OSCP Exam review "2019" + Notes & Gift inside!

@peek
Do check out
MS17-010/send_and_execute.py at master · helviojunior/MS17-010 · GitHub

Type your comment> @7axm1 said:

@peek
Do check out
https://github.com/helviojunior/MS17-010/blob/master/send_and_execute.py
i will test

Type your comment> @peek said:

Type your comment> @7axm1 said:

@peek
Do check out
https://github.com/helviojunior/MS17-010/blob/master/send_and_execute.py
i will test

I used it on PWK Lab and it worked quite well. Just look for a NamedPip

@Baikuya
Is this what you asked to look for
Managed services ??
Kindly correct me if I am wrong. :slight_smile:

Great tool! Thanks!

Very well written review. I started OSCP last year and had to take some time away after two failed exam attempts. Starting back up now using HTB so that I can have some of the same insight that you have given here. Thank you for writing this up as it justifies my decisions on how to prepare now.

Very good and guiding writeup. Great tool. I will try.
For OSCP whether kali 2019.4 can be used. If so, whether updates can be regular or we have to use without any update.
What extra tools are to be installed in kali.
I dont get this in any write up or I miss it.

Type your comment> @singham said:

Very good and guiding writeup. Great tool. I will try.
For OSCP whether kali 2019.4 can be used. If so, whether updates can be regular or we have to use without any update.
What extra tools are to be installed in kali.
I dont get this in any write up or I miss it.

I just took the exam on July 26th, and got confirmation that I passed 2 days ago. I can tell you that I did not use the Kali image that was provided to me for the PWK course. I used Kali 2019.2. I did apply some updates to it, and I installed some extra tools. Mostly these were tools, and scripts, that I discovered to help me in my attacking boxes on HTB.

In reply to some of the things you said about no auto exploits, and anyone can chime in on this, does that include things like autoblue or things along those lines?

Hi ,thank you so much for that detailed review.

I wanna ask about this BOF machine.

Does it has to be windows or can be linux also?

Thansk

@cspence10 said:
In reply to some of the things you said about no auto exploits, and anyone can chime in on this, does that include things like autoblue or things along those lines?

Basically any tool that does the exploitation for you is not allowed, apart from Metasploit, which is allowed on 1 machine only.

You mainly have to know how to find, edit, and use exploit scripts “in Python, C, PHP…etc”

@Tugzen said:
Hi ,thank you so much for that detailed review.

I wanna ask about this BOF machine.

Does it has to be windows or can be linux also?

Thansk

Only Windows, similar to the demo shown on the OSCP course, and similar to the Windows machine you will receive with the course for BOF practice.

Just got here via another post, the tool is awesome! Thanks for developing it and releasing it for all of us to use

the script nmapAutomator it’s can be use in the exam ?

It will be great if you can create a bit detailed tutorial for nmapAutomator. I am sure I am missing something as I cannot seem to understand what additional this script does other than running run nmap. Sorry for my ignorance in advance but any help will be highly appreciated.

@ALASNOT said:
the script nmapAutomator it’s can be use in the exam ?

Of course… myself and so many others used it to great benefits :slight_smile:

@sultanrahi said:
It will be great if you can create a bit detailed tutorial for nmapAutomator. I am sure I am missing something as I cannot seem to understand what additional this script does other than running run nmap. Sorry for my ignorance in advance but any help will be highly appreciated.

There are different types of scans, and running it with ALL runs all scans.
The benefit is that it automates everything, including finding all possible ports and services and running recon on them, and finally finding potential vulnerabilities on them.

This is very beneficial when you run it in the background and go work on another machine, such that when you come back to it you’ll have all of the information ready for you, all fully automatically without needing any interaction from you.

Type your comment> @21y4d said:

@sultanrahi said:
It will be great if you can create a bit detailed tutorial for nmapAutomator. I am sure I am missing something as I cannot seem to understand what additional this script does other than running run nmap. Sorry for my ignorance in advance but any help will be highly appreciated.

There are different types of scans, and running it with ALL runs all scans.
The benefit is that it automates everything, including finding all possible ports and services and running recon on them, and finally finding potential vulnerabilities on them.

This is very beneficial when you run it in the background and go work on another machine, such that when you come back to it you’ll have all of the information ready for you, all fully automatically without needing any interaction from you.

I think for novices like me, it will be more beneficial if you can add any examples outputs for various input parameters. Like the ones provided in the AutoRecon tool

@sultanrahi said:
Type your comment> @21y4d said:

 > @sultanrahi said:
 > It will be great if you can create a bit detailed tutorial for nmapAutomator. I am sure I am missing something as I cannot seem to understand what additional this script does other than running run nmap. Sorry for my ignorance in advance but any help will be highly appreciated.

 There are different types of scans, and running it with ALL runs all scans.
 The benefit is that it automates everything, including finding all possible ports and services and running recon on them, and finally finding potential vulnerabilities on them.

 This is very beneficial when you run it in the background and go work on another machine, such that when you come back to it you'll have all of the information ready for you, all fully automatically without needing any interaction from you.

I think for novices like me, it will be more beneficial if you can add any examples outputs for various input parameters. Like the ones provided in the AutoRecon tool
GitHub - Tib3rius/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

I’ve made the script stupid simple to use, so anyone can easily use it. It has only 7 modes “I.e. Basic, Recon, All”, all of which can be seen with -h.

If you’re not sure what to use, just run it with “./nmapAutomator xx.xx.xx.xx All” and you’ll get everything.

I hope I could help :slight_smile:

Type your comment> @21y4d said:

I’m glad you like it guys…

@achayan
Actually you forget about the proctor once you start focusing on the exam. You cannot see the the proctor, as this would probably distract students, and would give a feeling that someone is watching you…
You can take short/long breaks whenever you need, you just need inform the proctor before leaving and after returning, so that they make sure they can still see your screen and webcam before you start working again.

At the beginning of the exam you will need to show your ID and to give a webcam tour of the room you’re in, and you should be alone in the room. Also, after a long break “several hours” you will have to scan the room again, which take around 30 seconds.

I guess I forgot to mention, but this was my only attempt at the exam. I’m pretty sure every attempt you would get different machines, as they have a big exam lab with so many machines you might get.

@21y4d Thank you for sharing this.