OSCP Exam review "2019" + Notes & Gift inside!

About that nmapautomator script… "Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-02 23:50 EDT
Error #486: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!
" Did anyone come across this issue? If so, how did you fix?

@otg1062 said:
About that nmapautomator script… "Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-02 23:50 EDT
Error #486: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!
" Did anyone come across this issue? If so, how did you fix?

This happens if you did not follow the instructions when running the nmapAutomator.
Just follow the examples in the GitHub page.

Awesome script, feels a lot nicer than reconnoitre. I would suggest if you are going to run gobuster as default to add status codes 500 and 401.

@Derezzed said:
Awesome script, feels a lot nicer than reconnoitre. I would suggest if you are going to run gobuster as default to add status codes 500 and 401.

Will do… I started doing this lately as gobuster does not include them by default for some reason.

Really liking nmapAutomator so far. Thanks! And thanks for the OSCP review. That’s my next challenge.

@21y4d nmapAutomator has been great! I modified it locally just slightly (changed a few things to match my personal preference (i.e. added some additional defaults to gobuster and nikto). Your hard work is much appreciated, and congrats on your OSCP!

Thanks… I’m glad you like it, and feel free to modify it to match your preferences.
If anyone can improve upon can PM me so I can implement the ideas :slight_smile:

Thank you, thank you, thank you!

I have set the OSCP as my target in the near future. I got CEH a couple of months ago and I’m now reading everything I get my hands on, and getting new skills with the HTB boxes.

Your review has somehow calmed me down a bit, cause I had a much more difficult mental image of it (I’ll try not to get overconfident LOL).

Oh, and thanks for the script! I’m sure it will come handy in many scenarios!

@GibParadox said:
Thank you, thank you, thank you!

I have set the OSCP as my target in the near future. I got CEH a couple of months ago and I’m now reading everything I get my hands on, and getting new skills with the HTB boxes.

Your review has somehow calmed me down a bit, cause I had a much more difficult mental image of it (I’ll try not to get overconfident LOL).

Oh, and thanks for the script! I’m sure it will come handy in many scenarios!

Wish you all the best.
No need to panic, simply train hard and keep “trying harder” and you can definitely get there from your first attempt.

Recent machines I would rank as average OSCP exam level are “SwagShop and Luke”, which are probably one of the easiest currently active machines. Like I said, it’s a balance between difficulty, time, and rabbit holes, as you will have to do five of those.

Thank s for your review! Really helpful. I am taking the PWK course at the moment. In my second week of 90 days lab time.

Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Type your comment> @DameDrewby said:

Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Yes there is, I think it’s 2018 build of Kali at this point. It’s 32bit and contains a couple of extra things that don’t come with stock Kali. Personally I used my everyday 64bit build and only touched the 32bit for compiling 32bit exploits.

Type your comment> @BROX said:

Type your comment> @DameDrewby said:

Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Yes there is, I think it’s 2018 build of Kali at this point. It’s 32bit and contains a couple of extra things that don’t come with stock Kali. Personally I used my everyday 64bit build and only touched the 32bit for compiling 32bit exploits.

Understood, thanks.

@DameDrewby said:
Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Yes they do, and it is usually updated on yearly basis.
Personally I did not use it, and I think it is recommended for those who never used Kali, but if you have your own then there’s no good reason to switch.
The main two things in the VM are:
1-it’s 32-bit, to try out linux 32-bit BOF “which aren’t part of the exam, and a can still be compiled and tested on 64-bit machine”
2-It has a a bunch of extra applications installed, most of which aren’t needed for the exam.

So in case you already use Kali, there’s really no point to consider their VM.

Type your comment> @21y4d said:

@DameDrewby said:
Query about the PWK course / OSCP exam.
I read somewhere that a specific VM is provided for the course/exam to ensure that everything you need is available, is that the case still? If so how many used that VM over your own?

Yes they do, and it is usually updated on yearly basis.
Personally I did not use it, and I think it is recommended for those who never used Kali, but if you have your own then there’s no good reason to switch.
The main two things in the VM are:
1-it’s 32-bit, to try out linux 32-bit BOF “which aren’t part of the exam, and a can still be compiled and tested on 64-bit machine”
2-It has a a bunch of extra applications installed, most of which aren’t needed for the exam.

So in case you already use Kali, there’s really no point to consider their VM.

Perfect, thank you.

Great tool mate, will be using it on my exam!

Which box here on HTB was metasploit only?

@21y4d I’m a freshman in University, with a deep love of Linux, Any Windows “Strategy”/Course suggest for me? (I know very little about Windows, since HTB mostly in Linux)

@0verfl00w Any suggestion on doing Granny&Grandpa without MSF? (These machines retired.)

@kmahyyg said:
@21y4d I’m a freshman in University, with a deep love of Linux, Any Windows “Strategy”/Course suggest for me? (I know very little about Windows, since HTB mostly in Linux)

@0verfl00w Any suggestion on doing Granny&Grandpa without MSF? (These machines retired.)

The OSCP material on Windows is good, and most of their machines are Windows, so you’ll get plenty of exercise there.

My suggestion would be to get a VIP subscription here in HTB if you can, and go through retired Windows boxes following the PDF guides or @ippsec videos. You can start from easy boxes and go up, and that should give you a very good experience with Windows machines.

If you need more material after OSCP, you can check Pentester Academy, as they have several courses on Windows that cover various other areas.

I hope this helps.

Thank you for the info and the tool. Very very cool :slight_smile: