OSCP Exam review "2019" + Notes & Gift inside!

Hey man, congratulations on passing your OSCP.

I am looking to do OSCP soon but I feel that I am not ready to do so especially after doing some of the “easy” HTB boxes.

Should I:

  • Do more HTB boxes before going on to OSCP or
  • Do the OSCP course and exam then use HTB as a means of upkeeping my skill?

Let me know your opinion.

FYI: I am an experienced Network Engineer.

@bansheepk said:

Congratilations on passing it the first time!!! I passed in the OSCP Exam on February 20th, but I failed multiples times, I started the PWK course having a very poor hacking knowledgement, and started learning everything during the course, and from there I met HTB. HTB really helped me to keep practicing to the exam after I pwned the whole offsec labs (except the PI box) and however I think the HTB machines intend to be more CTF-like boxes than offsec, the HTB boxes are much more difficult in general. I want to go for OSCE too as soon as I feel prepared, but I started reading “The Shellcoders Handbook” as a preparation for OSCE, but I couldnt replicate most of the things the book teaches, I could never develop a shellcode to pop a calculator on windows, even after reading corelan guides, because of that I am feeling unconfident.

I suggest you check Pentester Academy, they have some very useful courses that can help you a lot in learning shellcoding from scratch.

@pingunrchable said:
Hey man, congratulations on passing your OSCP.

I am looking to do OSCP soon but I feel that I am not ready to do so especially after doing some of the “easy” HTB boxes.

Should I:

  • Do more HTB boxes before going on to OSCP or
  • Do the OSCP course and exam then use HTB as a means of upkeeping my skill?

Let me know your opinion.

FYI: I am an experienced Network Engineer.

My advice is to start with OSCP, as their machines start from a very basic level, and gradually increase in difficulty, as they’re designed to take you through the learning curve.

Also, don’t feel bad if you give HTB’s machines difficult, as they have a different purpose, and much of the time can’t be solved quickly or very easily.

Type your comment> @21y4d said:

My advice is to start with OSCP, as their machines start from a very basic level, and gradually increase in difficulty, as they’re designed to take you through the learning curve.

Also, don’t feel bad if you give HTB’s machines difficult, as they have a different purpose, and much of the time can’t be solved quickly or very easily.

Thanks for your advice!

I will book my OSCP in a couple of weeks!

WIsh me luck.

For anyone interested, I have been doing some research on both OSCE & OSWE, and here’s my general idea.

If OSCP is focused on pen testing, these two certificates are focused on exploit development and advanced attacks.

Generally, OSCE focuses on finding and crafting advanced vulnerabilities for linux and Windows. OSWE is the same but for web applicatios.

You can find the following excellent study plan for OSCE, which can help you understand what’s needed from you before registering for the course:
https://www.abatchy.com/2017/03/osce-study-plan

Personally, I have registered to Pentester Academy, and started taking their excellent courses on relevant topics.

Once I feel I’m comfortable on all topics, I will register for the OSCE course.

OSCP is not a requirement for OSCE, since it focuses on a slightly different area, though I would recommend doing it before OSCE. However, OSCP is a prerequisite for OSWE.

OSWE is still new “less than a year”, so not many topics and reviews are available on it.

I hope this helps some people :slight_smile:

@21y4d Thanks so much for this man, due to start PWK in May and this is some encouraging stuff. One thing that has bothered me on HTB is the time it usually takes me to complete a box, and with time being a big factor in the exam, I worried this might hold me back!

Admittedly when I’m doing boxes on here they don’t have my fullest attention, but it’s still something I’m worried about. Any tips on how to maybe speed up approach etc?

@Epictetus said:
@21y4d Thanks so much for this man, due to start PWK in May and this is some encouraging stuff. One thing that has bothered me on HTB is the time it usually takes me to complete a box, and with time being a big factor in the exam, I worried this might hold me back!

Admittedly when I’m doing boxes on here they don’t have my fullest attention, but it’s still something I’m worried about. Any tips on how to maybe speed up approach etc?

HTB boxes are usually time consuming, so it’s not a good comparison. The most important thing is to not keep following a rabbit hole for too long, so you have to have a strategy of when to stop following something that is not working.

Once you start on the OSCP labs, you’ll understand the type of machines you are supposed to deal with, which is mostly using and modifying public exploits.

HTB boxes are relatively hard… in oscp exam also 2 boxes will be hard…medium here in HTB…remaining easy boxes here…
But in HTB now a days easy boxes becoming medium, medium becoming hard… just my observation…

I’m starting the OSCP course the 21th so this is really helpful, thank you.
The script is awesome, btw.

@Rayvenhawk said:

My advice in general is that if you didn’t pass in your second attempt, you should stop and rethink your approach. Otherwise, you will keep falling for the same mistakes, regardless of the number of times you take the exam.

In general, try to do the following:

  1. Have a strategy for Linux and another for Windows, and follow this strategy. This isn’t something complicated or advanced, but simply knowing your steps for each machine. You will follow your approach, and if one thing didn’t work, you stop and go to the next. If you checked everything and nothing worked, then take a look at the things you’ve enumerated, and prioritize them by the likelihood of being the intended way.

  2. Have a strategy for when to stop following something that does not work. Believe me, if it was the intended way, you would know. If something doesn’t work after several attempts, just skip to the next one. In the unlikelihood that it was the intended way, you can always go back to it.

  3. Have a strategy for the order you do the machines. My approach was first doing the BOF machine, as it was guaranteed. Then I did one of the 20 points machines, with my brain still fresh. Then, as I started to get a bit tired and wanted to take my first break, I did the 10 points machine. Then after the break, I did the other 20, and then the other 25.

Once you have those things in mind, it should be easier than the previous times, and hopefully you’ll get it on the next try…

Best wishes :slight_smile:

@21y4d First of all congrats for passing the exam. I’m planning to take the exam too anyways,

I have couple of questions - please bare with me, as this is my 1st comment :slight_smile: - for those who have taken the OSCP exam recently & might know the answer:

  1. Are we allowed during the exam period to check/read/use/copy out from our Exercise/Lab-notes or not?
  • I don’t think, that someone could know all codes/scripts/BOF & methods by heart, or?
  1. I saw in many comments (20 points box, 10 points box etc…) according to that, the exam has 2-20s, 1-10, 1 BOF 35, that leaves us with 15 point box, right?

  2. Regarding PrivEsc, are we allowed to use LinEnum/PowerUp.ps1 in the exam, or is it treated like sqlmap & Nessus?

  3. Regarding web application, are we allowed to use W3AF as audit tool?

Thanks in advance guys & wish you all the best :wink:

Amazing review, we need a lot more of these. Very informative, should be stickied or something.

Glad to hear you were able to pass your OSCP in 1 try! Very great achievement of yours.

Thank you again for the great review and nmap script :slight_smile:

Cheers

@xyzxyz said:
@21y4d First of all congrats for passing the exam. I’m planning to take the exam too

Thanks in advance guys & wish you all the best :wink:

1- Of course you can, and it is encouraged. Even if you have a writeup on a similar vulnerability you can refer to it. Basically, the only thing that isn’t allowed is if you have someone else do the exam “or parts of it” for you.

2-There’s no 35, the max is 25. I can’t specifically point out the box distribution “I think it’s not allowed” but you might find it online.

3-Yes you can. What isn’t allowed is auto exploitation, not auto recon/enumeration. Nessus is not allowed because it is a Pro “paid” tool.

4-I’m not sure, depends whether it’s free or not. You can ask the exam team about this.

I hope I could help :slight_smile:

About that nmapautomator script… "Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-02 23:50 EDT
Error #486: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!
" Did anyone come across this issue? If so, how did you fix?

@otg1062 said:
About that nmapautomator script… "Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-02 23:50 EDT
Error #486: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!
" Did anyone come across this issue? If so, how did you fix?

This happens if you did not follow the instructions when running the nmapAutomator.
Just follow the examples in the GitHub page.

Awesome script, feels a lot nicer than reconnoitre. I would suggest if you are going to run gobuster as default to add status codes 500 and 401.

@Derezzed said:
Awesome script, feels a lot nicer than reconnoitre. I would suggest if you are going to run gobuster as default to add status codes 500 and 401.

Will do… I started doing this lately as gobuster does not include them by default for some reason.

Really liking nmapAutomator so far. Thanks! And thanks for the OSCP review. That’s my next challenge.

@21y4d nmapAutomator has been great! I modified it locally just slightly (changed a few things to match my personal preference (i.e. added some additional defaults to gobuster and nikto). Your hard work is much appreciated, and congrats on your OSCP!

Thanks… I’m glad you like it, and feel free to modify it to match your preferences.
If anyone can improve upon can PM me so I can implement the ideas :slight_smile: