The reason its banned in OSCP is because the OSCP is in no way representative of a real world engagement.
The OSCP places a premium on hand jamming commands and doing everything manually, banning automation, because its trying to test if you understand the fundamentals.
Out in the real world, automation is encouraged. The goal is efficiency - getting the job done within the timeframe allowed by the client. Doing everything manually is horribly inefficient when you are on the clock.
It does annoy me that people take the wrong message from the OSCP, you should be automating away as much as possible so you can spend more time making novel discoveries and giving value to your customers.
I see what you are saying but engagements are not a matter of speed only either, you have restrictions and opsec requirements that prohibit you from automating certain things. If you have a decent EDR for example, even if you can evade the NGAV component,at least one of the commands LinPEAS runs will trigger an alert if the process execution alone is logged.
Enumerating with it isn't banned, only auto-exploiting is.
This reminds me, I had hopelessly locked myself out of sudo access on a production box. This tool helped me get root again and fix a glaring docker socket privesc left there by some script that auto-configured docker among other stuff. I would have never looked at socket permissions I didn't configure,especially not after initial deployment of the server.
It's on a staging environment - but if it was a production machine it would not be an issue. I have until the end of the week to finish and need to work as fast and effectively as possible. Anything that assists in this goal is welcome.
As someone mentioned in another reply it's not banned in the OSCP. Automating enumeration is actually encouraged - after all enumeration is collecting information. It's up to you as the tester to interpret the results. On the other hand, tools like OpenVAS, Nessus etc. are not permitted as they go further then basic enumeration.
nibbleshifter|3 years ago
The OSCP places a premium on hand jamming commands and doing everything manually, banning automation, because its trying to test if you understand the fundamentals.
Out in the real world, automation is encouraged. The goal is efficiency - getting the job done within the timeframe allowed by the client. Doing everything manually is horribly inefficient when you are on the clock.
It does annoy me that people take the wrong message from the OSCP, you should be automating away as much as possible so you can spend more time making novel discoveries and giving value to your customers.
badrabbit|3 years ago
badrabbit|3 years ago
This reminds me, I had hopelessly locked myself out of sudo access on a production box. This tool helped me get root again and fix a glaring docker socket privesc left there by some script that auto-configured docker among other stuff. I would have never looked at socket permissions I didn't configure,especially not after initial deployment of the server.
sasas|3 years ago
As someone mentioned in another reply it's not banned in the OSCP. Automating enumeration is actually encouraged - after all enumeration is collecting information. It's up to you as the tester to interpret the results. On the other hand, tools like OpenVAS, Nessus etc. are not permitted as they go further then basic enumeration.
some_random|3 years ago
warent|3 years ago
nibbleshifter|3 years ago
It has the annoying side effect of creating pentesters with a phobia of automation.