thanks for the advice, I finished these books :

Metasploit - the penetration tester's guide
Practical Packet analysys

I'm currently reading :

The Web Applicatino Hacker's handbook

I'm also extending the lab for 90 days.

This trip is going to take much longer than I anticipated, mostly because of the huge workload of learning stuff on your own, you guys have to admit, the OSCP is all about the lab, it has less to do with learning from the videos and the pdf's. I see them more as a 'practical example' of theoretical stuff you have to learn on yourself. I wish I knew it before so I could have digged the books before I took the OSCP plunge. For that I would say their text what you should know before the OSCP is kind off misleading.

That might explain why almost nobody passes the test the first time.

It sounds like you're being very smart about this.

Thanks for sharing these books, please post any more that you really wish you had read first.

I want to make sure I'm ready to get the most from the course and I'm planning on just extending 90 days right at the start to make it a non issue.

DAY 21

Another day, another server ? I rooted another one. And this time, I have to say it was really really cool meaning -without spoiling it for the others- that I came across something that I said: Hey I might use this on server X, I tried it, and it worked.

Puts the counter on 5 servers rooted so far. Let's do some more reading further on the day and try another one tomorrow.

Instead of trying several servers at once, I now try to take 1 server out per day and try to hack it. Focused on only 1 server. It seems to be a little less frustrated and let me go deeper on the server but it makes me need to read more and more :-)

Let's see if I can hack another one tomorrow!

I can just say: They look just like a real server.

They are not like a clean image with patches missing, that's for sure.

Check out their pdf on their site, they address your questions.

Every server I came across has specific applications running.

Most servers can be compromised directly, but you will occasionally require information or functionality from another system. You should investigate each application, service, and system thoroughly as you go. Don't assume each system exists in a bubble.

Cool sounds like its going well

Try harder, try different.