Tips
Preparation Tips :
  • You’ll run out of techniques before time runs out. So learn as many techniques as possible that you always have an alternate option if something fails to produce output.
  • Try harder doesn’t mean you have to try the same exploit with 200x thread count or with an angry face. Go, enumerate harder.
Exam Tips :
  • Bruh you have unlimited breaks, use it. You aren’t writing your semester exam.
  • 24 reverts are plenty enough already. Go use it.
  • Caffeine is a must.
  • You’re not gonna pentest a real-world machine. You’re gonna try to hack into an intentionally vulnerable machine that is vulnerable to a specific exploit. Exploiting it right in 24 hours is your only goal. So, OSCP is actually a lot easier than real-world machines where you don’t know if the machine is vulnerable or not.
  • ippsec.rocks is a good resource to use if you need help in exploiting a specific service
Tip for Enumeration :
‌Enumerate more means:
  • Scan ports, scan all the ports, scan using different scanning techniques,
  • brute force web dirs, brute force web dirs using different wordlist and tools
  • check for file permissions, check for registry entries, check for writable folders, check for privileged processes and services, check for interesting files,
  • look for a more suitable exploit using searchsploit, search google for valuable information, etc.
  • webserver version, web app version, CMS version, plugin versions‌
Tip for Foothold :
  • Password reuse
  • The default password of the application / CMS
  • Guess the file location incase of LFI with username
  • username from any notes inside the machine might be useful for Bruteforce
  • Try harder doesn’t mean you have to try the same exploit with 200x thread count or with an angry face. Go, enumerate harder.
Last modified 1yr ago
Copy link