OSCP alike machines list accurate?

Hi, I follow this list https://www.reddit.com/r/oscp/comments/alf4nf/oscp_like_boxes_on_hack_the_box_credit_tj_null_on/ to practice on HTB to prepare my OSCP exam. Looks like Linux ones are good. But I found majority of Windows machines on this list have to be exploited using kernal exploits, which against the suggestion that not rely on kernal exploit too much. So are the windows ones on the list really accurate to reflect the windows boxes in OSCP?

Cheer, JJ

Tagged:

Comments

  • i took the exam recently, was able to get all 8 flags, my main preparation beyond the pwk lab material was the list of boxes you are referring too. I watched the ippsec videos for each box and took notes on paper, then tried the box. they are very good prep for the exam. All but the easiest HTBs are harder than even the 25 point exam boxes. Unfortunately my report was not good enough so i need to take the exam a second time. But from the first experience i can say with confidence those HTBs are good prep for the exam, as long as you have also done the PWK training material. Also i found the cybermentor youtube buffer overflow videos very helpful for making some scripts that made BOF box trivial.

    Arrexel
    GWAPT,Security+,VCP,A+,Server+,Linux+,Nework+

  • edited June 8

    @bugeyemonster, thanks for your so valuable feedback! It's a pity they didn't let you pass even you got all flags. I'm also preparing my 2nd try. I actually crack all the boxes in the list before my first try, and I think probably I didn't fully understood all the knowledge and tactics then, so it's more about copying what ippsec did. I'll revisit all the boxes and make sure I fully understand and master the knowledge and skills involving poping all these boxes before I sit my next try.
    Thanks for the advice on the BOF.

  • Bugeye, I'm curious on where they said where your report was not good enough? Did they leave you any feedback on what they wanted in the report?

  • I recently got OSCP. There is no list of machines can give you an indication of what will appear on the exam. All you can do is visit as many machines as you can to get a solid general understanding of the process.
    The exam is not technically very tough. It is more about your performance really than the expertise you have. If you can pace yourself, be thorough and multi-task, you should be alright.
    Feel free to PM if any more advise is needed.

  • Type your comment> @okipower said:

    Bugeye, I'm curious on where they said where your report was not good enough? Did they leave you any feedback on what they wanted in the report?

    The report must have been dreadful if he rooted all 8 boxes on the exam and still failed!

    alt text

  • I just got the OSCP. That's the list I used as well. I didn't do any of the offsec labs, just the entire list above, watched the @ippsec videos and completed half of the active machines. About 50 systems in all. I also completely avoided metasploit while practicing.
  • Type your comment> @okipower said:

    Bugeye, I'm curious on where they said where your report was not good enough? Did they leave you any feedback on what they wanted in the report?

    i got no feedback, then i asked for a review and received feedback. My report was to brief, they want report to be an actually walk through of how to cut and paste complete the box. They do not want a pentest report .

    Arrexel
    GWAPT,Security+,VCP,A+,Server+,Linux+,Nework+

  • Cool, thanks for the tip. Sorry you have to go through additional pain on your next test :(

  • Type your comment> @op4sec said:

    Type your comment> @okipower said:

    Bugeye, I'm curious on where they said where your report was not good enough? Did they leave you any feedback on what they wanted in the report?

    i got no feedback, then i asked for a review and received feedback. My report was to brief, they want report to be an actually walk through of how to cut and paste complete the box. They do not want a pentest report .

    I'd been trying to corner their support team on that question as well. This was their response:

    "As outlined in the OSCP Exam Guide, you must document all of your attacks including all steps, commands issued, and console output in the form of a penetration test report.
    Your documentation should be thorough enough that your attacks can be replicated step-by-step by a technically competent reader."

    I hated that response, because then they also say only include what is relevant. So relevant is a pretty subjective term to me, as that's just a judgment call. So I plan to include output of anything that seems to need it. Like if i say I found a file with passwords in it, I'll probably throw a screenshot of the passwords in the file. I'll probably throw a screenshot in of a successful reverse shell. Stuff like that.

    So I got the same sense, that the report is less about a pen-test report and more of a walk-through. I plan to have all the sections on there like high level overview, discovered vulnerabilities, and stuff like that, but the main focus will be on the walk-through portion. What's funny is they have two copies of pen-test reports on their site as examples, and the newer one doesn't really fit what they seem to be looking for, as far as a total walk-through.

    Here's the link to the older 'narrative-based' report:
    https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf

    Newer report that is more like a pen-test and less like what they seem to want:
    https://www.offensive-security.com/pwk-online/PWKv1-REPORT.doc

  • edited September 22
    I got the feeling this might be the case once I started the very last section in the PDF. It is exactly that "copy & pasteable" walkthrough you describe.

    I then realized my lab machine report lacks lots of the commands as clear-text and also direct links to the exploits I used + the mods I made. I thought "if it's in the screenshots, good enough" and actually that makes the most sense. A "technically competent" will still have a lot of problems to set up a complex attack in Burpsuite, copy & paste or not.

    But it's super valuable to know, thanks so much for sharing.

    And I wanted to add: Very sorry you didn't make it on first try, even worse, while getting all flags. Don't be discouraged by this, you showed you can do it with ease, you'll make it again!

    Hack The Box
    Anger is more useful than despair - T800

  • One more thing I wanted to comment for everybody: I wouldn't skip the labs. If you're super confident about your methodology, ok go ahead. But I found the lab machines differ quite a bit from HTB machines. It's little things but it was enough to put me off a bit on my first week. I needed to adapt my autorecon script and overthink some of my routines. Doing 10 lab machines, all with different exploits, isn't something you gonna do in one day and I'm pretty happy I had the chance to train there.

    Why not do both, lab machined and HTB and practice reporting on the side?

    @jimmyzhang Can you tell a bit about the reversing? Did you do it? Anything on HTB that has similar difficulty?

    Hack The Box
    Anger is more useful than despair - T800

  • edited 12:35AM

    Type your comment> @j1024z said:

    I recently got OSCP. There is no list of machines can give you an indication of what will appear on the exam. All you can do is visit as many machines as you can to get a solid general understanding of the process.
    The exam is not technically very tough. It is more about your performance really than the expertise you have. If you can pace yourself, be thorough and multi-task, you should be alright.
    Feel free to PM if any more advise is needed.

    ^ This. I recently passed with 100pts. It's about time management and being good at enumeration. My 25pt box was pretty tough but the others were very straightforward once you found the thing. I posted my 'lessons learned' here: https://www.reddit.com/r/oscp/comments/ipvknw/passed_my_2nd_attempt_w_100pts_here_is_what_i/

    limelight

Sign In to comment.