Hello All! I am back with my 4th update!
I know it has been awhile since I posted my last update (about 2 weeks), but trust me, it is because I have been working hard!
Boxes Rooted: 30!!
As you have seen above, I have successfully rooted 30 boxes! Wow. It has been quite a difference from 14 to 30. These last 2 weeks have been busy: summer classes started, plus OSCP, plus preparations for moving! I have been working on the OSCP for about 6-7 hours per day though, except for yesterday. I did not want to make another blog post until I reached the big 30, but yesterday I just crashed! For 27 days straight I have worked on this sucker, needless to say it took a toll! Yesterday was my first break from the OSCP (I only worked on it for about 2 hours). Though, I am proud to say that I just wrapped up my 30th box this morning!
Firstly, I would like to start off and say how I have been feeling this past month. For me, the OSCP has been like a dream; a weird one. This month has been full of roller coasters. One minute I am root dancing and the next minute I am immensely struggling. These past 27 days I haven’t been (fully) my normal self. My brain is always digesting this material, and it is hard! No matter if I am running errands, eating dinner, or chilling out I constantly feel a little out of it. My brain is just turning over and over trying to fully understand the puzzle before me. Any OSCP Alumni in here may have experienced the same thing! I don’t know how to explain it — and it is not bad! It is just different! What I am trying to articulate is that I have pounded my brain with so much complex information it is hard to go back to normality. After staring at a 20 sided Rubik’s cube for a month it is hard to worry about if there are enough eggs in the house! It is really cool, and really hard. Now let’s talk about the labs!
So, the labs. Ugh. Frustration. 2 weeks ago, my post revolved around how the labs were getting much easier, and still for the most part that is true. What I mean by easier is more comfortable. I no longer look at a web server or some random port and question what to do. I have developed a pretty solid methodology that, so far, has worked out for me. My enumeration is nearly all copy and paste straight out of my notes, and it never fails me. The post 2 weeks ago isn’t fully accurate in the sense that I am indeed more comfortable in these labs, but the boxes are starting to get a lot harder! Some days I was popping 2 boxes, some I popped 3, but recently that has started to slow down. My plate has gotten a little more cluttered with summer classes starting, but I am still pumping in nearly the same amount of time, so what gives? It is the box complexity. No longer are these machines enumerate, exploit, priv esc, root dance. These are starting to get much harder and complex, which is good! I am not struggling on these harder boxes in the sense that I don’t know what to do. I just have to take more time to figure out the right vulnerability and modify the exploit for the environment. As far as lab progress, I have nearly finished the public subnet. The only boxes remaining either have inter-dependencies that I haven’t found yet or are the big boxes. I have successfully taken down one of the big four, but I am hesitant to go after another one currently! So I am looking towards the other subnets…
The other Subnets:
So far I have discovered a couple of other subnets. These networks seem pretty cool, and they are much smaller than the main one *Whew* I have yet to dive into these and attack any more boxes, though I plan on starting one of them today. My goal at this point is to complete at least one box per day as I slug through these heavier boxes. I do not want to spoil anything with these subnets so I am a little limited in what I can say about them other than they seem cool!
Also, I was shocked at how fast the exam fills up. Seriously, it is around a month wait time! Whoa! So I already scheduled my exam.
July 31st, 10:00 am
It is coming up fast! Wish me luck!
The Lessons Learned:
- Right when you are starting to feel comfortable in these labs Offsec turns up the heat!
- Even if an exploit says it only works on whatever service pack (ie. SP2) and your box is a different service pack or a minor kernel version different, still try it!
- This one is similar to 2, read the exploit code carefully before using it! These labs are starting to require a decent few modifications before your exploits will work properly, it is not major, but you need to review the code carefully!
- Learn to chain exploits together! (ie. LFI might not be able to give you a reverse shell, but maybe coupled with another vulnerability and you are set!)
- Reverse shells, reverse shells, reverse shells! Know how to escalate command injection or backdoors into a reverse shell! It isn’t as simple as it may seem!
- Post Exploitation Enumeration! Dig deep! Pull out anything and everything that could be useful! So far I have done pretty well with this, but I have seen many people that have to dig through past boxes to pull up necessary info!
- Finally, take THOROUGH notes. If you use a command you may need to use in the future, chuck it in your notes! Also — right down a How-To guide for every box you complete. That way you can re-root a box if needed within a couple of minutes!
That is all for now everyone. 30 boxes down and more to come! I am working hard! I’ll post again soon. Thanks for reading.