Preparation Tips :

• You’ll run out of techniques before time runs out. So learn as many techniques as possible that you always have an alternate option if something fails to produce output.

• Try harder doesn’t mean you have to try the same exploit with 200x thread count or with an angry face. Go, enumerate harder.

Exam Tips :

• Bruh you have unlimited breaks, use it. You aren’t writing your semester exam.

• 24 reverts are plenty enough already. Go use it.

• Caffeine is a must.

• You’re not gonna pentest a real-world machine. You’re gonna try to hack into an intentionally vulnerable machine that is vulnerable to a specific exploit. Exploiting it right in 24 hours is your only goal. So, OSCP is actually a lot easier than real-world machines where you don’t know if the machine is vulnerable or not.

• ippsec.rocks is a good resource to use if you need help in exploiting a specific service

Tip for Enumeration :

‌Enumerate more means:

• Scan ports, scan all the ports, scan using different scanning techniques,

• brute force web dirs, brute force web dirs using different wordlist and tools

• check for file permissions, check for registry entries, check for writable folders, check for privileged processes and services, check for interesting files,

• look for a more suitable exploit using searchsploit, search google for valuable information, etc.

• webserver version, web app version, CMS version, plugin versions‌

Tip for Foothold :‌

• Password reuse

• The default password of the application / CMS

• Guess the file location incase of LFI with username

• username from any notes inside the machine might be useful for Bruteforce

• Try harder doesn’t mean you have to try the same exploit with 200x thread count or with an angry face. Go, enumerate harder.