tl;dr – Don’t over complicate, Keep it simple stupid. READ, DIGEST and ASSESS EVERYTHING! 36 days till exam, oh crap.
What a week. Week one seemed pretty easy compared to this week. It has been hard going, I am up to 21 rooted boxes so far. All material completed and the lab machine write up complete. However I have not started on the exercise write ups as planned as I got a bit bogged down in the labs this week. There are so many exercises to do! If like me you plan to submit the report, as you work through the material do the exercises and take quick screenshots. I did not do this for most of them so am now kicking myself, having to go back and re do things and document them. I should of taken the same care with notes, with the exercises as I have with the lab machines… that will teach me!
So lessons learnt this week. Keep it simple stupid and the obvious try harder. The week got off to a great start as I rooted both sufferance and pain in a single day last Sunday. These are on the harder side but I found they had a nice flow to them and made sense. On to the rest of the week however. My own stupidity got me stuck on a single box for close to a day. This box could not of been any easier, of course if I hadn’t been missing something in my standard enumeration, staring me right in my stupid face! I cannot stress enough the need to check results of scans and scripts properly. Do not skim and assume, working through machines this quickly and in this volume seemed to dim my low watt brain some more as the week went on and I kept tripping up on simple machines due to missing things. This I guess is where the try harder mantra really hit home. I was banging my head against a brick wall simply due to not checking things that I take for granted, configs I expect to see and skip over thinking nahhh they will always be the same, again trying to always look for a smarter way.
I think the try harder approach is good, but at the same time seize the opportunities. Despite what many people say there is no right and wrong way of rooting a box. Root it, then worry about learning different approaches or “the right way”. If it seems too easy, who cares. Do it. Have a look around learn a bit more about the box, reset it. Try a different way. As said previously learn as much as you can from each box. Obviously if you smashed a metasploit module at it and boom you have root. Have a look around what else is running on the box, what other ways can you find in? Can you do the same thing but manually or with another script. What is that module doing. Take each box for the lesson it is. I used Metasploit on 3 boxes this week. One was an auxiliary module, finding a particular version number of a service that allowed me to pin down a non msf, exploit. Could not find any equivalent version checks in nmap or other scanners or even manual enumeration so still need to look into that. One box used a very common exploit, which was the only way in apparently and I have used the non msf version before and have it compiled, so I just popped a meterpreter shell to speed up my post exploitation duties, hash dump etc, again why over complicate it if there is no advantage to be gained. The final one, I could see no other way in, so I used a known good module, I did however execute my own commands through this and get my own shell, rather than going for the full meterpreter shell option. Turns out there is another way in using sql which I haven’t done before so I will be going back over that one. But that kind of sums up what I have come across this week. Apart from the painfully simple stuff my fuzzy brain missed. My luck turned around about half way through the week. Going from about 3 boxes at the start of the week to rooting the remaining 7 ones in the last 2/3 days. Still really enjoying the labs though, going to be sad to see the back of them I think. I’m determined to chew through as many of these machines as I can, as each one still seem’s be teaching me something, even if that lesson is to read properly.
I have updated my methodology and my note template, you can find an updated version of them on my git here. There is also my base bof script I have been using for buffer overflow practice, they are going well. I can complete most in under an hour. I like to take my time a little and get a clean execution, before launching so perhaps I’m being overly cautious, so I may throw caution to the wind in the exam and just go for shell over cleanliness. I will be popping up more bits and bobs on there as I go through. A lot of scripts I can’t share however for obvious reasons sadly, but I will do my best to keep that repo up to date with random non specific scripts etc.
So with 36 days left till my exam, I am feeling a little stressed. I can’t figure out if that’s a lot of time or not much time, still feels like I know nothing. But that’s how I feel with most things! Hopefully this week will go a little smoother but work looks to be a bit busier so how much additional time I will be able to cram may effect the amount of machines I can get, but onward and upwards.
And I have seen quite a few posts from people on r/oscp and discord of people starting or finishing soon, so good luck to you all!