Path to OSCP - Part 9, Day 7 and 8
March 7, 2016
I finished the materials between day 6 and 7. I thoroughly enjoyed them and learned many new things. Afterwards it felt like I was set adrift with no compass.
- Where can I go?
- Anywhere you want.
- Where should I go?
- . . .
And then the guide was gone.
OH WELL. Better get crackin'.
Thankfully, as I mentioned previously, I had the good idea of setting long-running nmap scans loose on the network while doing other studying / exercises. One such scan was started just before midnight on Friday eve and it finished early Sunday morning, running time somewhere around 30+ hours.
It gave me a metric boatload of new information to read through -- over 10 thousand lines of nmap output!
As I am writing this, I have gone through 1/3rd of said report and have been patiently making notes for myself that ip .ABC is potentially vulnerable to Heartbleed and .XYZ might have some issues with SQL injection etc.
Now is where I start to do the first of two things:
Enumerate, enumerate, enumerate.
And once I have decided on targets -- and hopefully have not over-thought these ideas -- I will start trying out the different services for vulnerabilities. Poking with tools new and old and trying to get a foot in. And once all of that fails. I will do the second thing:
Which is the Offensive Security motto for learning and doing. Of course once I get into machines, I will be able to use root privileges to check the machines for alternative pathways in that I might have missed -- like non-privileged users having simple or reused password etc.
Oh yeah, and here's the link to Metasploit Unleashed that I mentioned in the vlog.
And as a continued effort, I keep bookmarking worthwhile stuff into my Pinboard(unfo, oscp) list.