OSCP Strategy

Viewing 14 reply threads
  • Author
    Posts
    • #5658
      cd1zz
      Participant

      I’m currently 2 weeks into the OSCP. I heard that for the final exam you are only able to use Metasploit one time. Armed with that new information, I’m trying to ween myself off my favorite tool and go back to a manual process.

      My question for the OSCP cert folks is about a strategy. If for example, you find a box that is vulnerable to ms08-067, instead of using metasploit, you’d have to search for the exploit and find a POC. Then, you’d have to understand the code to enough to be able to fix it for your own environment. Would you say this is correct?

      If this is so, I’d say you’ve got to master fingerprinting and have ninja skills in finding exploit POCs.

      Your thoughts?

    • #35598
      KrisTeason
      Participant

      Proof-of-Concepts, modifying existing exploits, etc – all of these concepts are covered in later on modules. Understanding the code enough to be able to fix it for the appropriate situation is what will play a huge part in any pen-test you do.

      I’d say you’ve got to master fingerprinting and have ninja skills in finding exploit POCs.

      This is a definite. No one taking the course is suppose to reveal any specific details about the exam itself, but whenever you do plan on taking the exam be prepared for anything. The OffSec guys have put together a great course and you truly have a lot in store for you. Be sure you grasp each attack vector and take advantage of the lab time you paid for.

      -Kris

    • #35599
      caissyd
      Participant

      @cd1zz: My best advice would be:

      1) Go through the videos
      2) Do all exercises, including the “Extra Mile” ones
      3) Hack your way into many, many, many, many lab machines and find your way into the other networks (dev, IT and admin)
      4) Then worry about what you are missing for the exam

      The exam is very tough and it is too big to discuss learning strategies here. But if you follow these 4 steps, you should be fine!

    • #35600
      mambru
      Participant

      I don’t know what to say about the challenge without giving away important details about the contents and working, but xXxKrisxXx and H1t M0nk3y have made very important points. Remember, fingerprinting is crucial for a successful pen test.

    • #35601
      linares189
      Participant

      Hey all. I’m also going through the course and spending a lot of hours in the lab banging away at things. I’ve had some problems getting nmap scans to work, which might hurt for time in the challenge maybe. (Nmap reports host is down though I can reach it through other means like netcat, etc. not sure if this is how it’s “supposed” to work in the lab or not.) Doing things more manually sounds better but may push a 24 hour window, wouldn’t it?

      linares

    • #35602
      COm_BOY
      Participant

      @linares189 wrote:

      Hey all. I’m also going through the course and spending a lot of hours in the lab banging away at things. I’ve had some problems getting nmap scans to work, which might hurt for time in the challenge maybe. (Nmap reports host is down though I can reach it through other means like netcat, etc. not sure if this is how it’s “supposed” to work in the lab or not.) Doing things more manually sounds better but may push a 24 hour window, wouldn’t it?

      linares

      Try -T2 or similar for nmap scans and it should be fine . I think its a problem with they VPN they used .

    • #35603
      linares189
      Participant

      @COm_BOY wrote:

      Try -T2 or similar for nmap scans and it should be fine . I think its a problem with they VPN they used .

      Will do thanks. I was trying -PN and no game. As long as I know it’s a bug and not a feature I’ll just try em all.

      linares

    • #35604
      COm_BOY
      Participant

      @linares189 wrote:

      @COm_BOY wrote:

      Try -T2 or similar for nmap scans and it should be fine . I think its a problem with they VPN they used .

      Will do thanks. I was trying -PN and no game. As long as I know it’s a bug and not a feature I’ll just try em all.

      linares

      -PN or -P0 means to avoid ping request since there are lot of host computers out there ( web )  which will block icmp and I would recommend to use this option normally , other then that -Tx ( where x is 0-5 ) means timings templates , remember 0-1 is for IDS 🙂 . Other then that if they are still using OpenVPN I think its a problem what that , other wise it should run fine on other VPNs in real world .

      Best of Luck

    • #35605
      ssherei
      Participant

      well since your taking OSCP then the answer for you question will be withing the course modules trust me 😀 i know

    • #35606
      cd1zz
      Participant

      Here we are – 2 months later and I passed the exam. Now I see the light 🙂

      I’ve documented the experience on my blog:
      http://networkadminsecrets.blogspot.com/

      Thanks for everyone’s input.

    • #35607
      Pookie
      Participant

      Congrats on passing!

    • #35608
      impelse
      Participant

      Congrats

    • #35609
      Anquilas
      Participant

      Nice review, congrats on passing!

    • #35610
      alucian
      Participant

      Congrats!
      Nice review, it made me think again about doing the course.

      I would like to go in the architecture / risk mgmt on the long run, but I still strongly believe that if don’t know how the attacks are done you are not a good security specialist.
      Doing a course like OSCP will help you more than enough understand how the things are working. Also, being a guy that works best under pressure I will full enjoy the rithm of the course. Being in Canada and having winter untill April, it will be a good way to enjoy.
      The biggest problem will be my wife (and the kids) …  ::)
      Hmmmm

    • #35611
      hayabusa
      Participant

      As another who fully understands, I’d say you’ve got the right mindset (with the wife and kids,) but I’ll tell you, you’ll find a way to make it work, and it’s worth it when you’ve done it.

Viewing 14 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?