Path to OSCP - Part 11, Days 12-14
March 13, 2016
Halfway point. I have:
- 7 rooted machines
- 4 low privileged shells
- 2 know what to do, just need to do it
- 1 with secret info found, no idea how to use it - research
- 5 poke-around machines: I know roughly what could be found.
- 0 network keys
I am still feeling confident that I can get through this in 30 day. Not super confident, but still sternly going forward. I just saw someone post that after 6 months in the labs they had 29 machines in 3 networks. Oh shi-!
But yeah, 3 days ago I had a brilliant 7-ish hour session where I pretty much plowed through 3 different machines and had a blast doing it. Good vibes and feeling awesome.
Then the next day was the polar opposite. A major struggle. I basically felt like this dog right here:
Going from one machine to the next without a clear purpose. "Hey look $service is open on that machine, let me try -- ah didn't work, OH LOOK! $service2 is open on that other machine let's see --- ahhh.. nope hmmmh." repeat ad nauseam. Then I finally after 6 hours of browsing the inventory and nmap scans I found one machine that I decided to after. After cursing for several hours I was ready to give up -- my wife suggested moving onto another machine and returning to this with clear, fresh ideas.
I didn't. I managed to root it. It felt good.
Then yesterday I didn't get any machines because when I started in the morning I noticed that I had a large gap in my recon notes: for over half of the web servers I had found, I had not conducted a simple web scan (nikto/dirbuster/etc) -- nothing. Just a quick "tcp/80 is open, it is Apache x.y.z".
Thanks a lot JW-from-a-week-ago!
I could've had all of this scanned while I was finishing through the materials as this was basically one of the first things taught in the lab.
Protip Of The Day™:
Start scanning the lab from day 1 with the tools that are taught.
And then document your scans in an organized fashion.
Here's the TED talk I mentioned "Paradox of Choice"