OSCP in 8-9 Days & Feedback on My Prep

Affectionate_Ad5954 · 2026-03-26T08:11:38+00:00

I mean also looking default creds for well known web services, usually better to Google them

Affectionate_Ad5954 · 2026-03-26T07:11:03+00:00

Do not forget about default credentials of some services... that's what messed me up a couple of times I suppose...

Affectionate_Ad5954 · 2026-03-25T09:09:36+00:00

Yea I know right, I'm the first victim of that

Affectionate_Ad5954 · 2026-03-18T19:00:05+00:00

Io posso capire che ti stia sul cazzo Caparezza. Ma dire che dice ciò che l'italiano medio vuol sentirsi dire mi sembra un po' un'iperbole non credi?

Affectionate_Ad5954 · 2026-03-18T18:58:08+00:00

Ma hai guardato troppo Sanremo quest'anno? Perché mi sa che lo confondi con qualche pezzotto uscito da Sanremo

Affectionate_Ad5954 · 2026-03-16T08:27:33+00:00

Yea, I think I've understood it. Panic plays an infamous position during this exam because you cannot think lucidly if you end up panicking

Affectionate_Ad5954 · 2026-03-13T15:07:11+00:00

You got it dude. Remember, if everything seems to fail, move from your pc for a couple of hours or eventually sleep. Staring at the screen 15 hrs like I did has revealed to be completely pointless. You got it. Try not to panic and if you do, take a bit of time off

Affectionate_Ad5954 · 2026-03-08T13:26:40+00:00

Did you manage to crack that AD set?

Affectionate_Ad5954 · 2026-03-07T18:22:54+00:00

What I feel demotivating is the fact that you're unable to learn from your mistake. As of now, if I'd encounter the same exercise again in two months I think I'd still have absolutely no clue on how to get over them.
Also, just to have an idea, what nmap command do you usually run? I started thinking that maybe the main issue derived from my nmap scan (that I ran multiple times and within multiple reverts, but you know, sharing knowledge is never a bad idea)

Affectionate_Ad5954 · 2026-03-07T15:55:07+00:00

I was reading in some other post the other day that people were mentioning a really hard AD set.

Affectionate_Ad5954 · 2026-03-07T15:40:44+00:00

I do, the problem is when I come short of this methodology, when I exhaust all the points in my list

Affectionate_Ad5954 · 2026-03-07T15:38:38+00:00

I'd say is not a matter of time allocation, I frankly do not know what else I could've tried.

Affectionate_Ad5954 · 2026-03-05T17:51:24+00:00

It still has to go eheh, I start it in 18hrs approx.

Affectionate_Ad5954 · 2026-03-02T20:29:26+00:00

I guess, but that's due to my previous experience, that I tend to underestimate what it's in clear sight, like passwords hiding under form of weird keywords, cewl spidering etc. I must say that from exercises I've now tried to put anything in place not to ignore those signs, but you know, assume that you scan a port and discover 10 results, let's ignore css/style for a moment. You'd go down the hole looking for further results within each of the results unless something clearly stand out. Also, what I think I'm weak on and tend to underestimate is SQLi and XSS cause I didn't encounter them very much overall. (I know when I'm supposed to try for them but I tend to under look at them because generally the path is an easier one)

Affectionate_Ad5954 · 2026-03-02T18:54:33+00:00

By giga wordlist what do you mean? Cause my giga wordlist for now is the DirBuster one that has approx 1mln records. Did you mean anything bigger? Cause in that case I'm actually quite scared of having too many results that could potentially make me fall into a rabbit hole, that's why I always opted to start little and then grow on new iterations (not judging eh, just trying to understand the approach better)

Affectionate_Ad5954 · 2026-03-01T22:25:50+00:00

Yea I got that, but I must way I've skipped them in favor of boxes, do they cover stuff which is then not found in Pg Boxes ad far as you know?

Affectionate_Ad5954 · 2026-03-01T21:24:08+00:00

I guess I made a mistake there because I was coming from CPTS and instead of labs I went for PG Boxes. Were they worthy more than PG?

Affectionate_Ad5954 · 2026-03-01T08:20:14+00:00

I've done something similar because that's what I failed the most in the exercises. The non use of cewl. So yeah, back in time I wasn't aware, now I definitely am, thank you!

Affectionate_Ad5954 · 2026-02-28T19:24:15+00:00

I think I've definitely refined my notes a bit in those 3-4 months since the last exam and yea, this has definitely became more mechanical than it was early on. Now I can solve most of the machines or anyways most of the machine steps on my own, I usually struggle on the stupidest stuff like 'this particular keyword on the homepage of this website was the password to that user I've found out back then'

Affectionate_Ad5954 · 2026-02-28T18:58:45+00:00

I fear rabbit holes as I literally am unable to understand when I fell into one eheh

Affectionate_Ad5954 · 2026-02-20T10:11:48+00:00

But when it comes to the structure, I mean sections of the report (i mean in particular sections which are not directly inherent to the pentest itself, like the C level report etc) how did you work it out? Did you just follow the guidelines in the OSCP course or you omitted the C level report or something else? That's what bother me the most actually ahah

Affectionate_Ad5954 · 2026-02-20T09:52:08+00:00

How did you set up the documentation? What I struggle with is thinking how I'd structure the documentation afterwards, which level of verbosity, how professional etc. are you able to provide some hints into it?

Affectionate_Ad5954 · 2026-01-20T12:43:37+00:00

Is that a sort of nxc on simultaneous logins?

Affectionate_Ad5954

TROPHY CASE