Hey, I'm signed up for the 30 day OSCP course to start in about a month and have a few questions, I understand everyone is supposed to keep quiet about the exam so if this is breaking the rules please let me know.
So in the exam I've heard you have 5 machines on the network you have to get root on, are they all in the same IP range for example 192.168.0.1 -> 192.168.0.255 or is it more complicated than that? I'm guessing at the start they won't tell you what the IP addresses are as well? Also are there more machines on the network you aren't supposed to target to make things trickier?
I managed to get all the way through the Kioptrix 1.1 machine (walkthrough in the link is the way I did it) past the command injection part without a problem but then the rest I managed to do with a bit of difficulty. For the sake of my sanity I was wondering how difficult are the machines in the lab compared to this, disregarding the four or so scary ones I've heard about?
The one issue I'm having with the Kioptrix labs and metasploitable, which is making me feel a hell of a lot like a script kiddie is always searching searchsploit and google to find vulnerabilities and not being able to write them myself, I hear people saying a lot about in the OSCP you need to modify scripts but so far all I have had to do is download/find scripts, compile them or make them executable. Are there any other ways I'm supposed to modify scripts for the labs/exam and will I need to write my own scripts for exploitation or just for enumeration?
In a review of the course I read online someone mentioned the first two stages of a pentest should almost always be enumeration/ports etc, then finding services running etc, so far I assume these two are the same thing and I'm worried i'm missing something out, surely something like nmap -A or -sV would enumerate and find services right?
As I'm taking the 30 day i'm quite paranoid to get all of the basics covered as I possibly can before the time starts, I'm comfortable with the following:
nmap, command line, bash, python, perl, c, assembly, metasploit, decent understanding of a lot of the network protocols, wireshark, nc, dns zone transfers, SQL injections, basic javascript in XSS
Is there anything else I should look into before to give myself the best chance to do it in 30 days?
Thanks for spending the time to read, I hope this doesn't come under yet another OSCP thread