Path to OSCP - Part 15, Days 26-30
March 29, 2016
LABS DONE. POW!
- 27 machines rooted with proof
- + 2 machines left in low privileged shell (one of these is still Pain)
- 2/3 networks opened - to be honest, I don't feel like I was even close with Admin.
- 170 hours spent attacking the labs / doing exercises
- 10 hours spent doing documentation (probably 4ish more hours coming here)
- I think I see a discrepancy here...
- That's an average of 6h / day. Pretty good.
- I should've started attacking the network earlier -- or at least doing recon. Some of the low-hanging fruit was barely off the ground, so to speak, and I could've gotten more done during the first week. Impossible to say, of course, how this would've turned out.
- I should've read the entire Metasploit Unleashed preferably before the course, but at least during. Yes. That's not déjà vu. I did mention previously that I learned to RTFM. (I LIED!). Well not really lied, but didn't just read the whole thing and had to go back to it a few extra times to find stuff that worked better than what I was working with.
- I should've stopped after every single rooted machine and made sure I had documentation ready. It would've taken probably 5-15 mins per machine after rooting to get it ready depending on the complexity of rooting it.
- Given the fully booked labs that didn't allow me to start at the beginning of February, it probably would've been smarter to just postpone the start of labs until after my April vacation so that I could've taken 30+15 or straight 60d labs.
I still feel like I have a chance with the exam, but I wouldn't recommend just 30d labs to anyone working full-time unless you have significant experience doing this already.
I spoke to one guy who basically owned 100% of the machines in 30 days, but he was able to spend the first two weeks doing the labs 14+ hours a day on his employer's dime. And he runs CTFs. Yes, he makes CTFs.
So yeah, I estimated that he put in approx double the amount of hours I had for the 30 days which kind of correlates to my gut feeling that given 60d labs I would have majority of the machines done.
Then there is this other guy who just rooted his last machine in the labs after 100+ days in the labs. So yeah. "How much lab time do I need" is quite highly individual :)
Protip Of The Day™ #1
Protip Of The Day™ #2
When logging everything, be consistent.
You can execute commands on target?
> Save output of ps, netstat etc. in the same named files under your target dir
That way you can do escalation planning even if your connection gets severed!
I'll post a pre-exam prep video detailing the scripts I've written, the plans I've made etc. on Thursday.
Thank you all for your support.