EH-Net

Ok this may not be allowed to ask but I have been thinking and in case I am crossing lines please let me know.

In a normal scenario If I were to pwn a machine remotely, after proper recon and all, I would create a local testbed for my exploits and test it against the local system before I launch it against the remote victim, Now how does this works out in exam scenario?? Are we expected to quickly test it locally or do we keep trying till we get the shell?

Please forgive me for my ignorance, I am yet to register but I just want to be sure what I am getting into.

In the exam, you will have a number of machines that you need to exploit, you can get partial points for partial access, meaning a local shell but not root/Administrator access will get you partial points. Full access (root/Administrator) will give you full points. Each exam scenario might be different but what will really help you is lab time and practice. The more time you can spend on different machines with different exploits, the better your chances are for passing the exam.

To answer your question: since you have limited time, you aren't expected to test possible exploits on a local system, that would mean having different flavours of OS running along with vulnerable web applications or vulnerable software installed locally which could be anything such as an FTP service, web browser, media player etc... Detailed reconnaissance will definitely help you, and good Google skills.
I highly recommend the course, the contents are explained clearly, the labs are great and if you spend as much time as you can in the labs and practice exploiting as many machines as possible, you should do fine in the exam.

Good luck!

Data_Raid covers it all, believe me, the 24 hours you get are not even close to the hours you will need to replicate and properly test/hack the systems in the exam. go for the kill straight ahead, no matter how dirty it is....good luck!

Thank guys. J0rDy, I read your walk-through, it was great read. You mentioned how there are things on exam which are not mentioned in courseware.. I would appreciate if you could provide some pointers about the books etc you had to refer.

I thought the exam was a pretty good reflection of what was covered in the course - though you will have to dig a little deeper on your own to make sure you fully understand the topics presented, and how to use them.

@blackzero, the exam lab is very cleverly set up it does make you try harder.

The exam is hard but not too hard, I would say it's just right.

How is your experience with exploit development blackzero? as you need to create an exploit to complete the exam, but remember Try Harder! :P

@TheXero, I have been working with exploit writing from couple of months now, I completed lupin's articles (awesome series) and first few tuts of corelan. I can write basic stack overflow and SEH based exploits with ease. But Adv topics like ASLR/DEP evading etc are still way above my understanding.

I want to cover most of the basic readings etc before I get into OSCP lab.

Thanks!

that will be more then enough to understand the buffer overflow part in the OSCP course. use the internet as your main resource and if you can't seem to find particular information (for example in depth knowledge of nmap) focus on available books. Good luck and i think you will do just fine!

SEH, ASLR, and DEP are covered in the OSCE course. You don't need to know anything about these three techniques in order to do OSCP exam (no secret here). In addition, you don't need Assembly knowledge either to take the PWB course. Everything you need to know for the OSCP exam is in the PWB course material. These advance techniques you mentioned are for the OSCE exam.

H1t M0nk3y, be careful of the spoilers, you may want to edit your post accordingly.

@TheXero: Thanks, my post was indeed borderline. I fixed it. All I wanted to say is not to be scared too much about this PWB course since it doesn't cover advanced exploit development techniques... But thanks for the comment!