OSCP Exam review "2019" + Notes & Gift inside!

2

Comments

  • > @pingunrchable said:
    > Hey man, congratulations on passing your OSCP.
    >
    > I am looking to do OSCP soon but I feel that I am not ready to do so especially after doing some of the "easy" HTB boxes.
    >
    > Should I:
    >
    >
    > * Do more HTB boxes before going on to OSCP or
    > * Do the OSCP course and exam then use HTB as a means of upkeeping my skill?
    >
    > Let me know your opinion.
    >
    > FYI: I am an experienced Network Engineer.


    My advice is to start with OSCP, as their machines start from a very basic level, and gradually increase in difficulty, as they're designed to take you through the learning curve.

    Also, don't feel bad if you give HTB's machines difficult, as they have a different purpose, and much of the time can't be solved quickly or very easily.
  • edited March 24

    Type your comment> @21y4d said:

    My advice is to start with OSCP, as their machines start from a very basic level, and gradually increase in difficulty, as they're designed to take you through the learning curve.

    Also, don't feel bad if you give HTB's machines difficult, as they have a different purpose, and much of the time can't be solved quickly or very easily.

    Thanks for your advice!

    I will book my OSCP in a couple of weeks!

    WIsh me luck.

  • For anyone interested, I have been doing some research on both OSCE & OSWE, and here's my general idea.

    If OSCP is focused on pen testing, these two certificates are focused on exploit development and advanced attacks.

    Generally, OSCE focuses on finding and crafting advanced vulnerabilities for linux and Windows. OSWE is the same but for web applicatios.

    You can find the following excellent study plan for OSCE, which can help you understand what's needed from you before registering for the course:
    https://www.abatchy.com/2017/03/osce-study-plan

    Personally, I have registered to Pentester Academy, and started taking their excellent courses on relevant topics.
    https://www.pentesteracademy.com/
    Once I feel I'm comfortable on all topics, I will register for the OSCE course.

    OSCP is not a requirement for OSCE, since it focuses on a slightly different area, though I would recommend doing it before OSCE. However, OSCP is a prerequisite for OSWE.

    OSWE is still new "less than a year", so not many topics and reviews are available on it.

    I hope this helps some people :)
  • edited April 5

    @21y4d Thanks so much for this man, due to start PWK in May and this is some encouraging stuff. One thing that has bothered me on HTB is the time it usually takes me to complete a box, and with time being a big factor in the exam, I worried this might hold me back!

    Admittedly when I'm doing boxes on here they don't have my fullest attention, but it's still something I'm worried about. Any tips on how to maybe speed up approach etc?

  • @Epictetus said:
    @21y4d Thanks so much for this man, due to start PWK in May and this is some encouraging stuff. One thing that has bothered me on HTB is the time it usually takes me to complete a box, and with time being a big factor in the exam, I worried this might hold me back!

    Admittedly when I'm doing boxes on here they don't have my fullest attention, but it's still something I'm worried about. Any tips on how to maybe speed up approach etc?

    HTB boxes are usually time consuming, so it's not a good comparison. The most important thing is to not keep following a rabbit hole for too long, so you have to have a strategy of when to stop following something that is not working.

    Once you start on the OSCP labs, you'll understand the type of machines you are supposed to deal with, which is mostly using and modifying public exploits.

  • HTB boxes are relatively hard.. in oscp exam also 2 boxes will be hard..medium here in HTB...remaining easy boxes here...
    But in HTB now a days easy boxes becoming medium, medium becoming hard.. just my observation...

    sesha569

  • edited April 5

    I'm starting the OSCP course the 21th so this is really helpful, thank you.
    The script is awesome, btw.

    Uvemode
    OSCP | eCPPT |

  • edited April 5
    > @Rayvenhawk said:


    My advice in general is that if you didn't pass in your second attempt, you should stop and rethink your approach. Otherwise, you will keep falling for the same mistakes, regardless of the number of times you take the exam.

    In general, try to do the following:
    1. Have a strategy for Linux and another for Windows, and follow this strategy. This isn't something complicated or advanced, but simply knowing your steps for each machine. You will follow your approach, and if one thing didn't work, you stop and go to the next. If you checked everything and nothing worked, then take a look at the things you've enumerated, and prioritize them by the likelihood of being the intended way.

    2. Have a strategy for when to stop following something that does not work. Believe me, if it was the intended way, you would know. If something doesn't work after several attempts, just skip to the next one. In the unlikelihood that it was the intended way, you can always go back to it.

    3. Have a strategy for the order you do the machines. My approach was first doing the BOF machine, as it was guaranteed. Then I did one of the 20 points machines, with my brain still fresh. Then, as I started to get a bit tired and wanted to take my first break, I did the 10 points machine. Then after the break, I did the other 20, and then the other 25.

    Once you have those things in mind, it should be easier than the previous times, and hopefully you'll get it on the next try...

    Best wishes :)
  • edited May 14

    @21y4d First of all congrats for passing the exam. I'm planning to take the exam too anyways,

    I have couple of questions - please bare with me, as this is my 1st comment :) - for those who have taken the OSCP exam recently & might know the answer:

    1. Are we allowed during the exam period to check/read/use/copy out from our Exercise/Lab-notes or not?
    • I don't think, that someone could know all codes/scripts/BOF & methods by heart, or?
    1. I saw in many comments (20 points box, 10 points box etc...) according to that, the exam has 2-20s, 1-10, 1 BOF 35, that leaves us with 15 point box, right?

    2. Regarding PrivEsc, are we allowed to use LinEnum/PowerUp.ps1 in the exam, or is it treated like sqlmap & Nessus?

    3. Regarding web application, are we allowed to use W3AF as audit tool?

    Thanks in advance guys & wish you all the best ;)

  • Amazing review, we need a lot more of these. Very informative, should be stickied or something.

    Glad to hear you were able to pass your OSCP in 1 try! Very great achievement of yours.

    Thank you again for the great review and nmap script :)

    Cheers

  • edited May 15
    > @xyzxyz said:
    > @21y4d First of all congrats for passing the exam. I'm planning to take the exam too
    >...
    > Thanks in advance guys & wish you all the best ;)

    1- Of course you can, and it is encouraged. Even if you have a writeup on a similar vulnerability you can refer to it. Basically, the only thing that isn't allowed is if you have someone else do the exam "or parts of it" for you.

    2-There's no 35, the max is 25. I can't specifically point out the box distribution "I think it's not allowed" but you might find it online.

    3-Yes you can. What isn't allowed is auto exploitation, not auto recon/enumeration. Nessus is not allowed because it is a Pro "paid" tool.

    4-I'm not sure, depends whether it's free or not. You can ask the exam team about this.

    I hope I could help :)
  • About that nmapautomator script... "Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-02 23:50 EDT
    Error #486: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
    QUITTING!
    " Did anyone come across this issue? If so, how did you fix?

  • @otg1062 said:
    About that nmapautomator script... "Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-02 23:50 EDT
    Error #486: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
    QUITTING!
    " Did anyone come across this issue? If so, how did you fix?

    This happens if you did not follow the instructions when running the nmapAutomator.
    Just follow the examples in the GitHub page.

  • Awesome script, feels a lot nicer than reconnoitre. I would suggest if you are going to run gobuster as default to add status codes 500 and 401.

    Derezzed

  • @Derezzed said:
    Awesome script, feels a lot nicer than reconnoitre. I would suggest if you are going to run gobuster as default to add status codes 500 and 401.

    Will do.. I started doing this lately as gobuster does not include them by default for some reason.

  • Really liking nmapAutomator so far. Thanks! And thanks for the OSCP review. That's my next challenge.

    CAL10MM

  • @21y4d nmapAutomator has been great! I modified it locally just slightly (changed a few things to match my personal preference (i.e. added some additional defaults to gobuster and nikto). Your hard work is much appreciated, and congrats on your OSCP!


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Thanks.. I'm glad you like it, and feel free to modify it to match your preferences.
    If anyone can improve upon can PM me so I can implement the ideas :)

  • Thank you, thank you, thank you!

    I have set the OSCP as my target in the near future. I got CEH a couple of months ago and I'm now reading everything I get my hands on, and getting new skills with the HTB boxes.

    Your review has somehow calmed me down a bit, cause I had a much more difficult mental image of it (I'll try not to get overconfident LOL).

    Oh, and thanks for the script! I'm sure it will come handy in many scenarios!

  • @GibParadox said:
    Thank you, thank you, thank you!

    I have set the OSCP as my target in the near future. I got CEH a couple of months ago and I'm now reading everything I get my hands on, and getting new skills with the HTB boxes.

    Your review has somehow calmed me down a bit, cause I had a much more difficult mental image of it (I'll try not to get overconfident LOL).

    Oh, and thanks for the script! I'm sure it will come handy in many scenarios!

    Wish you all the best.
    No need to panic, simply train hard and keep "trying harder" and you can definitely get there from your first attempt.

    Recent machines I would rank as average OSCP exam level are "SwagShop and Luke", which are probably one of the easiest currently active machines. Like I said, it's a balance between difficulty, time, and rabbit holes, as you will have to do five of those.

  • Thank s for your review! Really helpful. I am taking the PWK course at the moment. In my second week of 90 days lab time.

  • edited June 10

    Query about the PWK course / OSCP exam.
    I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

  • Type your comment> @DameDrewby said:

    Query about the PWK course / OSCP exam.
    I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

    Yes there is, I think it's 2018 build of Kali at this point. It's 32bit and contains a couple of extra things that don't come with stock Kali. Personally I used my everyday 64bit build and only touched the 32bit for compiling 32bit exploits.

    brox

  • Type your comment> @BROX said:

    Type your comment> @DameDrewby said:

    Query about the PWK course / OSCP exam.
    I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

    Yes there is, I think it's 2018 build of Kali at this point. It's 32bit and contains a couple of extra things that don't come with stock Kali. Personally I used my everyday 64bit build and only touched the 32bit for compiling 32bit exploits.

    Understood, thanks.

  • @DameDrewby said:
    Query about the PWK course / OSCP exam.
    I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

    Yes they do, and it is usually updated on yearly basis.
    Personally I did not use it, and I think it is recommended for those who never used Kali, but if you have your own then there's no good reason to switch.
    The main two things in the VM are:
    1-it's 32-bit, to try out linux 32-bit BOF "which aren't part of the exam, and a can still be compiled and tested on 64-bit machine"
    2-It has a a bunch of extra applications installed, most of which aren't needed for the exam.

    So in case you already use Kali, there's really no point to consider their VM.

  • Type your comment> @21y4d said:
    > @DameDrewby said:
    > Query about the PWK course / OSCP exam.
    > I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?
    >
    >
    >
    >
    >
    > Yes they do, and it is usually updated on yearly basis.
    > Personally I did not use it, and I think it is recommended for those who never used Kali, but if you have your own then there's no good reason to switch.
    > The main two things in the VM are:
    > 1-it's 32-bit, to try out linux 32-bit BOF "which aren't part of the exam, and a can still be compiled and tested on 64-bit machine"
    > 2-It has a a bunch of extra applications installed, most of which aren't needed for the exam.
    >
    > So in case you already use Kali, there's really no point to consider their VM.

    Perfect, thank you.
  • Great tool mate, will be using it on my exam!

  • Which box here on HTB was metasploit only?

  • @21y4d I'm a freshman in University, with a deep love of Linux, Any Windows "Strategy"/Course suggest for me? (I know very little about Windows, since HTB mostly in Linux)

    @0verfl00w Any suggestion on doing Granny&Grandpa without MSF? (These machines retired.)

  • > @kmahyyg said:
    > @21y4d I'm a freshman in University, with a deep love of Linux, Any Windows "Strategy"/Course suggest for me? (I know very little about Windows, since HTB mostly in Linux)
    >
    > @0verfl00w Any suggestion on doing Granny&Grandpa without MSF? (These machines retired.)

    The OSCP material on Windows is good, and most of their machines are Windows, so you'll get plenty of exercise there.

    My suggestion would be to get a VIP subscription here in HTB if you can, and go through retired Windows boxes following the PDF guides or @ippsec videos. You can start from easy boxes and go up, and that should give you a very good experience with Windows machines.

    If you need more material after OSCP, you can check Pentester Academy, as they have several courses on Windows that cover various other areas.

    I hope this helps.
Sign In to comment.