i am studying for my oscp.
i have my challenge exam coming up soon.
i have ran out of lab time.
to pass the challenge i feel i may need some more experience in sql injection and creation of exploits.

could anyone advise me where i can find a few tutorials for the creation of exploits.
i would like the tutorial to be with current or easy to find software that is freeware/shareware.
i say this as the example in the oscp used software that is superseded and also not freeware/shareware.

the main parts of the sql injection i would like to practice is command injection and gaining shell.
also could someone please tell me how i could practice sql injection.
my guess is i would have to create the database that allowed sql injection to be preformed on.
and then practice on that.

I believe you can download some extra software to exploit from the offsec forums. 

As for tutorials on exploits, the are several videos in this forum as well as on the offsec forum taking you through the process of exploit development and bypassing different issues (i.e. pop pop ret).

I hope his helps.  Good luck with the exam!

I just love sausage pizza....

thanks guys.

ethicalhack3r thanks for your advise. that helped.

Orhan: i had also lost access to the offsec forums, that's why i posted for help here and not there.

but anyway i added more time.
so now i have access.

agurrutiac15,

I think if you applied yourself during the course you should be fine.  Also, by doing the extra credit questions you will have some bonus points to go towards your exam (should you need it). There are plenty to be had throughout the course. 

The exam can be a full 24 hours so get plently of rest and happy hacking!!

Good luck and let us know how you get on.

w00t!!

As you grow into your career, hopefully you'll share your thoughts and experiences with the EH-Net Community.

Don

Congrats agurrutiac15! Well done!