OSCP – advice and grasp

This topic contains 3 replies, has 2 voices, and was last updated by  KrisTeason 8 years, 10 months ago.

  • Author
    Posts
  • #5779
     mackwage 
    Participant

    Greetings all! This is mainly directed towards those holding the OSCP status.

    I have passed the CEH and took the PWB version 2.0 course last year. I failed the final cert test (so I have a great idea of what is on it so don’t worry about spoiling anything for me) but did not schedule a retake as many of life’s hurdles got in the way.

    I recently purchased the upgrade to the 3.0 version as well as extra lab time and a cert test retake. I have around 30 days left in the labs, completed all of the modules and started penetrating some of the machines in the first student network.

    I have two grand questions and I understand the first one is rather subjective because it can have many variables:

    1. How far do you personally think one should be able to penetrate the thinc.local network before being comfortable with the cert test? Like I said, I understand it’s a very subjective question but your take on information in the labs and exploits performed in the thinc.local network versus the cert test would help great.

    2. What outside resources have you used to further develop your learning of the content? Specifically do you have any great links to sites that you found particularly informative or helpful on the different topics? I have done TONS of Google searching and found some useful sites but a LOT of outdated ones as well.

    Thanks in advance!

  • #36264
     KrisTeason 
    Participant

    hey mackwage,

    welcome to the forums. I’m not too sure if the v2 examination differs between the v3 examination but I’d imagine it would. To answer your first question:

    1. How far do you personally think one should be able to penetrate the thinc.local network before being comfortable with the cert test? Like I said, I understand it’s a very subjective question but you take on information in the labs and exploits performed in the thinc.local network versus the cert test would help great.

    A similar question was asked on the offsec forums which you should have access to, and a summarized answer to it was that they suggest penetrating a minimum of the all of the machines in the student network disregarding some of the harder machines. The link to this thread can be found here.
    My personal opinion on this is I think you should penetrate every machine you can in order to help prep you for the exam. I personally wasn’t able to hit every machine on the student network but I did get access to all 4 subnets and hit a few machines on them too. Every successful penetration into any lab machine makes you feel more ready for the exam.

    2. What outside resources have you used to further development your learning of the content? Specifically do you have any great links to sites that you found particularly informative or helpful on the different topics? I have done TONS of Google searching and found some useful sites but a LOT of outdated ones as well.

    I had posted my review of Pentesting With BackTrack on my site (but it’s currently down right now), you may want to check out this link in a couple of days -> My PWB v3 Experience. I still have access to the resources that helped me out throughout the entire course so hopefully these will help you out:

    http://carnal0wnage.blogspot.com/

    http://www.exploit-db.com/

    http://securityfocus.com

    http://ethicalhacker.net

    http://www.offensive-security.com/metasploit-unleashed/

    http://irongeek.com

    http://securitytube.net/

    http://www.packetstormsecurity.org/

    http://www.securityaegis.com/

    http://synjunkie.blogspot.com/

    http://www.corelan.be:8800/

    Milw0rm was up at the time and it helped out too – but the sites gone now. That’s okay though because exploit-db’s taken over the project. There’s a few active OSCP’s on this forum so don’t hesitate to ask other questions, were here to help! Good luck on your adventure in the course, I had tons of fun!

    -kris

  • #36265
     mackwage 
    Participant

    Thanks greatly for you quick answers and links! I have not been to the last six sites you listed.

    The main area I am trying to focus on right now is priv escalation. On many of the lab machines I have low priv shells and am having a difficult time escalating to root/system/admin.

    I look forward to seeing your site once it is up!

    Thanks again!

  • #36266
     KrisTeason 
    Participant

    Your welcome. Privilege escalation is definitely a necessity in the course! I’ll bump this thread when it’s back up if it gets backed up too far.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?