Open heyomayo opened 7 years ago
Wonderful, thank you very much! I was asking myself how legal this could be in terms of the exam. I will create a separate file and send a pull request.
Hey Guys! The OSCP exam guidelines are quite clear on this. NO Automated tools can be used during the exam. You CANNOT legally use this on the OSCP Exam. But it does come in handy on the labs and it does help teach you the output of different tools so you will know what tools to reach to when you encounter different services. Again I do not condone the use of this on the OSCP exam, I imagine you will get disqualified if you use it.
Regarding a setup @heyomayo mentioned, IMHO the guidelines are not that clear on this. Following the Exam Restrictions (https://support.offensive-security.com/#!oscp-exam-guide.md#Exam_Restrictions) list. Relevant parts in bold.
Another important part is:
The primary objective of the OSCP exam is to evaluate your skills in identifying and exploiting vulnerabilities, not in automating the process.
I would not use it for the exam, nevertheless IMHO not a clear ban. My two cents.
@heyomayo Just curious if you ended up using this tool (with your stated modifications) while taking the OSCP Exam. I have my exam coming up soon and have been weighing various options on approaching enumeration. While I agree with @avarx and @frizb in many ways, it does seem pretty clear that automating enumeration would not be in violation of the rules, as long as no 'banned' tools are being called in the process.
@gtrdlr could you imagine if you run Vanqish and then boom sqlimap runs and you're disqualified... You would need to modify the configs to make this work.
@ChristopherAnders definitely appreciate the response and totally agree that would be a HUGE bummer. I reviewed the attackplan.ini and config.ini (as per @heyomayo and a double-check of my own); I was able to see where it calls MSF and SQLMAP and remove those lines. I am re-running it now in the lab to see how/if that affects the tools effectiveness. As a fulltime pentester, I understand all of the tools and what they do; as you know, the major difference between the exam and a real pentest is the 24 hour window. My hope is to accelerate the enumeration pieces using a personal script or a well-built one I find to leave as much time as possible for exploitation/escalation.
Love this discussion! I would advise against using this on the OSCP exam. I (finally) passed my OSCP exam 2 weeks ago and volunteered for the "Proctored" exam. In the past I am quite sure that you could have used a tool such as Vanquish so long as you are able to describe how you came up with the results using a non-automated method in your report. I suspect that moving forward with the proctored exams they will be watching closely for violations like automated tools and certain metasploit modules. There were multiple shifts of exam proctors that monitored me for the duration of the OSCP exam. They must be notified whenever you leave the room and they were quick to notice if I stepped away to use the bathroom without giving them a heads up.
Running nmap scans against the 4 boxes in the background at the beginning of your exam along with some gobuster/dirsearch/dirbuster right out of the gate will save you time. But, if you are anything like me, you will end up spending most of your time hitting your head against the wall anyway. The automated tools dont really help with that process.
Hey there,
I noticed this is tagged 'OSCP' and you point to this project in your (fantastic) OSCP survival guide. In the stock attackplan.ini SQLMap gets ran which is banned in the OSCP exam. You might want to point that out in https://github.com/frizb/OSCP-Survival-Guide or provide an exam-safe attackplan.ini.
I was able to yank All the metasploit and SQLMap related commands from attackplan.ini and config.ini without incident. For anyone reading this who is going into the OSCP exam, you can safely delete lines 636-643 (everything that runs sqlmap) and lines 652-659 (everything that runs metasploit) in config.ini and everything after line 151 in attackplan.ini to be 100% safe.