+ Reply to Thread
Results 1 to 17 of 17
  1. Senior Member
    Join Date
    May 2017
    Posts
    125
    #1

    Default oscp exam restriction

    i just read about oscp exam restriction https://support.offensive-security.c...ns:_Metasploit

    If you decide to use Metasploit or Meterpreter on a specific target and the attack fails, then you may not attempt to use it on a second target. In other words, the use of Metasploit and Meterpreter becomes locked in as soon as you decide to use either one of them.

    are we really need metasploit or dont need that for exam ?
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #2
    Quote Originally Posted by vynx View Post
    i just read about oscp exam restriction https://support.offensive-security.c...ns:_Metasploit

    If you decide to use Metasploit or Meterpreter on a specific target and the attack fails, then you may not attempt to use it on a second target. In other words, the use of Metasploit and Meterpreter becomes locked in as soon as you decide to use either one of them.

    are we really need metasploit or dont need that for exam ?
    The answer really depends upon your skill set and mind set. If you are really confident that you can do everything manually then you wouldn't be needing it for the exam at all. I know few of my friends passed the exam without even using their Metasploit lifeline. However, using Metasploit might same you time in some cases, which is what is the most important resource for the exam. If you can manage your time then you can pass the exam without much difficulty.

    So, in the end whether you need Metasploit or not depends upon YOU!!!
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    246

    Certifications
    CISSP, C|EH, C|HFI, MCSA 2012, MCSA 2008, Security +, Net+, A+
    #3
    Once you decide your target, you can use MS as your heart desires on that target correct? Multiple exploits, etc?
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2017
    Posts
    125
    #4
    Quote Originally Posted by Blucodex View Post
    Once you decide your target, you can use MS as your heart desires on that target correct? Multiple exploits, etc?
    thats the thing which is i'm bit worry and confuse, are they need we like sniper ? 1 bullet 1 headshoot ?
    Reply With Quote Quote  

  6. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #5
    Basically, but the use of metasploit may not guarantee a root. It might get you local admin only, who knows.
    Reply With Quote Quote  

  7. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #6
    Just to clarify, I do have this doubt not exactly, but the usage of Meterpreter payload / Metasploit is restricted to One machine.
    1. Does it mean either of the ones can be used in target?
    2. When I use Multi/handler & setting up the reverse shell, we setup payload/windows/meterpreter/reverse_tcp, then set up Parameters, then executing thru the web or some way we get a reverse shell. At this point, it creates and provides a Meterpreter session. Is this only allowed to use in one machine?

    I'm lost a bit when Offsec says Metasploit / Meterpreter can be used on only one machine? I take it as either of the ones can be used in one machine.

    Please clarify me

    Cheers
    Reply With Quote Quote  

  8. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #7
    Using a handler is allowed on any machine. The exam instructions will be very clear, but there are some machines they don't allow you to use metasploit exploits.
    Reply With Quote Quote  

  9. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #8
    ok, I get it. Since I have taken the exam earlier it was different rules and it does clearly state about usage and restrictions. But with new changes, it is confusing...
    Using handler is allowed like reverse shell etc, but when we use "use payload/ etc.... etc" , then it is counted as Metasploit full usage / or "use payload/ etc....etc in Meterpreter session is counted as similarly. Either the one can be used... Hope my understanding is ok?

    Cheers
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    May 2017
    Posts
    125
    #9
    Quote Originally Posted by BuhRock View Post
    Using a handler is allowed on any machine. The exam instructions will be very clear, but there are some machines they don't allow you to use metasploit exploits.
    can someone explain to me what is handler in easy way ?

    anyway if i download exploit from exploit db then compile it and run to hack the machine, it's allowed or not ?
    Reply With Quote Quote  

  11. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,357

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #10
    Quote Originally Posted by vynx View Post
    can someone explain to me what is handler in easy way ?

    anyway if i download exploit from exploit db then compile it and run to hack the machine, it's allowed or not ?
    Vynx, based on this post (and your other posts here), OSCP may not be a good idea to pursue. The OSCP requires a TON of research outside of the coursework, and really good research skills too. Posts like these don't indicate research is a strong point for you. During the PWK coursework people won't be there to answer basic questions. What is your background and certs if you don't mind me asking? Id hate to see you waste $800-1000 on the PWK course.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  12. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    235

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #11
    Nobody has said it yet, so I guess that means I have to be the kinda ******* here but I'm only saying it to help those who have numerous questions along these lines. When you sign up for the course and before you take your exam. Offsec will provide all of the answers to all of your questions. If you have any concerns after reviewing the documentation, they have admins available that will answer any question regarding rules and restrictions that you may have. Some may also tell you the exact same thing I am going to say here, please read the documentation they send. I'll say it again, READ THE DOCUMENTATION.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    May 2017
    Posts
    125
    #12
    Quote Originally Posted by JoJoCal19 View Post
    Vynx, based on this post (and your other posts here), OSCP may not be a good idea to pursue. The OSCP requires a TON of research outside of the coursework, and really good research skills too. Posts like these don't indicate research is a strong point for you. During the PWK coursework people won't be there to answer basic questions. What is your background and certs if you don't mind me asking? Id hate to see you waste $800-1000 on the PWK course.
    i just newbie in pen test and want to learn more ...
    Reply With Quote Quote  

  14. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,357

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #13
    Quote Originally Posted by vynx View Post
    i just newbie in pen test and want to learn more ...
    I may be in the minority opinion, and others feel free to chime in, but I don't think the OSCP is the right choice. I would look at eLearnSecurity's PTSv3 course and eJPT certification. Then after that evaluate if you're ready for OSCP.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    May 2017
    Posts
    125
    #14
    Quote Originally Posted by JoJoCal19 View Post
    I may be in the minority opinion, and others feel free to chime in, but I don't think the OSCP is the right choice. I would look at eLearnSecurity's PTSv3 course and eJPT certification. Then after that evaluate if you're ready for OSCP.
    i have take it and pass it ... now i'm in the middle to take eCPPT or OSCP ...
    Reply With Quote Quote  

  16. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #15
    I agree with JoJo. @Vynx, for these questions it's just better to read documentation provided by offsec and then ask offsec support. We have no authority over anything with offsec. If you're having technical questions, that's where you're going to need to just start trying yourself. Trial and error is a method you can try if you're a "noob". The OSCP is not a certification that you get your hand held through. To be honest I don't want the integrity of the cert hurt either, so you'll just need to .... try harder my friend.
    Reply With Quote Quote  

  17. Member
    Join Date
    Jan 2017
    Posts
    96
    #16
    vynx

    What certs do you have?
    What is your background?
    What have you studied so far in preparation for the OSCP?
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    May 2017
    Posts
    125
    #17
    rather than discuss someone background,
    i believe whatever the background, as long as have passion and spirit + Try Harder
    i prefer preparing future OSCP
    so far what i'm do, trying some vulnhub vm, HTB vm and after that maybe learning BO
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks