Signed up for OSCP, have questions

zlykotzlykot Member Posts: 32 ■■□□□□□□□□
Hey folks,

I signed up for OSCP and waiting for my lab to open up this weekend. In the meantime I have a few questions.

1. I ended up buying the 30day lab, I understand that this includes the exam fee. Can I take the exam right away once the lab opens? if so are there any limitations as to the 2nd attempt if i don't pass?

2. The documentation says i can use metasploit once, does that limitation apply to the use of meterpreter payloads and msfvenom payload generation?

3. It says automated vuln scanners are not allowed, if so can I use nmap --script *? (asking for kicks)



  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Theoretically I think you can schedule the exam right away but there might be a waiting period to retake.

    Once you get access to the forums there is a lot of the information there and they give you very specific instructions.

    Most of the things not allowed when I took the exam a few years ago were auto pwn type tools.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Some of your questions can be answered here. I believe you could schedule your exam once you get into the labs, but you probably will have a wait unless there's an opening.

    Why would you want to take the exam right away? I can only really think of two reasons...

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • datakandatakan Member Posts: 17 ■■□□□□□□□□
    1) Yes but its not advised. Retakes are 60 bucks
    2) You can use msfvenom and multi-handler but thats it. Its a free for all on a single box. I didnt find it useful when I took my exam.
    3) nmap scripts are fine. They are referring to vulnerability scans like OpenVAS.

    You can read the exam guide here!
  • zlykotzlykot Member Posts: 32 ■■□□□□□□□□
    Thank you for posting the exam guide, its helpful.

    I have about 2 years pentesting experience and probably have a good chance of just passing the exam. Just trying to figure out my options. 60$ for a practice exam is a good deal ;)
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Start with the lab first if you think you can knock the exam out. The challenges are fun and you won't be able to renew lab membership once you have finished the exam.
  • datakandatakan Member Posts: 17 ■■□□□□□□□□
    Good luck. I wouldn't try to just test out though. Always something to learn in the lab.
  • zlykotzlykot Member Posts: 32 ■■□□□□□□□□
    Well it's been a week. I went through the material which was very brief and not very useful and spent an hour or two each day on the labs. At this point i have compromised a dozen boxes and have access to the other networks.

    At this point I decided to automate some of the boring stuff and prepare better tooling. I actually expected the boxes to be a bit more straight forward, instead i found out i have been spending a decent amount of time researching and fixing various exploits(trying not to use MSF). The other aspect is that some boxes are left in unusable state by other folks, so I started reverting them before starting. It would really be handy to have a system like HTB managing reverts.
  • zlykotzlykot Member Posts: 32 ■■□□□□□□□□
    Quick update: I took the exam yesterday and now awaiting results. Overall not too bad. I had to wait to get off of work to actually start on the exam (ran some scans in the meantime) but from 4pm til about 4am I rooted 4/5boxes. I went after the most points first so that should easily yield me a passing score.

    I have to say it was fun rampaging throughout the night to get it done.

    PS Scheduling the exams is a pita, they are booked a month out so schedule early.
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Awesome! Did you learn anything new from the labs or the exam?
  • zlykotzlykot Member Posts: 32 ■■□□□□□□□□
    I'm sure I learned a few things here and there, but I can't think of any specifics. I did enjoy the labs and the wide variety of vulnerable software.

    i would say playing around with exploit deveoplemnt prompted a bunch more interesting research esp ROP/aslr. My plan is to sign up for osce in the next few months. I have a few internal apps I have my eye on ,)

    the only advise I would offer to future test takers is to schedule the exam fairly quickly to level set your expectations. The exam is fairly straight forward.
Sign In or Register to comment.