Halfway point. I have:

  • 7 rooted machines
  • 4 low privileged shells
  • 2 know what to do, just need to do it
  • 1 with secret info found, no idea how to use it - research
  • 5 poke-around machines: I know roughly what could be found.
  • 0 network keys

I am still feeling confident that I can get through this in 30 day. Not super confident, but still sternly going forward. I just saw someone post that after 6 months in the labs they had 29 machines in 3 networks. Oh shi-!

But yeah, 3 days ago I had a brilliant 7-ish hour session where I pretty much plowed through 3 different machines and had a blast doing it. Good vibes and feeling awesome.

Then the next day was the polar opposite. A major struggle. I basically felt like this dog right here:

Going from one machine to the next without a clear purpose. "Hey look $service is open on that machine, let me try -- ah didn't work, OH LOOK! $service2 is open on that other machine let's see --- ahhh.. nope hmmmh." repeat ad nauseam. Then I finally after 6 hours of browsing the inventory and nmap scans I found one machine that I decided to after. After cursing for several hours I was ready to give up -- my wife suggested moving onto another machine and returning to this with clear, fresh ideas.

I didn't. I managed to root it. It felt good.

Then yesterday I didn't get any machines because when I started in the morning I noticed that I had a large gap in my recon notes: for over half of the web servers I had found, I had not conducted a simple web scan (nikto/dirbuster/etc) -- nothing. Just a quick "tcp/80 is open, it is Apache x.y.z".

Thanks a lot JW-from-a-week-ago!

I could've had all of this scanned while I was finishing through the materials as this was basically one of the first things taught in the lab.

Protip Of The Day™:

Start scanning the lab from day 1 with the tools that are taught.
And then document your scans in an organized fashion. 

Here's the TED talk I mentioned "Paradox of Choice"