Options
Working on OSCP
datakan
Member Posts: 17 ■■□□□□□□□□
Wanted to say Hi. I've been lurking for a while and just registered. I'm presently working on the OSCP. I failed my first exam pretty terribly (mostly I choked, I don't work well under pressure and have always tested badly)
That said, I know what the exam is like now and feel good going into my next one. I've rooted 50+ systems in the lab. Another 8 on Hack The Box, a number of vulnhub systems. My weakness though is webapps and finding entry points. If anyone has recommendations in that regard I could surely use them. SQL is definitely hard for me.
Thanks everyone and thanks for such a great forum, it's been great reading through the posts, very helpful!
That said, I know what the exam is like now and feel good going into my next one. I've rooted 50+ systems in the lab. Another 8 on Hack The Box, a number of vulnhub systems. My weakness though is webapps and finding entry points. If anyone has recommendations in that regard I could surely use them. SQL is definitely hard for me.
Thanks everyone and thanks for such a great forum, it's been great reading through the posts, very helpful!
Comments
-
Optionst17hha
Member Posts: 52 ■■□□□□□□□□
Hi datakan,
I felt the same, I still do now yet I managed to pass the exam. I won't give too much away but think about the amount of time you have, offsec won't make it too difficult that you waste a lot of time on the entry point so sometimes it helps to keep it simple.
I would say the obvious: enumerate the domain for pages, scan using map & nikto, read scan input thoroughly, do some manual browsing, look for the version of the software and google vulnerabilities or issues, have a look at the source code for all pages, keep a list of all your backdoors for you to try, if you find a page which allows some input then look for what it does after you submit something whether that is cleartext or an iframe or some code, try simple authentication credentials as your not expected to brute force as this takes too long.
I hope that helps, I only managed around 22 machines and that was enough for me. I guess like you mentioned, it depends on the pressure and if you choke. I decided to do my first attempt before my lab expired so I could sit the exam again. This seemed to have kept me calm as the expectation was not too pass but to see how much I can score and be familiar with the content. In the end, I passed!!
Good luck and I hope you ace it next time! -
Optionsdatakan
Member Posts: 17 ■■□□□□□□□□
Thanks! I do need to slow down sometimes. I seem to rush too much when I think i've found something and then I start to ignore everything else. I have work to do
