.

Oscp exam limitation

<<

satish.lx

User avatar

Newbie
Newbie

Posts: 36

Joined: Thu Jun 17, 2010 1:15 pm

Post Wed Jun 01, 2011 5:13 pm

Oscp exam limitation

I heard about some limitation of exam like you can't use it something like that.

You can't use vuln tester, metaexploit etc. Anybody has full list?

If you can't use vuln tester then how could you find holes? And second question is sometime bruteforse cracking take time like hours or sometime days so how it going to work? If my machine is not enough powerful .. Sorry I'm
asking stupid question but these question really does matter for me. Hopeing good answer.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jun 01, 2011 5:50 pm

Re: Oscp exam limitation

Ok...  First off, it's ALL doable without automated tools.  I cannot really tell you about the limitations, except to say that if you learned what you should have, from the course, you should be able to pass without full vulnerability scanners, etc.  They won't give you things they don't expect you to know, or be able to research, in the time allotted, by way of manual methods and using regular tools (meaning no testing frameworks, etc)

Does that clarify enough, as it's all you'll really find out, before testing?  (NDA and all)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Jun 01, 2011 6:33 pm

Re: Oscp exam limitation

I remember asking this question when I was starting out. I remember getting obsessed with the test as I was two weeks in.... beginning to panic...I suspect you are just starting out in OSCP? Believe me when I tell you this, do not worry about the exam right now.

This stuff will all become clear as you begin to root the boxes in the labs. You will quickly learn that there are plenty of ways to pwn boxes without using metasploit or nessus. What you will (hopefully) get good at is figuring out what services are running and what versions of software are actually listening on those ports. From there you can find exploits to use.

Like hayabusa said, it is all doable without these tools, in fact its a bit more elegant to do so and way less noisy.

Make sense?
<<

satish.lx

User avatar

Newbie
Newbie

Posts: 36

Joined: Thu Jun 17, 2010 1:15 pm

Post Thu Jun 02, 2011 6:33 am

Re: Oscp exam limitation

Thanks for wonderful reply.

Yes, I'm in pre stage of OSCP. I planing to buy lab next month so before that I want to myself how I'm doing with basic security stuff.

One more question in exam you have to launch all attack from your own laptop or machine. Or they will provide some local machine to speed up attack :) 
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Jun 02, 2011 8:10 am

Re: Oscp exam limitation

You're provided with a VPN - all attacks are remote. The recommend using the backtrack distro.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Jun 02, 2011 11:17 am

Re: Oscp exam limitation

Here's a hint...  You can still pivot, or use a target machine which you've pwned, to access any other machines...  So you might want to spend some time brushing up on tools to be used from various OS's, in the event you use a target machine as a launching point to go after others.

But as cd1zz noted, it's VPN, and the initial attack will most definitely be remote, as will any / all scanning, unless you want to waste time, trying to nail one box first, then scanning AND attacking from there.  :(

You'll find, throughout the labs and the final exam, that you'll do far better if you learn to prepare scripts to do the work for you, and in conjunction with each other, simultaneously, to save time, as when you are in the final exam, 24 hours will go VERY quickly, if you don't.  As sil noted in other topics, recently, and others of us have previously, as well, having pre-canned scripts (which you can modify if needed for a specific purpose,) prepared and ready to go, will definitely help you, both for this certification, and in real world pentests.  It pays to use time wisely.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Jun 06, 2011 4:07 pm

Re: Oscp exam limitation

satish.lx wrote:I heard about some limitation of exam like you can't use it something like that.

You can't use vuln tester, metaexploit etc. Anybody has full list?

If you can't use vuln tester then how could you find holes? And second question is sometime bruteforse cracking take time like hours or sometime days so how it going to work? If my machine is not enough powerful .. Sorry I'm
asking stupid question but these question really does matter for me. Hopeing good answer.


If you had used a vuln tester during OSCE, you would've completed none of the challenges at all. PWB aka Penetration Testing / PenTesting With BackTrack is a course designed to learn you WHY you should NOT use vulnerability scanners, but learn to use the tools manually, eliminating false positives.

It's quite simple:
- Enumeration (A scanner does this automatic for you.)
- Version banner grabbing (A scanner does this too, and looks the version banner up in a database.)
- Exploitation / Confirmation (This can crash a target service. Some scanners will attempt exploitation, but not all.)

Therefore, if you're going for OSCP: Make sure you understand the course material, and that you've played in the labs as well, without the vulnerability scanners. You _don't_ need them. They're handy, and can help you during some tasks, but you can fine without, if you just learn to use the tools in e.g. BackTrack.

If you want a book, which also reminds you about why you shouldn't just use a vulnerability scanner, then read: The Penetration Testers Open Source Toolkit vol. 2

I know, it's not completely brand new and it's a couple of years old. Some of the syntax for commands may be outdated, but it's still useful and I still recommend it. Heck, even I just read it for fun sometimes. Well, I'm actually skipping through it to refresh parts I may have hidden far away, or to get new ideas just by looking at various examples.

So, if you eliminate the vulnerability scanner from your toolbox. What is pentesting aka penetration testing? That is called methodology, and that is something you will have to learn, along with the necessary tools, such as (and especially) NMAP.

You can do a lot with NMAP alone, and a scripting language like Ruby, Python or Perl. (I use Python because it's easier, for me that is.)

Good luck!  :)
I'm an InterN0T'er

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software