-
Notifications
You must be signed in to change notification settings - Fork 14
Exam
lethanhtung01011980 edited this page Dec 30, 2019
·
13 revisions
Ref:
We restrict the use of Metasploit on some of the exam challenges, and require documentation of your attack. You will be sent exam instructions with details on which challenges permit metasploit use.
- Using Metasploit to generate shellcode, or using the msf handler is NOT considered "using Metasploit".
- You can use any payload you wish on any of the exam machines, including meterpreter.
- You may only use 'getsystem' or similar privilege escalation commands inside meterpreter on machines which do not explicitly forbid Metasploit usage.
Restriction clarification
- Multi-handler is totally free for use on as many machines as you fancy. Meterpreter payload is not.
- All modules under exploit (EXCEPT multi-handler), post and auxiliary go under the same restriction as the meterpreter payload.
Btw, if you use staged payload and multi-handler, don't forget to specify the needed shell payload or it may give you meterpreter by default.
Am I allowed to use Nessus or similar scanners in the Exam ?
- Nessus, NeXpose, OpenVAS, or any other mass vulnerability scanners may NOT be used in the OSCP exam. This includes commercial exploit packs such as Metasploit Pro, Canvas, and Core Impact. We also prohibit the use of sqlmap, sqlninja, or any other similar tools.
- Single-target scanners such as DirBuster, Nikto or Metasploit's auxiliary modules are permitted to be used in the exam.
- https://medium.com/@falconspy/oscp-exam-attempt-1-1893df5a0a00
- https://medium.com/@falconspy/passing-oscp-exam-attempt-3-efce6b0d6f6c
The OSCP Exam consists of 5 machines. You, the student, are provided with objectives and point values for each machine.
- 25 point buffer overflow machine
- 25 point behemoth riddled with rabbit holes
- 2 x 20 point machines
- 10 point machine
You are provided a 6th machine to perform your debugging for the buffer overflow:
What the Exam Machines are like
- 1x10 pointer: this is easy boot to root machine. There will be a lot of ports open similar to Metasploitable but look for the unique service in a unique port. This took me 10 mins.
- 2x20 pointer: These will be similar to HTB machines such as October, Popcorn, Shocker, Beep.
- 2x25 pointer: One is Buffer Overflow and the other is a slightly harder, rabbit holed filled machine. Maybe Giddy, Jeeves.