OSCP Exam review "2019" + Notes & Gift inside!

Amazing review, we need a lot more of these. Very informative, should be stickied or something.

Glad to hear you were able to pass your OSCP in 1 try! Very great achievement of yours.

Thank you again for the great review and nmap script :slight_smile:

Cheers

@xyzxyz said:
@21y4d First of all congrats for passing the exam. I’m planning to take the exam too

Thanks in advance guys & wish you all the best :wink:

1- Of course you can, and it is encouraged. Even if you have a writeup on a similar vulnerability you can refer to it. Basically, the only thing that isn’t allowed is if you have someone else do the exam “or parts of it” for you.

2-There’s no 35, the max is 25. I can’t specifically point out the box distribution “I think it’s not allowed” but you might find it online.

3-Yes you can. What isn’t allowed is auto exploitation, not auto recon/enumeration. Nessus is not allowed because it is a Pro “paid” tool.

4-I’m not sure, depends whether it’s free or not. You can ask the exam team about this.

I hope I could help :slight_smile:

About that nmapautomator script… "Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-02 23:50 EDT
Error #486: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!
" Did anyone come across this issue? If so, how did you fix?

@otg1062 said:
About that nmapautomator script… "Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-02 23:50 EDT
Error #486: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!
" Did anyone come across this issue? If so, how did you fix?

This happens if you did not follow the instructions when running the nmapAutomator.
Just follow the examples in the GitHub page.

Awesome script, feels a lot nicer than reconnoitre. I would suggest if you are going to run gobuster as default to add status codes 500 and 401.

@Derezzed said:
Awesome script, feels a lot nicer than reconnoitre. I would suggest if you are going to run gobuster as default to add status codes 500 and 401.

Will do… I started doing this lately as gobuster does not include them by default for some reason.

Really liking nmapAutomator so far. Thanks! And thanks for the OSCP review. That’s my next challenge.

@21y4d nmapAutomator has been great! I modified it locally just slightly (changed a few things to match my personal preference (i.e. added some additional defaults to gobuster and nikto). Your hard work is much appreciated, and congrats on your OSCP!

Thanks… I’m glad you like it, and feel free to modify it to match your preferences.
If anyone can improve upon can PM me so I can implement the ideas :slight_smile:

Thank you, thank you, thank you!

I have set the OSCP as my target in the near future. I got CEH a couple of months ago and I’m now reading everything I get my hands on, and getting new skills with the HTB boxes.

Your review has somehow calmed me down a bit, cause I had a much more difficult mental image of it (I’ll try not to get overconfident LOL).

Oh, and thanks for the script! I’m sure it will come handy in many scenarios!

@GibParadox said:
Thank you, thank you, thank you!

I have set the OSCP as my target in the near future. I got CEH a couple of months ago and I’m now reading everything I get my hands on, and getting new skills with the HTB boxes.

Your review has somehow calmed me down a bit, cause I had a much more difficult mental image of it (I’ll try not to get overconfident LOL).

Oh, and thanks for the script! I’m sure it will come handy in many scenarios!

Wish you all the best.
No need to panic, simply train hard and keep “trying harder” and you can definitely get there from your first attempt.

Recent machines I would rank as average OSCP exam level are “SwagShop and Luke”, which are probably one of the easiest currently active machines. Like I said, it’s a balance between difficulty, time, and rabbit holes, as you will have to do five of those.

Thank s for your review! Really helpful. I am taking the PWK course at the moment. In my second week of 90 days lab time.

Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Type your comment> @DameDrewby said:

Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Yes there is, I think it’s 2018 build of Kali at this point. It’s 32bit and contains a couple of extra things that don’t come with stock Kali. Personally I used my everyday 64bit build and only touched the 32bit for compiling 32bit exploits.

Type your comment> @BROX said:

Type your comment> @DameDrewby said:

Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Yes there is, I think it’s 2018 build of Kali at this point. It’s 32bit and contains a couple of extra things that don’t come with stock Kali. Personally I used my everyday 64bit build and only touched the 32bit for compiling 32bit exploits.

Understood, thanks.

@DameDrewby said:
Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Yes they do, and it is usually updated on yearly basis.
Personally I did not use it, and I think it is recommended for those who never used Kali, but if you have your own then there’s no good reason to switch.
The main two things in the VM are:
1-it’s 32-bit, to try out linux 32-bit BOF “which aren’t part of the exam, and a can still be compiled and tested on 64-bit machine”
2-It has a a bunch of extra applications installed, most of which aren’t needed for the exam.

So in case you already use Kali, there’s really no point to consider their VM.

Type your comment> @21y4d said:

@DameDrewby said:
Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Yes they do, and it is usually updated on yearly basis.
Personally I did not use it, and I think it is recommended for those who never used Kali, but if you have your own then there’s no good reason to switch.
The main two things in the VM are:
1-it’s 32-bit, to try out linux 32-bit BOF “which aren’t part of the exam, and a can still be compiled and tested on 64-bit machine”
2-It has a a bunch of extra applications installed, most of which aren’t needed for the exam.

So in case you already use Kali, there’s really no point to consider their VM.

Perfect, thank you.

Great tool mate, will be using it on my exam!

Which box here on HTB was metasploit only?

@21y4d I’m a freshman in University, with a deep love of Linux, Any Windows “Strategy”/Course suggest for me? (I know very little about Windows, since HTB mostly in Linux)

@0verfl00w Any suggestion on doing Granny&Grandpa without MSF? (These machines retired.)