins at 09:00 GMT, your exam will end at 08:45 GMT the next day.
这意味着，如果您的考试在 09：00 GMT 开始，您的考试将在第二天的 08：45 GMT 结束。

Once the exam is finished, you will have another 24 hours to upload your documentation. Details on how to submit your files are provided below.
考试结束后，您将有另外 24 小时的时间上传您的文件。下面提供了有关如何提交文件的详细信息。

All OSCP exams are proctored. 所有 OSCP 考试都有监考。

Please make sure to read the proctoring tool learner manual and the proctoring FAQ at the following URL: https://help.offsec.com/hc/en-us/sections/360008126631-Proctored-Exams
请务必阅读监考工具学习者手册和监考常见问题解答，网址为：https://help.offsec.com/hc/en-us/sections/360008126631-Proctored-Exams

Exam Structure 考试结构

The OSCP exam machines structure:
OSCP 考试机器的结构：

3 stand-alone machines (60 points in total)
3 台独立机器（共 60 分）
- 20 points per machine 每台机器 20 分
  - 10 points for initial access
    10 分初始访问
  - 10 points for privilege escalation
    10 分权限提升
1 Active Directory (AD) set containing 3 machines (40 points in total)
1 个 Active Directory （AD）域，包含 3 台计算机（共 40 分）
- For the Active Directory exam set, learners will be provided with a username and password, simulating a breach scenario.
  对于 Active Directory 考试域，学习者将获得用户名和密码，以模拟违规场景。
- 10 points for machine #1
  机器 #1 得 10 分
- 10 points for machine #2
  机器 #2 得 10 分
- 20 points for machine #3
  机器 #3 得 20 分
Possible scenarios to pass the exam (70/100 to pass)
通过考试的可能情况（70/100 通过）
- 40 points AD + 3 local.txt flags (70 points)
  40 分 AD + 3 个local.txt （70 分）
- 40 points AD + 2 local.txt flags + 1 proof.txt flag (70 points)
  40 分 AD + 2 个local.txt + 1 个proof.txt（70 分）
- 20 points AD + 3 local.txt flags + 2 proof.txt flag (70 points)
  20 分 AD + 3 个local.txt + 2 个proof.txt（70 分）
- 10 points AD + 3 fully completed stand-alone machines (70 points)
  10 分 AD + 3 台完整的独立机器（70 分）

Point Allocation 积分分配

The order in which the exam machines are documented in your exam report are the order in which the exam machines will be graded and valued
你的考试报告中记录考试机器的顺序，就是考试机器评分和评估的顺序
For independent targets, points will be awarded for partial and complete administrative control of each machine
对于独立目标，对每台机器的部分和全部管理控制将获得积分
Each machine has a specific set of objectives that must be met in order to receive full points
每台机器都有一组特定的目标，必须满足这些目标才能获得满分
You must achieve a minimum score of 70 points to pass the exam
您必须达到最低 70 分才能通过考试
It is possible to achieve a maximum of 100 points on the exam
考试最多可获得 100 分
Specific objectives and point values for each machine are located in your exam control panel
每台机器的具体目标和分数值位于您的考试控制面板中

SECTION 1: EXAM REQUIREMENTS

第 1 部分：考试要求

Specific instructions for each target will be located in your Exam Control Panel, which will only become available to you once your exam begins.
每个目标的具体说明将位于您的考试控制面板中，只有在考试开始后，您才能使用该面板。

Documentation Requirements 文件要求

You are required to write a professional report describing your exploitation process for each target. You must document all of your attacks including all steps, commands issued, and console output in the form of a penetration test report. Your documentation should be thorough enough that your attacks can be replicated step-by-step by a technically competent reader.
您需要编写一份专业报告，描述您对每个目标的渗透过程。您必须以渗透测试报告的形式记录所有攻击，包括所有步骤、发出的命令和控制台输出。您的文档应该足够详尽，以便技术熟练的读者可以逐步复现您的攻击。

The documentation requirements are very strict and failure to provide sufficient documentation will result in reduced or zero points being awarded. Please note that once your exam report is submitted, your submission is final. If any screenshots or other information is missing, you will not be allowed to send them and we will not request them.
文件要求非常严格，未能提供足够的文件将导致减分或零分。 请注意，你的考试报告一旦提交就是最终版本。 如果有任何截图或其他信息缺失，您将不被允许发送它们，我们也不会要求它们。

Exploit Code 漏洞利用代码

If you have not made any modifications to an exploit, you should only provide the URL where the exploit can be found. Do not include the full unmodified code, especially if it is several pages long.
如果您尚未对漏洞进行任何修改，则只应提供可以找到漏洞的 URL。不要包含完整的未修改代码，尤其是当它有几页长时。

If you have modified an exploit, you should include:
如果您修改了漏洞利用，则应包括：

The modified exploit code
修改后的漏洞利用代码
The URL to the original exploit code
原始漏洞利用代码的 URL
The command used to generate any shellcode (if applicable)
用于生成任何 shellcode 的命令（如果适用）
Highlighted changes you have made
您所做的高亮显示的更改
An explanation of why those changes were made
解释为什么进行这些更改

Exam Proofs 考试证明

Your objective is to exploit each of the target machines and provide proof of exploitation. Each target machine contains at least one proof file (local.txt or proof.txt), which you must retrieve, submit in your control panel, and include in a screenshot with your documentation. Failure to provide the appropriate proof files in a screenshot for each machine will result in zero points being awarded for the target.
您的目标是利用每台目标计算机并提供利用证明。每台目标计算机至少包含一个校样文件（local.txt 或 proof.txt），您必须检索该文件，在控制面板中提交该文件，并将其包含在文档的屏幕截图中。未能在屏幕截图中为每台计算机提供适当的校样文件将导致目标获得零分。

The valid way to provide the contents of the proof files is in an interactive shell on the target machine with the type or cat command from their original location.
提供证明文件内容的有效方法是在目标计算机上的交互式 shell 中使用 type 或 cat 命令从其原始位置创建。

Obtaining the contents of the proof files in any other way will result in zero points for the target machine; this includes any type of web-based shell.
以任何其他方式获取证明文件的内容将导致目标计算机的零分;这包括任何类型的基于 Web 的 shell。

On all Windows targets, you must have a shell running with the permissions of one of the following to receive full points:
在所有 Windows 目标上，您必须以以下权限之一运行 shell 才能获得满分：

SYSTEM user SYSTEM 用户
Administrator user 管理员用户
User with Administrator privileges
具有管理员权限的用户

On all Linux targets, you must have a root shell in order to receive full points.
在所有 Linux 目标上，您必须具有 root shell 才能获得满分。

Control Panel Submission 控制面板提交

The exam control panel contains a section available to submit your proof files. The contents of the local.txt and proof.txt files obtained from your exam machines must be submitted in the control panel before your exam has ended. Note that the control panel will not indicate whether the submitted proof is correct or not. An example of this is provided below:
考试控制面板包含一个可用于提交证明文件的部分。必须在考试结束前将从考试机器获得的local.txt和proof.txt文件的内容提交到控制面板中。注意：控制面板不会显示提交的证明是否正确。下面是一个例子：

在这里插入图片描述

Screenshot Requirements 屏幕截图要求

Each local.txt and proof.txt found must be shown in a screenshot that includes the contents of the file, as well as the IP address of the target by using ipconfig, ifconfig or ip addr. An example of this is shown below:
找到的每个local.txt和proof.txt都必须显示在屏幕截图中，其中包括文件的内容，以及使用 ipconfig、ifconfig 或 ip addr 的目标的 IP 地址。这方面的一个例子如下所示：
在这里插入图片描述

Exam Restrictions 考试限制

You cannot use any of the following on the exam:
您不能在考试中使用以下任何一项：

Spoofing (IP, ARP, DNS, NBNS, etc)
欺骗（IP、ARP、DNS、NBNS 等）
Commercial tools or services (Metasploit Pro, Burp Pro, etc.)
商业工具或服务（Metasploit Pro、Burp Pro 等）
Automatic exploitation tools (e.g. db_autopwn, browser_autopwn, SQLmap, SQLninja etc.)
自动开发工具（e.g. db_autopwn、browser_autopwn、SQLmap、SQLninja 等）
Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Canvas, Core Impact, SAINT, etc.)
大规模漏洞扫描程序（例如 Nessus、NeXpose、OpenVAS、Canvas、Core Impact、SAINT 等）
AI Chatbots (OffSec KAI, ChatGPT, YouChat, etc.)
AI 聊天机器人（OffSec KAI、ChatGPT、YouChat 等）
Features in other tools that utilize either forbidden or restricted exam limitations
其他工具中利用禁止或受限考试限制的功能

Any tools that perform similar functions as those above are also prohibited. You are ultimately responsible for knowing what features or external utilities any chosen tool is using. The primary objective of the OSCP exam is to evaluate your skills in identifying and exploiting vulnerabilities, not in automating the process.
任何执行与上述类似功能的工具也被禁止使用。您最终有责任了解任何所选工具正在使用哪些功能或外部实用程序。OSCP 考试的主要目标是评估您识别和利用漏洞的技能，而不是自动化流程的技能。

You may however, use tools such as Nmap (and its scripting engine), Nikto, Burp Free, DirBuster etc. against any of your target systems.
但是，您可以使用 Nmap（及其脚本引擎）、Nikto、Burp Free、DirBuster 等工具来攻击您的任何目标系统。

NOTE: While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform.
注意： 虽然您可以在考试期间使用 Discord 作为搜索信息的资源，但在任何情况下，您都不得在平台上寻求或接受其他人的帮助。

For more information regarding the allowed tools, please visit our OSCP Exam FAQ article.
有关允许使用的工具的更多信息，请访问我们的 OSCP 考试常见问题解答文章。

Please note that we will not comment on allowed or restricted tools, other than what is included inside this exam guide.
请注意，除了本考试指南中包含的工具外，我们不会评论是否允许或限制其他工具。

Downloading any applications, files or source code from the exam environment to your local machine is strictly forbidden unless they’re necessary for you to compromise the exam machine, and make sure to delete it after completing the exam objectives. For more information, please refer to the https://www.offsec.com/legal-docs/
严禁将任何应用程序、文件或源代码从考试环境下载到本地计算机，除非它们对您破坏考试机器是必要的，并确保在完成考试目标后将其删除。有关更多信息，请参阅 https://www.offsec.com/legal-docs/

Metasploit Restrictions Metasploit 限制

The usage of Metasploit and the Meterpreter payload are restricted during the exam. You may only use Metasploit modules (Auxiliary, Exploit, and Post) or the Meterpreter payload against one single target machine of your choice. Once you have selected your one target machine, you cannot use Metasploit modules ( Auxiliary, Exploit, or Post ) or the Meterpreter payload against any other machines.
考试期间，Metasploit 和 Meterpreter 有效载荷的使用受到限制。您只能对您选择的一台目标计算机使用 Metasploit 模块（Auxiliary、Exploit 和 Post）或 Meterpreter 有效负载。选择一台目标计算机后，就不能对任何其他计算机使用 Metasploit 模块（ Auxiliary、Exploit 或 Post ）或 Meterpreter 有效负载。

Metasploit/Meterpreter should not be used to test vulnerabilities on multiple machines before selecting your one target machine ( this includes the use of check ) . You may use Metasploit/Meterpreter as many times as you would like against your one target machine.
在选择一台目标计算机之前，不应用于测试多台计算机上的漏洞 Metasploit/Meterpreter （这包括使用 check ）。您可以根据需要对一台目标计算机多次使用 Metasploit/Meterpreter。

If you decide to use Metasploit or Meterpreter on a specific target and the attack fails, then you may not attempt to use it on a second target. In other words, the use of Metasploit and Meterpreter becomes locked in as soon as you decide to use either one of them.
如果您决定对特定目标使用 Metasploit 或 Meterpreter，并且攻击失败，则不能尝试对第二个目标使用它。换句话说，一旦您决定使用 Metasploit 和 Meterpreter 中的任何一个，它们的使用就会被锁定。

Metasploit cannot be used for pivoting, because it would thereby be used on more than one target.
Metasploit 不能用于pivoting，因为一旦使用，它将用于多个目标。

You may use the following against all of the target machines with the exception that meterpreter payload could be used only against one target machine:
您可以对所有目标机器使用以下命令，但 meterpreter payload 只能用于一台目标机器：

multi handler (aka exploit/multi/handler)
msfvenom

All the above limitations also apply to different interfaces that make use of Metasploit (such as Armitage, Cobalt Strike, Metasploit Community Edition, etc).
上述所有限制也适用于使用 Metasploit 的不同界面（例如 Armitage、Cobalt Strike、Metasploit Community Edition 等）。

SECTION 2: EXAM INFORMATION 第 2 部分：考试信息

Exam Connection 考试连接

Your connection to the exam is to be done with Kali Linux using OpenVPN. We are unable to provide any VPN connectivity support if you choose to use another setup. Your exam connection pack and details will be sent by email at the exact start time of your exam and not in advance.
您将使用 OpenVPN 通过 Kali Linux 完成与考试的连接。如果您选择使用其他设置，我们将无法提供任何 VPN 连接支持。您的考试连接包和详细信息将在考试的确切开始时间通过电子邮件发送，而不是提前发送。

Download the exam-connection.tar.bz2 file from the link provided in the exam email to your Kali machine.
1）从考试电子邮件中提供的链接下载 exam-connection.tar.bz2 文件到您的 Kali 机器。
Extract the file:
2）解压文件：

┌──(kali㉿kali)-[~]<br>└─$ tar xvfj exam-connection.tar.bz2<br>OS-XXXXXX-OSCP.ovpn<br>troubleshooting.sh

Initiate a connection to the exam lab with OpenVPN:
3）使用 OpenVPN 启动与考试实验室的连接：

┌──(kali㉿kali)-[~]<br>└─$ sudo openvpn OS-XXXXXX-OSCP.ovpn

Enter the username and password provided in the exam email to authenticate to the VPN:
4）输入考试电子邮件中提供的用户名和密码以验证 VPN：

┌──(kali㉿kali)-[~]<br>└─$ sudo openvpn OS-XXXXXX-OSCP.ovpn 1 ⨯<br>[sudo] password for kali: <br>2022-01-11 04:15:50 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).<br>2022-01-11 04:15:50 OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 28 2020<br>2022-01-11 04:15:50 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10<br>🔐 Enter Auth Username: OS-XXXXXX<br>🔐 Enter Auth Password: *********** <br>2022-01-11 04:16:01 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194<br>2022-01-11 04:16:01 UDP link local (bound): [AF_INET][undef]:1194<br>2022-01-11 04:16:01 UDP link remote: [AF_INET]x.x.x.x:1194<br>2022-01-11 04:16:01 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this<br>2022-01-11 04:16:02 [offensive-security.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194<br>2022-01-11 04:16:03 TUN/TAP device tun0 opened<br>2022-01-11 04:16:03 net_iface_mtu_set: mtu 1500 for tun0<br>2022-01-11 04:16:03 net_iface_up: set tun0 up<br>2022-01-11 04:16:03 net_addr_v4_add: 192.168.xx.xx/24 dev tun0<br>2022-01-11 04:16:03 Initialization Sequence Completed

Exam Control Panel 考试控制面板

The exam control panel is available via a link provided in your exam email. Through the exam control panel you will be able to:
考试控制面板可通过考试电子邮件中提供的链接访问。通过考试控制面板，您将能够：

Submit proof files 提交证明文件
Revert target machines 还原目标计算机
View specific target objectives and point values
查看特定目标和积分值

Machine Reverts 机器回退

You have a limit of 24 reverts. This limit can be reset once during the exam. All of the machines have been freshly reverted at the start of your exam so you will not be required to revert the machines when you begin. Please wait patiently for the machine to revert and only click the button once per attempt. Note that reverting a target machine will cause it to return to its original state and any changes you have made to the machine will be lost.
你有 24 次回退的限制。此限制可以在考试期间重置一次。所有计算机在考试开始时都已恢复正常，因此在开始时不需要恢复计算机。请耐心等待机器恢复，每次尝试只点击按钮一次。请注意，还原目标计算机将导致其返回到其原始状态，并且您对计算机所做的任何更改都将丢失。

Exam Proof File names 考试证明文件名

proof.txt - This file is only accessible to the root or Administrator user and can be found under the /root/ directory or the Administrator Desktop.
proof.txt - 此文件仅供 root 用户或 Administrator 用户访问，并且可以在 /root/ 目录或 Administrator Desktop 下找到。
local.txt - This file is accessible to an un-privileged user account.
local.txt - 此文件可供非特权用户帐户访问。

Note that the targets containing these files are detailed in your exam control panel.
请注意，包含这些文件的目标在考试控制面板中进行了详细说明。

Point Disqualification 积分取消资格

You will receive no points for a specific target for the following:
对于特定目标进行如下操作，您将不会获得积分：

Using a restricted tool 使用受限工具
Using Metasploit Auxiliary, Exploit, or Post modules on multiple machines
在多台计算机上使用 Metasploit Auxiliary、Exploit 或 Post 模块
Using the Meterpreter payload on multiple machines
在多台计算机上使用 Meterpreter 有效负载
Failure to provide the local.txt and proof.txt file contents in both the control panel and in an interactive shell screenshot
无法在控制面板和交互式 shell 屏幕截图中提供 local.txt 和 proof.txt 文件内容
Lack of documentation 缺乏文档

Guidelines for Handling Unforeseen Factors during the Exam 检查期间处理不可预见因素的指南

This subsection of the exam guide documents what you should do in case you are unable to complete your exam due to severe external factors. Please make sure to read and understand it carefully.
考试指南的这一小节记录了由于严重的外部因素而无法完成考试时应采取的措施。请务必仔细阅读并理解。

The exam lab is a dedicated environment with no learners connected other than yourself. The total allotted time of 23:45 hours does take life and its situations into consideration:
考试实验室是一个专用环境，除了您自己之外，没有其他学习者连接。23：45 小时的总分配时间_确实_考虑了生活及其情况：

You are expected to take rest breaks, eat, drink, and sleep
您需要休息、吃饭、喝水和睡觉
You are also expected to have a contingency plan in the event that there is an issue outside your control. (e.g. ensure you have access to a backup Internet connection, Kali Virtual Machine, power etc)
您还需要制定应急计划，以防出现您无法控制的问题。（例如，确保您可以访问备份 Internet 连接、Kali 虚拟机、电源等）

If you have a legitimate issue, please send an email with your OSID to “challenges AT offsec DOT com” immediately. Make sure to include all the necessary details and supporting information such as a letter from your power company, ISP, or any other relevant documentation.
如果您有合法问题，请立即将您的 OSID 电子邮件发送至 “challenges AT offsec DOT com”。确保包含所有必要的详细信息和支持信息，例如来自您的电力公司、ISP 的信函或任何其他相关文件。

Please note we are only able to extend the exam time if the issues are present on our side and only when the exam subnet is not immediately in use by another learner following your exam. In the event of an issue on our side and the exam subnet is scheduled immediately following your exam we will provide a free exam retake attempt. We work very hard to ensure our environments are highly available and issues are very rare.
请注意，只有在我们这边存在问题时，并且只有在考试后其他学习者没有立即使用考试子网时，我们才能延长考试时间。如果我们这边出现问题，并且考试子网在您考试后立即安排，我们将提供免费的重考尝试。我们非常努力地确保我们的环境高度可用，并且问题非常罕见。

Contact Protocol Contact 协议

If you encounter any connectivity problems with the VPN or target machines, inform us immediately, directly in the proctoring chat. Should you not be able to access the proctoring tool, please contact us via the live chat available at https://chat.offsec.com/ or via email to “help AT offsec DOT com”.
如果您在使用 VPN 或目标计算机时遇到任何连接问题，请立即直接在监考聊天中通知我们。如果您无法访问监考工具，请通过 https://chat.offsec.com/ 上的实时聊天或电子邮件 “help AT offsec DOT com” 与我们联系。

Please note that we will not be able to assist with, or give hints on, any exam objectives and will only be available for technical problems during the exam.
请注意，我们无法协助或提供有关任何考试目标的提示，并且只能解决考试期间的技术问题。

SECTION 3: SUBMISSION INSTRUCTIONS 第 3 部分：提交说明

Submission Checklist: 提交清单：

Your exam report is in PDF format
您的考试报告为 PDF 格式
You have used the following format for the PDF file name “OSCP-OS-XXXXX-Exam-Report.pdf”, where “OS-XXXXX” is your OSID
您对 PDF 文件名“OSCP-OS-XXXXX-Exam-Report.pdf”使用了以下格式，其中“OS-XXXXX”是您的 OSID
Your PDF has been archived into a .7z file (Please do NOT archive it with a password)
您的 PDF 已存档为 .7z 文件（请不要使用密码存档）
You have used the following format for the .7z file name “OSCP-OS-XXXXX-Exam-Report.7z”, where “OS-XXXXX” is your OSID
您对.7z文件名“OSCP-OS-XXXXX-Exam-Report.7z”使用了以下格式，其中“OS-XXXXX”是您的 OSID
You have made sure that your archive is not more than 200MB
您已确保您的存档不超过 200MB
You have uploaded your .7z file to https://upload.offsec.com
您已将 .7z 文件上传到 https://upload.offsec.com

Note that the filename is case-sensitive. Learners must submit their exam file following the exact filename format structure above. If your file does not follow the exact filename format and structure, the application will not accept it.
请注意，文件名区分大小写。学习者必须按照上述确切的文件名格式结构提交考试文件。如果您的文件不遵循确切的文件名格式和结构，应用程序将不接受它。

The following subsections provide details on each of these requirements.
以下小节提供了有关这些要求的详细信息。

Submission Format and Name 提交格式和名称

Your exam report must be submitted in PDF format archived into a .7z file. Please make sure to include all your scripts or any PoCs as text inside the exam report PDF file itself. No other file formats will be accepted within the .7z file other than PDF file format.
您的考试报告必须以 PDF 格式提交，并存档到 .7z 文件中。请确保将所有脚本或任何 PoC 作为文本包含在考试报告 PDF 文件本身中。.7z 文件中不接受除 PDF 文件格式以外的其他文件格式。
If you submit your report in any other file format, we will not request or remind you to send a PDF report archived into a .7z file and your exam report will not be scored.
如果您以任何其他文件格式提交报告，我们不会要求或提醒您发送存档为 .7z 文件的 PDF 报告，并且不会对您的考试报告进行评分。

Before submitting your exam report, please review the PDF document to ensure the format and content appear as it did in your original edition document and that there are no formatting errors.
在提交考试报告之前，请查看 PDF 文档，以确保格式和内容与原始版本文档中的格式和内容相同，并且没有格式错误。
After uploading your exam file to upload.offsec.com, the site will provide you with the MD5 hash of your uploaded file.
将考试文件上传到 upload.offsec.com 后，该网站将为您提供已上传文件的 MD5 哈希值。
Please make sure to verify that you have uploaded your report correctly by checking and comparing the MD5 hashes of your uploaded exam file and the file you have locally.
请检查和比较您上传的考试文件和您本地拥有的文件的 MD5 哈希值，以确保验证您已正确上传报告。

If the values do not match, that means your file did not upload successfully. Click on “Select a new file” and upload your archive again.
如果值不匹配，则表示您的文件未成功上传。点击 “Select a new file” 并再次上传您的存档。

┌──(kali㉿kali)-[~]<br>└─$ sudo md5sum OSCP-OS-XXXXX-Exam-Report.7z<br>f7feecea01ac1eca9ee522906b087d5e OSCP-OS-XXXXX-Exam-Report.7z

Archive File 存档文件

Please do not archive your .7z and PDF(s) files with a password. Our system will not accept should you upload a password-protected file.
请不要使用密码存档您的 .7z 和 PDF（s）文件。如果您上传受密码保护的文件，我们的系统将不接受。

You must submit your documentation in a .7z file. Please use your Kali machine to create your .7z file.
您必须以 .7z 文件的形式提交您的文件。请使用您的 Kali 机器创建您的 .7z 文件。

┌──(kali㉿kali)-[~]<br>└─$ sudo 7z a OSCP-OS-XXXXX-Exam-Report.7z OSCP-OS-XXXXX-Exam-Report.pdf<br><br>7-Zip 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,2 CPUs)<br><br>Scanning<br><br>Updating archive OSCP-OS-XXXXX-Exam-Report.7z<br><br><br>Everything is Ok

Submission Upload 提交上传

Please submit your .7z file via https://upload.offsec.com within 24 hours of completion of the exam and follow the provided instructions in order to upload your archived exam report.
请在完成考试后 24 小时内通过 https://upload.offsec.com 提交 .7z 文件，并按照提供的说明上传存档的考试报告。

The maximum allowable size for uploading your archive file is 200MB. If the size constraints are not met, you would not be able to upload your archive. If you are unable to meet the size constraints, we suggest looking at ways to reduce your file size using techniques such as image compression.
上传存档文件的最大允许大小为 200MB。如果不满足大小限制，您将无法上传档案。如果您无法满足大小限制，我们建议您考虑使用图像压缩等技术来减小文件大小的方法。

After the file has been uploaded, you will be presented with a “Submit File” button where a MD5 hash of your exam report will be displayed. Make sure to click the “Submit File” button after verifying your MD5 hash to submit your files successfully.
上传文件后，您将看到一个“提交文件”按钮，其中将显示考试报告的 MD5 哈希值。确保在验证 MD5 哈希值后单击 “提交文件” 按钮以成功提交文件。

If you do not upload your exam-report via https://upload.offsec.com , it will not be graded.
如果您未通过 https://upload.offsec.com 上传考试成绩单，则不会对其进行评分。

IMPORTANT NOTE: Please note that some Windows 11 users have encountered an issue while trying to upload their exam files to https://upload.offsec.com , and received file is not a proper format error. This issue may be related to compatibility concerns with Windows 11, and we’d like to provide a solution to ensure a smooth upload process.
重要提示：请注意，一些 Windows 11 用户在尝试将考试文件上传到 https://upload.offsec.com 时遇到问题，并且收到的文件不是正确的格式错误。此问题可能与 Windows 11 的兼容性问题有关，我们希望提供一种解决方案来确保上传过程顺利进行。

To resolve this problem, we recommend using a Kali Virtual Machine (VM) to upload your exam files securely and without any compatibility issues.
要解决此问题，我们建议使用 Kali 虚拟机（VM）安全地上传您的考试文件，而不会出现任何兼容性问题。
For more information about Kali VM, please visit: https://help.offsec.com/hc/en-us/articles/360049796792-Kali-Linux-Virtual-Machine
有关 Kali VM 的更多信息，请访问：https://help.offsec.com/hc/en-us/articles/360049796792-Kali-Linux-Virtual-Machine

Acknowledgement of Receipt 回执

Once the report is uploaded successfully, a confirmation email will be sent immediately acknowledging the receipt. If you have not received the email, please ensure that you uploaded your report and clicked the Submit File button on the final page of https://upload.offsec.com after verifying your MD5 hash. We also recommend you to check your email spam and junk folders in case the confirmation email has been flagged as spam.
成功上传报告后，将立即发送一封确认电子邮件，确认收到。如果您没有收到电子邮件，请确保您已上传报告，并在验证 MD5 哈希值后单击 https://upload.offsec.com 最后一页上的 Submit File 按钮。我们还建议您检查您的电子邮件垃圾邮件文件夹，以防确认电子邮件被标记为垃圾邮件。

Additional Required Information 其他必填信息

In the unlikely event that we require additional clarification on your exam report, we will get in contact with you via email. You must submit the requested information within 24 hours from the time we have requested it.
万一我们需要对您的考试报告进行额外说明，我们将通过电子邮件与您联系。您必须在我们要求后 24 小时内提交所要求的信息。

Results 结果

You will receive an email with your certification exam results (pass/fail) within ten (10) business days after submitting your documentation.
您将在提交文件后的十个工作日内收到一封电子邮件，其中包含您的认证考试结果（通过/未通过）。