Look what came in the mail a few weeks ago!
For the curious, it took about a month for them to send the paper certificate and a little hard-plastic credit card sized version via DHL courier. They send you an email asking where you want it mailed, just in case you’ve switched apartments or something in between registering and passing the exam.
Also, I realized in my previous OSCP review that I forgot to mention a few things. I’ll list them here and also add them as an update to the original review post.
Things I Found Useful *UPDATE*
python -m SimpleHTTPServer 8080: a one-liner I still use on a daily basis. A lot easier and quicker than turning Apache on and off, in my humble opinion. Also nice because when you run it in your terminal, it prints all the incoming requests. So not only is it handy for hosting your malicious script or PHP, it’s also handy for quickly fuzzing for RFI on a web app. In fact, I got my foothold on one of the target boxes specifically because I was using this one-liner and it allowed me to see the incoming RFI (and troubleshoot that an additional file extension was getting tagged on and keeping my script from running). I usually use “8080” for the port, but you can change it at the end, in the case where it’s conflicting with another app or you’re trying to get around firewall restrictions. On every Linux and Mac I use, I keep this in my .bashrc with the alias “pythonwebserver”. Be aware that it’s “python -m http.server 8000” on Python 3, in case your environment uses it instead of the more common Python 2.x versions.
The Exam *UPDATE*
Something I found useful for keeping focus and blocking any outside noise was some good music while I hacked. When I’m trying to focus intensely, I found something instrumental is best for a background soundtrack. I’m sure a lot of you might like classical music of some sort, or maybe techno or retrowave…I’ll confess that I have a thing for video game music covers. In particular, I was listening to a lot of Minibosses and Bit Brigade to keep me pumped and get through the exam. If you’re into rock covers of NES music, I highly recommend them. You can buy all their stuff on Bandcamp, iTunes, and other places.