tl;dr – Beat humble, feeling lazy. Ready to get back into the labs, HTB and some useful links. 20 days till exam. When do I start panicking?
A Monday post instead today, had a pretty off weekend busy with work and just relaxing a bit. Started the previous week with humble rooted however! That got me off to a good start for the week really. Having been dancing around it for the best part of 5 days not really getting stuck in I set aside a good few hours and just concentrated on the single box, as I was told by a friend at work to stop messing around with other crap and finish humble. So with that under my belt I think I felled around 3-4 other boxes this week and obtained access to the IT network. I think I have around 4 machines left in the public network now. 3 of which are meant to be linked but I have yet to make any real headway on these, which is frustrating and eating my brain a little.
This week has been a bit of a downer on normal pace due to work and life. Have only really managed 3 and a bit days of actual study which has been frustrating. With OSCP it always feels like if your not in the lab you are failing or wasting time, followed by feeling bad and then avoiding it. But in honesty it has been nice to have a bit of a step back and not juggle everything at once. It meant I could concentrate on work a bit last week and finish off a pretty cool project. Even managed to cram in a little gaming downtime this weekend. However, I am looking forward to hitting up the lab again this week and with alot less going on I have no excuses (yet).
Some progress however has been made in other areas whilst not in the lab. I have nailed down my notes for older boxes. Run over a good few ippsec videos in my lunch breaks. I have updated a little port enum cheat sheet on my github, can find it here if your interested, again I will keep this updated with more stuff as and when I get time. Whilst on the topic of useful things, I would reccomend having a good look over TJNULLS post about OSCP here. Its a great article with some superb resources. The buffer overflow section is particularly good as there is a good list of resources and other things to practice with as I have done the material BOF’s now so many times I can do them with my eyes closed, but I guess thats the point, just keep doing them until you are so bored of them and they become second nature.
Plans for the week…
I read a great writeup in r/oscp this last week from another student who recently passed. He had a great idea in it (im sorry I can’t find the post! if its you thanks for the tips!) to re do the boxes they had done and under time constraints. Pick a box from the early lab, which would be great as I can’t remember what I did yesterday without my notes let alone 3 weeks ago. Then smash through it no notes with a clock ticking and see how you do. I think thats a good way to get used to having the time constraints there whilst working on a box. Also redoing some of the good boxes that dont call for a Kernel exploit or any other compiled exploits is good as I imagine and from what im reading about the new labs is what I will be facing. Which is kind of what I expected, most critical 0 day kernel exploits are patched up pretty quickly in semi decent environments. So your always going to rely on that shonky piece of software or a terrible config that makes peoples lives easier as a way in. Secondly these options tend to be a safer. Kernel exploits are dangerous and unreliable alot of the time. Plus with new changes to AV and how things are detected in enterprise networks living off the land and using what you have is always a better approach than flinging something untested into an environment. So I get it, I mean it makes life harder, and makes me more concerned for the exam but I know there will be a designed route. None of the boxes will be impossible. There will be something its just a case of finding it. Keep to my methodology tackle it piece by piece and try harder I guess!
So along with that I also plan to try and complete a few HTB machines along side lab work to keep my eye in. As these often require a different way of thinking away from compiling exploits to keep that side of things ticking over. A final task for the weekend is to complete a note template for the exam machines. Alongside this I want to test out using a low fps screen recorder as well for the exam to help catch anything I miss for the report. This combined with a stripped down version of my notes for the exam should be helpful. The template on git at the moment that I use has quite a lot of additional fields that I dont think will be helpful or neccessary in the exam so I want to keep things as light and easy to use as possible. Along side this I would love to tick off these final boxes in the public network if I can. I have exactly 20 days until my exam and 30 days of total lab time remaining. I am not too focused on completing the IT network yet. However I would like to have a good play around with pivoting and see what damage I can do in the other networks, but that is perhaps further down the priority list for now!
So on with the week. Im off to have a play around with Bastion I think on HTB. Good luck as always to anyone starting or finishing or anywhere inbetween. Keep an eye out for me in the Lab’s or on Discord, usually something called tzar floating about in either.