Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.
From my experience, the PWK has everything you’ll need to pass the exam. I recommend trying to root as many lab machines as possible before taking the exam. In my opinion, what the OSCP is testing for is not testing your ability to conduct a Penetration Test. If you’re taking the exam, Offensive Security expects you to have gone through the course and learned its concepts. What the OSCP is really testing, is the efficiency in your Penetration Testing methodology. Hence the 24 hour-24 hour format. My advice to those taking the PWK course, is create a standard outline of the steps you will take when conducting a Pen Test. As you move through the course and the labs, continue to refine and improve it. Find a note-taking app of your preference, and for each machine you try to root, create boot2root writeups for each. It’ll be slow going at first, but slog through it. It’ll be worth it in the long run. Best of luck.
Thanks for the info. Im going for OSCP after summer. So in the meanwhile im practicing on here and a little virtual lab at home. Does the exam throw anything at you that is not covered in the PWK course? Or, is it a direct application of what you learn in PWK? I know there is a bunch of thinking outside the tesseract involved, but the last thing I want to do during a timed exam is searching for some one off exploit like we have to for the boxes on here.
Best of luck with the course!
It will throw a lot of stuff you should’ve learned in the labs, not the material so make sure you finish most of the public machines if not all.
Make sure you’re comfortable enumerating different ports.
I found port 2049 that’s nfs, let’s check for available mounts, oh SMB on can I list the shares? Port 80 let’s run dirb and nikto and do some manual scanning while that finish.
Found a web app/service name/version? Just throw it at exploit-db.com or searchsploit
Exploit not working? Don’t give up yet, is there something wrong with the code?
The labs will push you really hard, make sure you don’t go to the offsec forums for hints, you’ll ruin the experience even though they never give a really obvious hint.
Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?
Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?
Thanks
The exam breakdown is as follows:
You have access to a total of 6 servers
2 boxes are worth 25 pt each
2 boxes are worth 20 pt each
1 box is worth 10 pt
The extra server you have access to, you are given credentials to and is used for debugging purposes for the Buffer Overflow box.
Minimum score to pass is 75 pts. How you get to 75 pts, is up to you.
Hey thanks for the tips! I have a question. I have heard you have to collect 75 points in order to pass.
How many machines do you have access to try and exploit for the test?
Do you select what you will attack from a given network or you are assigned specific ones? How many machines you actually have to exploit in order to pass?
Thanks
Exactly like what @Boomstick said, you have to at least own 4 out of 5 to pass the test, idk if you own 3 (root) and 2 (local) will suffice though.
Thanks for the answers! A few more now haha
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?
Thanks for the answers! A few more now haha
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?
Nope
It’s 50/50 chance on the OS of each server
Nope, each server is a standalone. At least that was my experience.
I would say more like real-life. There isn’t any steganography or some bizarre cryptographic message you have to decode.
Thanks for the answers! A few more now haha
All of the target are Windows?
What OS are most likely to use?
Are they correlated in order to solve them all?
Machines are more CTF or real life?
Common CVE or manual exploitation?
No, each exam rotation is different they’re a mix between windows and linux.
They are not correlated, each machine has its own way in.
Hey, How much points they deduct if someone has submitted local.txt and proof.txt in control panel and also in the exam report, but forgot to add ifconfig command? do they deduct complete 20 points or do they just deduct 5,5 for each ( mean for local and proof)?
To what extent do we need to use programming skills here to modify exploits ? Do you recommend we take Python courses or Python for hacking sort of courses ? And what languages should we know
Also, is it true that the exploits are pretty obvious and it’s just a matter of using them correctly or modifying them if need be? This is putting aside falling into rabbit holes