I heard about some limitation of exam like you can't use it something like that.

You can't use vuln tester, metaexploit etc. Anybody has full list?

If you can't use vuln tester then how could you find holes? And second question is sometime bruteforse cracking take time like hours or sometime days so how it going to work? If my machine is not enough powerful .. Sorry I'm
asking stupid question but these question really does matter for me. Hopeing good answer.

I remember asking this question when I was starting out. I remember getting obsessed with the test as I was two weeks in.... beginning to panic...I suspect you are just starting out in OSCP? Believe me when I tell you this, do not worry about the exam right now.

This stuff will all become clear as you begin to root the boxes in the labs. You will quickly learn that there are plenty of ways to pwn boxes without using metasploit or nessus. What you will (hopefully) get good at is figuring out what services are running and what versions of software are actually listening on those ports. From there you can find exploits to use.

Like hayabusa said, it is all doable without these tools, in fact its a bit more elegant to do so and way less noisy.

Make sense?

You're provided with a VPN - all attacks are remote. The recommend using the backtrack distro.

If you had used a vuln tester during OSCE, you would've completed none of the challenges at all. PWB aka Penetration Testing / PenTesting With BackTrack is a course designed to learn you WHY you should NOT use vulnerability scanners, but learn to use the tools manually, eliminating false positives.

It's quite simple:
- Enumeration (A scanner does this automatic for you.)
- Version banner grabbing (A scanner does this too, and looks the version banner up in a database.)
- Exploitation / Confirmation (This can crash a target service. Some scanners will attempt exploitation, but not all.)

Therefore, if you're going for OSCP: Make sure you understand the course material, and that you've played in the labs as well, without the vulnerability scanners. You _don't_ need them. They're handy, and can help you during some tasks, but you can fine without, if you just learn to use the tools in e.g. BackTrack.

If you want a book, which also reminds you about why you shouldn't just use a vulnerability scanner, then read: The Penetration Testers Open Source Toolkit vol. 2

I know, it's not completely brand new and it's a couple of years old. Some of the syntax for commands may be outdated, but it's still useful and I still recommend it. Heck, even I just read it for fun sometimes. Well, I'm actually skipping through it to refresh parts I may have hidden far away, or to get new ideas just by looking at various examples.

So, if you eliminate the vulnerability scanner from your toolbox. What is pentesting aka penetration testing? That is called methodology, and that is something you will have to learn, along with the necessary tools, such as (and especially) NMAP.

You can do a lot with NMAP alone, and a scripting language like Ruby, Python or Perl. (I use Python because it's easier, for me that is.)

Good luck!