Tips

Preparation Tips :

  • You’ll run out of techniques before time runs out. So learn as many techniques as possible that you always have an alternate option if something fails to produce output.

  • Try harder doesn’t mean you have to try the same exploit with 200x thread count or with an angry face. Go, enumerate harder.

Exam Tips :

  • Bruh you have unlimited breaks, use it. You aren’t writing your semester exam.

  • 24 reverts are plenty enough already. Go use it.

  • Caffeine is a must.

  • You’re not gonna pentest a real-world machine. You’re gonna try to hack into an intentionally vulnerable machine that is vulnerable to a specific exploit. Exploiting it right in 24 hours is your only goal. So, OSCP is actually a lot easier than real-world machines where you don’t know if the machine is vulnerable or not.

  • ippsec.rocks is a good resource to use if you need help in exploiting a specific service

Tip for Enumeration :

‌Enumerate more means:

  • Scan ports, scan all the ports, scan using different scanning techniques,

  • brute force web dirs, brute force web dirs using different wordlist and tools

  • check for file permissions, check for registry entries, check for writable folders, check for privileged processes and services, check for interesting files,

  • look for a more suitable exploit using searchsploit, search google for valuable information, etc.

  • webserver version, web app version, CMS version, plugin versions‌

Tip for Foothold :

  • Password reuse

  • The default password of the application / CMS

  • Guess the file location incase of LFI with username

  • username from any notes inside the machine might be useful for Bruteforce

  • Try harder doesn’t mean you have to try the same exploit with 200x thread count or with an angry face. Go, enumerate harder.