Advice: OSCP

Hello experts,

I am looking next year to embark on OSCP.

Are the labs like Mischief, Rabbit & the what I’d call the ‘sneakier’ type labs what you’d expect in this learning/examination? I love those labs as they’re a challenge but I can see myself failing miserably if it’s a few of those boxes on the exam!

Bear

No, not really. Most of the boxes in the OSCP labs are easier than the easy-rated boxes here. Also, most of the boxes there don’t have a CTF element. As far as I remember, I only encountered 2 boxes there that are CTFish, and it isn’t even that frustrating compared to the ones here. Mostly, OSCP boxes focuses on the enumeration and exploitation process.

Looking at your current HTB rank, I can say that you’ll probably ace the OSCP labs and exam. Goodluck!

Thanks for the advice!

No problem! Happy to help. Just keep on practicing here/building your methodology before your OSCP and you’ll be fine.

according to my OSCP experience,HTB labs harder than oscp exam labs.even HTB 20 points machines are harder than oscp exam box.mostly in OSCP exam forcus on Blind Command Injection and LFI and BOF. and 10 point for metasploit box.

When you say metasploit box, you’d get 10 points for using that to get priv esc or in general for using it (e.g, aux scanners?)

@Bear said:
When you say metasploit box, you’d get 10 points for using that to get priv esc or in general for using it (e.g, aux scanners?)

You are not allowed to use msfconsole in OSCP exam btw.

Is there anybody who can say that OSCP helped him in the career or business? (I am not hating it, just wondering if is it just “nice to have” or really helpful)

@Bear said:
When you say metasploit box, you’d get 10 points for using that to get priv esc or in general for using it (e.g, aux scanners?)

there is one Box lower point than any other four box,to use metasploit.no requre to do privs

@izzie said:

@Bear said:
When you say metasploit box, you’d get 10 points for using that to get priv esc or in general for using it (e.g, aux scanners?)

You are not allowed to use msfconsole in OSCP exam btw.

Metasploit is allowd to use one time but
The student are Restricted to use Metasploit on multiple machines duing the exam Exam

Yes, oscp helps your career. The exam is excellent. I found the exam much more enjoyable than the labs. It took me two attempts to pass the exam, because I made the exam harder than it actually was. You won’t need metasploit for any of it.

@izzie
To be honest, I try not to use metasploit anyway - I’ll just try not use it even more!

I have some ability around computing and have had a few years of experience of my own doing around the ‘scene’, for me OSCP is just a little decoration to the fact I’m actually able to do some things that I’ll be adding to my CV as an entry point into the paid employment doing it. Of course, it may backfire and be a 24 hours of stress for nothing, but having seen and spoken to some people that deal with top companies in top consultancies… I don’t think I have that much to worry about :slight_smile:

Thank you @delo

@Bear said:
Hello experts,

I am looking next year to embark on OSCP.

Are the labs like Mischief, Rabbit & the what I’d call the ‘sneakier’ type labs what you’d expect in this learning/examination? I love those labs as they’re a challenge but I can see myself failing miserably if it’s a few of those boxes on the exam!

Bear

This is a great question btw, so thanks for that.

@Bear said:
Hello experts,

I am looking next year to embark on OSCP.

Are the labs like Mischief, Rabbit & the what I’d call the ‘sneakier’ type labs what you’d expect in this learning/examination? I love those labs as they’re a challenge but I can see myself failing miserably if it’s a few of those boxes on the exam!

Bear

Machines are indeed easier in OSCP exam, but time mgmt. is issue. 24h is not so much for five machines, especially in the stressful exam conditions. If you stuck on one, there might be not enough time.

Agree with @macw141 . Time is real problem as are various ‘rabbit holes’. Approach is different in oscp as very rarely need to run 4 hour dirbusting scans. I found some htb machines easier than oscp. oscp requires a different mindset, one which has taken me a lot longer than I thought it would, especially coming from a development background. Still waiting for the magic passed email, although still working towards it!

so far in my small experience of HTB and oscp lab , i found oscp windows machines easier and the web exploitation is also not soo hard for getting reverse shell. but the big 4 machines in oscp lab is something i can say are harder, if someone like me faced those in exam for surely gonna fail

without breaking any rules i honestly thought the exam boxes a massive step up from the big 4 boxes

hi richeze - i hardly get any success with the big4 in the oscp lab, so far i rooted 30 machines in the lab, some people say oscp exam is not much harder but “try harder mantra” is something which keeps bugging me, i am not from the field of pentesting but what i experience here on htb and oscp lab gives me a mixed feeling on exam fail/pass :slight_smile: anything suggestions on gaining more skills would be helpful - thanks

hi guys - anyone wants to team up for OSCP? mine is next month, i am bit halfway way feel like not read :slight_smile: