A public exploit says it works for version X.Y but your target is X.Y+1. Best next step?
Validate vulnerability behavior and adjust exploit assumptions; don’t assume minor version means safe/vuln.
Exploit needs a hardcoded callback IP. Why does it fail in labs sometimes?
Wrong LHOST/LPORT or NAT/VPN interface mismatch.
Your reverse shell connects but immediately dies. What do you do?
Try a more stable payload/transport, check firewall/EDR, and stabilize the shell.
Exploit script is Python 2 and fails on Python 3. What’s the safest approach?
Port minimally (print/bytes), test incrementally, and document changes.
Exploit requires a specific URL path that 404s. What does that suggest?
Different app layout/config; re-enumerate to find correct endpoint and update exploit.
You suspect a buffer overflow requires specific bad-char handling. What’s the key next step?
Identify bad chars via controlled tests and regenerate payload accordingly.
Your exploit works only once; then service crashes/restarts. How report?
Document exact conditions, impact risk, and recommend safer validation/remediation.
You can get code execution but only as low-priv user. What’s next?
Shift to privilege escalation enumeration immediately; don’t over-focus on initial exploit.
You need to automate parsing of 1000 directories for interesting files. What’s best?
Write a small script to filter for keywords/extensions and log hits.
You have multiple possible exploits. How choose?
Prefer the simplest, least disruptive, most reliable path with clear evidence.
Your exploit requires compilation on target. What do you consider?
Tool availability, permissions, and whether compiling is allowed/feasible; prefer prebuilt minimal binaries when permitted.
A Metasploit module exists, but you can do it manually. Which is better for OSCP?
Either can be allowed, but manual understanding and clear documentation often reduces surprises and improves reporting.
