A Script Kiddie’s guide to Passing OSCP on your first attempt.

When I was passing my OSCP debug machine had network connectivity with all other machines. Very fast connectivity … Scanning took seconds -:wink:

Congrats on passing the exam.
Nice write-up, and I’m glad you found nmapAutomator to be helpful:)

Good write up. Congrats buddy. Enjoy :slight_smile:
I can relate myself with your background with two kids and full time job(I have one kid, my commute is horrible 2 hours to and fro).
I am not able to spend more than an hour or two in a day. With Spring and summer coming up, that’s also going to be tough.

thanks

Congratulations on passing it ?

Thanks for taking the time to read and messages.
@21y4d - comparing your tool to Sparta, I found yours to be better. Not saying Sparta is not great, the way you layout the results is easier to digest in the terminal. Plus I find Sparta runs all the commands concurrently which causes minor performance problems, yours is sequential. Have you tried adding SearchSploit to your tool? I have this running on Sparta but output is not as clean.

@blacksh33p said:
Thanks for taking the time to read and messages.
@21y4d - comparing your tool to Sparta, I found yours to be better. Not saying Sparta is not great, the way you layout the results is easier to digest in the terminal. Plus I find Sparta runs all the commands concurrently which causes minor performance problems, yours is sequential. Have you tried adding SearchSploit to your tool? I have this running on Sparta but output is not as clean.

Glad you like it :slight_smile:
I didn’t add searchsploit because I run nmap vulners for CVEs based on Service flags and versions, which should do the same job as searchsploit.

Thanks for the write-up.

Dear blacksh33p

Consistent approach and clarity. Surely that gave you success. Well articulated write up on OSCP.
Really guiding.

Pl also give details of the vmware workstation image. Additional tools required to be installed, etc. Whether updates are ok or will hamper buffer overflow.

Type your comment> @singham said:

Pl also give details of the vmware workstation image. Additional tools required to be installed, etc. Whether updates are ok or will hamper buffer overflow.

Hi singham
The VMware workstation image I used for buffer overflow only had Immunity Debugger with Mona.py installed. Other than that, slmail, ftpfreefloat and minishare applications. Ftpfreefloat was the main application I used to practice. It was a Windows 7 machine so I just had to remember that my offsets will change after reboot due to ASLR.
I wouldnt bother with updating the buffer overflow VM because you will need to snapshot the base install so when the evaluation expires you can restore.

Congratulations. Very nice write-up. I have a question about your following comment

Also, with HTB some of the OSCP practice machines would only be online for a week
Do these machines get retire and that's why they are online for a week? Even with your 1-year subscription, you still don't get access to these machines?

@blacksh33p Thanks for this write-up. I used it to pass the OSCP exam in the past week. The biggest takeaway I had was to have a strategy for moving through the targets. That helped me tremendously. This was my second attempt. Having the prior experience, and your advice, helped me to manage my time. I had a 3 PM start time, took some breaks, and went to bed at 1 AM knowing I had about 65 points (55 points + partial credit for low-priv user on a 25 point target). I knew then I only had to wake up, and have 8 hours to take down the last 20 point target.

Hello everyone, ladies and gentlemen.
I do not work as a professional in digital security, I am a professional in maritime navigation (chief officer on the commercial fleet). But I’m 57 already, my pension is in my pocket, my granddaughter is growing up, etc. I would love to start working as a system administrator, pentester, etc. (it’s time to finish working in the fleet, but not to lie at home on the couch), but employers need “young and experienced” - an interesting wording. I have no doubt that I will pass this exam (I will prepare and pass, 800-900 $ for preparation is not large money), but what’s the point of not getting a job later?
So I will continue to have fun on HTB - a hobby is a hobby.
And I wish good luck to the youth …

@ZloyObezyan I think your best bet would be to go as a freelancer or start your own business as sysadmin/pentester.

i like this flood very much, thanks

Type your comment> @zalpha said:

@blacksh33p Thanks for this write-up. I used it to pass the OSCP exam in the past week. The biggest takeaway I had was to have a strategy for moving through the targets. That helped me tremendously. This was my second attempt. Having the prior experience, and your advice, helped me to manage my time. I had a 3 PM start time, took some breaks, and went to bed at 1 AM knowing I had about 65 points (55 points + partial credit for low-priv user on a 25 point target). I knew then I only had to wake up, and have 8 hours to take down the last 20 point target.

@zalpha - very nicely done! Having a game plan is key!

@kamransb said:
Congratulations. Very nice write-up. I have a question about your following comment

Also, with HTB some of the OSCP practice machines would only be online for a week
Do these machines get retire and that's why they are online for a week? Even with your 1-year subscription, you still don't get access to these machines?

@kamransb - sorry for the late reply. You dont have this issue anymore because they have changed the format here at HTB. Good luck if you attempt the exam.

Great analysis of the OSCP, I went into it earlier this year and overthought everything which was a major reason why I didn’t pass. Now I’ve spent a bit more time in the industry and started to think more logically about the entire process I feel that I would be better suited for this exam maybe in the next year or so. Experience is a must!

Thanks again!

Excellent writeup. Congrats on passing!