Type your comment> @emmycat said:
Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.
Best of luck with the course!
It will throw a lot of stuff you should’ve learned in the labs, not the material so make sure you finish most of the public machines if not all.
Make sure you’re comfortable enumerating different ports.
I found port 2049 that’s nfs, let’s check for available mounts, oh SMB on can I list the shares? Port 80 let’s run dirb and nikto and do some manual scanning while that finish.
Found a web app/service name/version? Just throw it at exploit-db.com or searchsploit
Exploit not working? Don’t give up yet, is there something wrong with the code?
The labs will push you really hard, make sure you don’t go to the offsec forums for hints, you’ll ruin the experience even though they never give a really obvious hint.