Week 3 has been a hard one. Not so much due to the course but more down to me. Its been pretty hard to maintain this level of activity in the lab for 3 weeks straight. Working till 11pm most nights and cramming in work as well, started to take its toll a bit. Motivation has been low. I have taken two days out, to focus on a few other things and just relax a little. Took a night off to watch stranger things finale and relax a bit. This has helped this weekend has been a bit more productive!
But enough moping about! I am up to 27 boxes this week, a slow down from previous weeks but I have finished my report which was a real slog. So hopefully as long as I haven’t derp’ed the report I have 5 points in the bank already. Which is a good feeling, all the more reason I would recommend completing the report, its a good little pick me up. I am now 28 days away from my exam with 38 days of total lab time remaining. Time is flying!
Boxes this week have been a mix of very easy and a couple of stinkers. I have been skirting around humble on and off for about 3 days. I am also trying to work on multiple boxes to get used to having to swap it up in the exam and jump in and out of things as I get stuck. So far that has been pretty successful. However its a definite change from how I usually work, which is hammer away at one box until it or I cave in. My aim this week is to knock out humble and dig a bit deeper into a collection of dependent machines. Again the labs are worth every penny in this regard, having to compromise a sequence of machines that are dependent on each other and spot some patterns going on in the environment is very cool and teaches you a good few things you wont see in CTF’s but you would encounter on a real network. It all comes down to that post exploitation phase that is not usually required outside of this kind of environment. So being able to develop and practice that is nice.
Things are starting to get a bit more comfortable as well in regards to exploits, its a lot easier now having spent so much time looking over poc’s to spot things that wont work and will, and adjust them accordingly. So that’s a good feeling. Buffer overflows are pretty nailed down now, I can do them quickly and have a good set of notes to jog my memory and make sure I don’t miss any steps. I have deviated a bit from the method taught in the material. I use the tools to create myself a few shortcuts. I would definitely recommend becoming as familiar as possible with some of the extra features available in both msfvenom and mona. They are introduced in the course but there are a number of functions both can do to simplify payload creation, you can encode the nop’s directly to the payload, and tailor the payload to fit exactly, eliminating the need to add these to your script for example. Mona also simplifies bad character detection a great deal compared to manual methods. So get used to using these and perhaps look a bit deeper into what these can do. As with a lot of things in the course they do a great job of introducing you to something and setting you on the right track. Then with a bit more research you can perhaps refine these methods or adapt them to how you work.
A pretty brief one today! Now off to find a few more boxes and run through my buffer overflows!