oscp exam restriction

vynx · July 2017

i just read about oscp exam restriction https://support.offensive-security.com/#!oscp-exam-guide.md#Exam_Restrictions:_Metasploit

[FONT=&quot]If you decide to use Metasploit or Meterpreter on a specific target and the attack fails, then you [/FONT]may not[FONT=&quot] attempt to use it on a second target. In other words, the use of Metasploit and Meterpreter becomes locked in as soon as you decide to use either one of them.

are we really need metasploit or dont need that for exam ?[/FONT]

saraguru · July 2017

vynx wrote: »

i just read about oscp exam restriction https://support.offensive-security.com/#!oscp-exam-guide.md#Exam_Restrictions:_Metasploit

[FONT=&amp]If you decide to use Metasploit or Meterpreter on a specific target and the attack fails, then you [/FONT]may not[FONT=&amp] attempt to use it on a second target. In other words, the use of Metasploit and Meterpreter becomes locked in as soon as you decide to use either one of them.

are we really need metasploit or dont need that for exam ?[/FONT]

The answer really depends upon your skill set and mind set. If you are really confident that you can do everything manually then you wouldn't be needing it for the exam at all. I know few of my friends passed the exam without even using their Metasploit lifeline. However, using Metasploit might same you time in some cases, which is what is the most important resource for the exam. If you can manage your time then you can pass the exam without much difficulty.

So, in the end whether you need Metasploit or not depends upon YOU!!!

Blucodex · July 2017

Once you decide your target, you can use MS as your heart desires on that target correct? Multiple exploits, etc?

vynx · July 2017

Blucodex wrote: »

Once you decide your target, you can use MS as your heart desires on that target correct? Multiple exploits, etc?

thats the thing which is i'm bit worry and confuse, are they need we like sniper ? 1 bullet 1 headshoot ?

BuhRock · July 2017

Basically, but the use of metasploit may not guarantee a root. It might get you local admin only, who knows.

unkn0wnsh3ll · July 2017

Just to clarify, I do have this doubt not exactly, but the usage of Meterpreter payload / Metasploit is restricted to One machine.
1. Does it mean either of the ones can be used in target?
2. When I use Multi/handler & setting up the reverse shell, we setup payload/windows/meterpreter/reverse_tcp, then set up Parameters, then executing thru the web or some way we get a reverse shell. At this point, it creates and provides a Meterpreter session. Is this only allowed to use in one machine?

I'm lost a bit when Offsec says Metasploit / Meterpreter can be used on only one machine? I take it as either of the ones can be used in one machine.

Please clarify me

Cheers

BuhRock · July 2017

Using a handler is allowed on any machine. The exam instructions will be very clear, but there are some machines they don't allow you to use metasploit exploits.

unkn0wnsh3ll · July 2017

ok, I get it. Since I have taken the exam earlier it was different rules and it does clearly state about usage and restrictions. But with new changes, it is confusing...
Using handler is allowed like reverse shell etc, but when we use "use payload/ etc.... etc" , then it is counted as Metasploit full usage / or "use payload/ etc....etc in Meterpreter session is counted as similarly. Either the one can be used... Hope my understanding is ok?

Cheers

vynx · July 2017

BuhRock wrote: »

Using a handler is allowed on any machine. The exam instructions will be very clear, but there are some machines they don't allow you to use metasploit exploits.

can someone explain to me what is handler in easy way ?

anyway if i download exploit from exploit db then compile it and run to hack the machine, it's allowed or not ?

JoJoCal19 · July 2017

vynx wrote: »

can someone explain to me what is handler in easy way ?

anyway if i download exploit from exploit db then compile it and run to hack the machine, it's allowed or not ?

Vynx, based on this post (and your other posts here), OSCP may not be a good idea to pursue. The OSCP requires a TON of research outside of the coursework, and really good research skills too. Posts like these don't indicate research is a strong point for you. During the PWK coursework people won't be there to answer basic questions. What is your background and certs if you don't mind me asking? Id hate to see you waste $800-1000 on the PWK course.

McxRisley · July 2017

Nobody has said it yet, so I guess that means I have to be the kinda ******* here but I'm only saying it to help those who have numerous questions along these lines. When you sign up for the course and before you take your exam. Offsec will provide all of the answers to all of your questions. If you have any concerns after reviewing the documentation, they have admins available that will answer any question regarding rules and restrictions that you may have. Some may also tell you the exact same thing I am going to say here, please read the documentation they send. I'll say it again, READ THE DOCUMENTATION.

vynx · July 2017

JoJoCal19 wrote: »

Vynx, based on this post (and your other posts here), OSCP may not be a good idea to pursue. The OSCP requires a TON of research outside of the coursework, and really good research skills too. Posts like these don't indicate research is a strong point for you. During the PWK coursework people won't be there to answer basic questions. What is your background and certs if you don't mind me asking? Id hate to see you waste $800-1000 on the PWK course.

i just newbie in pen test and want to learn more ...

JoJoCal19 · July 2017

vynx wrote: »

i just newbie in pen test and want to learn more ...

I may be in the minority opinion, and others feel free to chime in, but I don't think the OSCP is the right choice. I would look at eLearnSecurity's PTSv3 course and eJPT certification. Then after that evaluate if you're ready for OSCP.

vynx · July 2017

JoJoCal19 wrote: »

I may be in the minority opinion, and others feel free to chime in, but I don't think the OSCP is the right choice. I would look at eLearnSecurity's PTSv3 course and eJPT certification. Then after that evaluate if you're ready for OSCP.

i have take it and pass it ... now i'm in the middle to take eCPPT or OSCP ...

BuhRock · July 2017

I agree with JoJo. @Vynx, for these questions it's just better to read documentation provided by offsec and then ask offsec support. We have no authority over anything with offsec. If you're having technical questions, that's where you're going to need to just start trying yourself. Trial and error is a method you can try if you're a "noob". The OSCP is not a certification that you get your hand held through. To be honest I don't want the integrity of the cert hurt either, so you'll just need to .... try harder my friend.

Dr. Fluxx · July 2017

vynx

What certs do you have?
What is your background?
What have you studied so far in preparation for the OSCP?

vynx · July 2017

rather than discuss someone background,
i believe whatever the background, as long as have passion and spirit + Try Harder
i prefer preparing future OSCP

so far what i'm do, trying some vulnhub vm, HTB vm and after that maybe learning BO

oscp exam restriction

Comments