You know... Prior to me taking the exam, I thought I'd be a smart alec. After viewing the content for a week I decided to write an automated perl script to literally do the exam for me. The script consisted of using various tools against the output of nmap and other tools. Pretty much a bloated "if, while, for, and" script.
I had it all planned out. The program would start with the typical nmap scan, parse out the data of opened ports, I'd use another port to fingerprint the machine as precise as I could, then the program would re-parse out a "high percentage" rate of potential exploits against the target. I had it mapped out to a science. If THIS_OS && THIS_PORT && THIS_VERSION >= Milw0rmPoCs_or_Better ; then TEST_THIS_AND_RETURN_OUTPUT
Was such a butchered work of art in itself it was priceless. I tested it against a devel network I set up at home mirroring the versions of servers etc on my lab...
Test day... For one, I was like 3 hours behind the time since I mangled EST/PST timing... I figured, no sweat... Pfftt... My pwnge is going to be automated baby! No metasploit no problem... Long story short, about an hour after my perl voodoo was chugging along, I started experiencing unforseen BOFH like errors. It was then I realized that Mutts and the staff threw in a lot of curveballs. I ended up scrapping my program and doing the remainder of the test manually.
When I did the CPT exam... You don't even wanna know the asm slash c headaches I encountered. On the flip side, I never had a machine gone in 60 seconds much faster than on the CPT exam. On the second machine though... Man you talk about going back to the books on shellcoding, assembly, debugging (gdb though
so I got lucky). Nevertheless its Jack Koziol and company (Shellcoders Handbook) whose responsible for the CPT.
Good luck on the exams all who take it. OSCP was one of my favorites. CPT was a PITA... CEPT ... failed by one... I should have studied
Arrogance got the best of me... Of the two, (CPT, OSCP) I like the volume of machines to compromise on the OSCP. For the learning curve on advanced exploitation though... CPT.