Viewing 17 reply threads
  • Author
    • #7188

      Greetings white hats and hackers!

      I decided to take the OSCP but first of all I’d have some questions about this exam.

      First: If I learn and understand the course, I will be able to pass?
      I have no programming skills.

      I’m a 2 years experienced sysadmin with RHCE and CCNA Security as additional certs.

      Thanks a lot!

      PS: What’s the pass procent rate at first attempt?

    • #44915

      Welcome to the forums 🙂

      I think having that level of Linux knowledge is going to help out a lot. You don’t need to be an expert programmer, but it would help to start playing around with Python and getting the basics down.

      Google has a free two-day course: and there are plenty of other Python resources mentioned regularly if you search around the forums a bit.

      I don’t think they publish pass percentages, but this is a fairly difficult exam. Unlike most others, technical knowledge alone won’t get you through this. You really need to have the right mindset and be good at solving puzzles, organizing and correlating information, etc.

    • #44916

      The course and course syllabus are merely a suggestion or a way to “point you in the right direction.” There is quite a bit of outside research that you’ll go through on your own. Don’t get me wrong, the course materials are very valuable but its not a typical course/exam like you’re probably used to.

    • #44917

      This is a great course to aim for, but you need to have something to stand on when you get there. There are plenty of great sites out there with all kinds of hacking challenges as well as vulnerable VM’s that you can download and test yourself on. This site as well as others have exercises to try as well. This is not like sitting and writing in memorized answers, it is a practical and will take more work to get ready for.

    • #44918

      If you learn and understand the course and spend some time (meaning hacking) in the lab then you will be ok.
      Advanced programming skills are not really needed, just basic bash/python scripting is needed.

    • #44919

      Hello uid0,

      Welcome aboard ! The exam is pretty hardcore I thought but if you understand all the concepts enough and practice in the VPN labs, you should be able to get a passing score. It sounds like you have solid linux and networking experience, but PWB is a highly Offensive Attacking course. How are you pen testing skills? Have you used Metasploit, are you familiar with nmap, do you know how to perform Web App attacks, privilege escalation? Though the course will teach most of these, it’s best to have experience doing/using these prior to walking in just to make sure your comfortable. What I listed off was of course a minor subset of the topics you’ll cover.

      I would even say just practicing as much as you can that is inside the PWB syllabus with VMs for a little bit would help you out. Lab time is so precious in the course. Being unfamiliar with some tools may take away from lab time when your having to research them. I would highly recommend going with the 90 days lab access just to make sure your fully prepped for the examination.

      You don’t need to be a good coder but even understanding the basics helps out. Dynamik’s link is great to get you started with python, there’s also this useful thread. Another great resource for you would be the OSCP Section here on the forum. This is great because there’s 4 pages of information of folks who have taken the course, are getting ready for it, and have wanted similar suggestions like yourself. Here is my PWB v3 Review – I think it’s a great read because I listed off some of my background prior to going in. Cd1zz’s Review is also great.

      Ultimately my main advice is although you fit the pre-reqs, I would get well familiar with the syllabus before officially signing up. Setup your own lab and practice in it! Learn some python. Purchase the 90 days just be make sure you’ll be well prepped, and prepare for some pain (:

    • #44920

      Hi everyone,

      Thank you for being so kind.

      @xXxKrisxXx I’m familiar with tools such sniffers/scanners linke tcpdump or nmap.

      I dont’t know what metasploit is, never used it. Google it but I’m not sure what should I do.

      Also, syllabus = prereqs?

      I would estimate my networking/*NIX skills as being high but only on the whitehat side. That’s why I’m emotive about this exam.

    • #44921

      @uid0 – see the following, RE: Metasploit:

      This is where, as noted, you’ll have to be prepared to do a lot of Googling and outside research.  OSCP teaches a lot, but they also rely on your abilities to dig and research (just as you would in a real pentest, in real-life.)

      As for the syllabus, it’ll give you an idea of what will be covered in the class, so that YOU can decide for yourself, whether or not you’re ready, or you feel you need to brush up on some areas, before taking the class.

      Good luck, and if more questions, ask away!

    • #44922

      If you consider yourself to be strong with *nix and networking, I honestly think you’re in better shape than a lot of people when they start this one.

      I wouldn’t consider the syllabus to be prereqs (the course will teach you a lot along the way ;)), but if you see something on there where you feel like you’re totally clueless, you should probably brush-up on that a bit before trying the course. You want to get the most out of the lab time you pay for, so you don’t want to squander that learning how to perform basic activities. Aside from that, there aren’t any time constraints, so if you get stuck, you can always branch out and study that item, and then return to the course at a later date. You may want to start with only 30 days lab time to get a taste of what it’s like, and then add more whenever you feel ready. It’ll be slightly more expensive if you go that route, but that might be better than having more time available before you’re ready for it.

      Here’re some Metasploit resources to get you started:

      Metasploit can be kind of intimidating at first since it’s probably unlike anything you’ve used in the past. However, it’s really not bad at all once you get into it.

      If you want to get started, just download BackTrack and load it up in a VM (Virtual Box, VMware Player or Workstation) along with a vulnerable distro (Metasploitable, Damn Vulnerable Linux) and start playing around.

      Edit: I’m too slow for Hayabusa 🙁

    • #44923

      I’d say the same as dynamik said. If you are already that familiar with linux and networking, you shouldn’t have too much troubles to get through it.

      If you don’t have any programming experience and don’t know the very basic concepts such as loops etc. at all, you might want to spend some time on it prior of starting the course. This way you won’t spend too much of your lab time to go through with such basic things and you can concentrate on the main topics. Otherwise it shouldn’t be too hard to pick up those things during the course. Although programming is involved and it certainly helps if you can read some easy assembly instructions and adjust existing exploits to your needs (which is also covered in the course materials), it shouldn’t be a problem to go through the course materials and eventually pass the exam.

    • #44924

      Two additional questions please:

      – about the 30 days, they count the VPN connection time or the calendar entries?

      – If I fail, can I retake the exam only without any additional fees like VPN?

      Thank you!

      @dynamik ??????? damn vulnerable linux ????? Never heard of it but I’ll try it for sure!!! Haha this is gonna be fun.

    • #44925

      You get 30/60/whatever calendar days. The clock unfortunately starts immediately with the course. I personally wish you could choose when to start it, so you could get a bit more familiar with the material first, but that was not an option the last time I checked.

      I believe you’ll need to pay for a retake, but I can’t recall what the price is.

      There are a lot of vulnerable systems available: That should keep you busy 😮

      Also, just installing vanilla client/server versions of Windows with no patches and a few services running will work as well.

    • #44926

      @dynamik wrote:

      Edit: I’m too slow for Hayabusa 🙁


      dynamik often beats me to the punch, as I’m tied up with other things.  But I got him this time!

      Edit: BTW, the other book dynamik posted about is great, also.  It’s sitting on my desk, as we speak.

    • #44927


      This guy claims:

      The course / test challenge packages start at $750 US with cert retakes available for $60 if you don’t succeed on your first attempt.

      So the retake isn’t a full $750+$60?

    • #44928

      Yes, the retake will cost you only $60. No need to buy a lab extension. Although if you haven’t got all machines in the lab and failed the exam, it might be worth to extend your lab time for 15 or 30 days.

    • #44929

      Hi Guys,

      Sorry to kinda hijack a thread but I didn’t see the need in writing a new one.

      I see a lot of you have suggested learning Metasploit for the OSCP but am I right in believing that use of MSF in the exam is banned?

      Also, for clarity, is nmap and the meterpreter payload banned?

    • #44930

      Hi Dranex,

      Haven’t taken the OSCP (yet). However, AweSec wrote a nice review on the OSCP (see below) in which he mentions that the use of Metasploit is banned for the most part.
      Maybe it helps to anser your questions.

      @aweSEC wrote:

      I recently finished Offensive Security’s PWB course and the associated OSCP examination. My full review is available at my site, see here.

    • #44931

      @Dranex wrote:

      Hi Guys,

      Sorry to kinda hijack a thread but I didn’t see the need in writing a new one.

      I see a lot of you have suggested learning Metasploit for the OSCP but am I right in believing that use of MSF in the exam is banned?

      Also, for clarity, is nmap and the meterpreter payload banned?

      Metasploit can be used once in the exam (though for one of my questions it was expressly forbidden)
      nmap can be used – I used it with the nse scripts as well.
      Using a metasploit payload is ok – you’re not allowed to use getsystem though.

Viewing 17 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?