This week has been an interesting week for me. I have been putting in some serious hours working on the labs. All up, I spent 50 hours this week. Every hour that I am not at work or sleeping, I’m putting in the work.
I don’t feel like this is a course at all. Its fun for me and I really enjoy doing this kind of stuff so I don’t feel like its boring me at all. Last week I made a goal to hack 5 boxes do some PDF’s and Videos. I exceeded this weekly goal and hacked 9 boxes in total. The last couple of days I was pushing myself to root this last box, but its proven to be difficult.
If you have been following the OSCP news and blogs, there are 4 machines that are most difficult. Pain, Sufferance, Humble and Ghost. I’m stoked to say that out of the 9 Machines I hacked, one of them was Pain! All of these hostnames have meanings behind them. Reading the articles, a lot of people have felt Pain while trying root this box. I think the reason is because exploits do not work out of the box. You’re require to read the exploits and understand how the code works. Why does it fail? Where does it fail? These are the types of questions you have to ask yourself when tackling Pain. I remember taking down PAIN and screaming out in joy. Luckily no one was there! Actually, IDGAF- its a SOC and it was at night.. and I’m proud!
Back on topic.. I try to avoid Metasploit with all of them because you are only allowed to use it once on a box in the exam. This has been such a learning curve for me. I feel like metasploit is frown upon in the OSCP community. Anyone can do it! Dont get me wrong, its a fantastic tool that I love using!
Post exploitation is something that I am lacking a lot. I need to spend more time doing this when I fully compromise a system. Dig around the system, find interesting files, what is the routing like for this box, how are the firewalls configured? The reason for this is because there is valuable information from these boxes. I can use this information to pivot off from this box to another. My methodology and workflow has been serving me well, however it can always be improved.
Overall, I think I’m doing well and I’m pretty proud of myself. Its going to be long three months. My back is killing me and I regret not buying another laptop because I’m working off a shitty one now. Anyway, I may hit the sauna tomorrow and just loosen up and prepare for the week ahead. Keep staying focus, Cuong!