Tips
Preparation Tips :
You’ll run out of techniques before time runs out. So learn as many techniques as possible that you always have an alternate option if something fails to produce output.
Try harder doesn’t mean you have to try the same exploit with 200x thread count or with an angry face. Go, enumerate harder.
Exam Tips :
Bruh you have unlimited breaks, use it. You aren’t writing your semester exam.
24 reverts are plenty enough already. Go use it.
Caffeine is a must.
You’re not gonna pentest a real-world machine. You’re gonna try to hack into an intentionally vulnerable machine that is vulnerable to a specific exploit. Exploiting it right in 24 hours is your only goal. So, OSCP is actually a lot easier than real-world machines where you don’t know if the machine is vulnerable or not.
ippsec.rocks is a good resource to use if you need help in exploiting a specific service
Tip for Enumeration :
Enumerate more means:
Scan ports, scan all the ports, scan using different scanning techniques,
brute force web dirs, brute force web dirs using different wordlist and tools
check for file permissions, check for registry entries, check for writable folders, check for privileged processes and services, check for interesting files,
look for a more suitable exploit using searchsploit, search google for valuable information, etc.
webserver version, web app version, CMS version, plugin versions
Tip for Foothold :
Password reuse
The default password of the application / CMS
Guess the file location incase of LFI with username
username from any notes inside the machine might be useful for Bruteforce
Try harder doesn’t mean you have to try the same exploit with 200x thread count or with an angry face. Go, enumerate harder.
Last updated