Metasploit Knowledge for OSCP

j22qj22q Registered Users Posts: 2 ■□□□□□□□□□
in Offensive Security: OSCP & OSCE
Hey, I'm currently preparing for the OSCP, I've heard use of Metasploit is limited so I was wondering would it be worth learning a lot about Metasploit before booking the lab or would it be a waste of time? Also as I've heard Metasploit scripts are often written in Ruby would picking up Ruby be necessary for the exam as well?

Other than Python, Bash and Perl is there any other languages I should start learning before booking the labs to give myself the best possible chance?

Thanks
· Share on FacebookShare on Twitter

Comments

  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    Metasploit can be used in the labs, just because it's restricted in the exam to one machine doesn't mean you shouldn't learn it. It's a great tool and very helpful throughout. The MSF Unleashed course is great, https://www.offensive-security.com/metasploit-unleashed/. Learning Ruby isn't necessary to use it, in the course there's some basic modules about adopting an MSF module to a stand alone exploit, the provided examples for everything stand alone is actually python.
    · Share on FacebookShare on Twitter
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    I know nothing about Ruby and am doing fine. I'd consider that up to you and what you'd like to add to your tool belt.

    As far as Metasploit goes, the fact is you will use it in the labs. You can't rely entirely on it in the exam, but you can use it and various parts of it on the lab machines as you go. That said, you'll learn a lot of that along the way, but if you just go through the Metasploit Unleashed free course on their web site, you should be well-prepared.

    For other languages, I found it best to just get an intro to Bash scripting and Python and Perl. Just enough to understand the syntax and how it works in general, and how to properly read someone else's small script.
    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
    · Share on FacebookShare on Twitter
  • j22qj22q Registered Users Posts: 2 ■□□□□□□□□□
    Great thanks for the help!
    · Share on FacebookShare on Twitter
  • TreySongTreySong Member Posts: 65 ■■■□□□□□□□
    LonerVamp wrote: »
    I know nothing about Ruby and am doing fine. I'd consider that up to you and what you'd like to add to your tool belt.

    As far as Metasploit goes, the fact is you will use it in the labs. You can't rely entirely on it in the exam, but you can use it and various parts of it on the lab machines as you go. That said, you'll learn a lot of that along the way, but if you just go through the Metasploit Unleashed free course on their web site, you should be well-prepared.

    For other languages, I found it best to just get an intro to Bash scripting and Python and Perl. Just enough to understand the syntax and how it works in general, and how to properly read someone else's small script.

    Very useful . Thanks.
    · Share on FacebookShare on Twitter
  • saragurusaraguru Member Posts: 46 ■■□□□□□□□□
    Just knowing the basics of metasploit is enough to get started with OSCP lab..however I would suggest getting used to "msfvenom" as you will rely on it most of the time to generate shell codes of various formats...other than that, I think it is possible to root almost all of the machines in the lab without using Metasploit..I have rooted nearly 15+ machines in the lab and used MSF to own one machine as I couldn't do it manually!!
    · Share on FacebookShare on Twitter
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    i am taking the course now and i havent really used MSF to pwn any machines (only msfvenom and meterpreter). dont waste your time with MSF. everything that you will need for MSF in the course will be in the materials that OffSec will give you. and honestly you dont need to really prepare with python and other scripting languages that much at all. i didnt really do any prep and im doing ok in the labs. if you know how to read and know how to google..youll do fine. sign up for the course and to extend the lab its only like couple hundred bucks. as long as you dedicate first 2-3 weeks to the materials (video and PDF), 2 to 4 hours every day and about 20 hours on the weekends.. youll do fine. now if you really want to prepare.. prepare by learning how to enumerate and how to privilege escalate. these 2 things will be something that will help you alot in the course... trust me.
    · Share on FacebookShare on Twitter
  • TreySongTreySong Member Posts: 65 ■■■□□□□□□□
    22306 wrote: »
    i am taking the course now and i havent really used MSF to pwn any machines (only msfvenom and meterpreter). dont waste your time with MSF. everything that you will need for MSF in the course will be in the materials that OffSec will give you. and honestly you dont need to really prepare with python and other scripting languages that much at all. i didnt really do any prep and im doing ok in the labs. if you know how to read and know how to google..youll do fine. sign up for the course and to extend the lab its only like couple hundred bucks. as long as you dedicate first 2-3 weeks to the materials (video and PDF), 2 to 4 hours every day and about 20 hours on the weekends.. youll do fine. now if you really want to prepare.. prepare by learning how to enumerate and how to privilege escalate. these 2 things will be something that will help you alot in the course... trust me.
    Thank you 22306!
    · Share on FacebookShare on Twitter
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    Good info. Taking notes.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.