Last week was pretty busy and I didn’t get around to writing my week 5 recap. So, I decided to cover both week 5 and week 6 in one post. In the last two weeks I have completed several more lab machines including one of the ‘big 4’, gh0st. Here’s the daily breakout for week 5:
- Recon and enumeration against box 06. Tried exploits against a couple of services with no success, but think I have it narrowed down .
- Completed box 06 and did some post-exploitation. Started recon/enumeration of box 07.
- Completed exploitation and post-exploitation of box 07. Started initial recon of box 08.
- Owned box 08. Went back to complete post-exploitation of box 02.
- Completed exploitation of box 09, started recon against box 10.
- Completed box 10.
I only devoted 13.5 hours to the lab in week 5, but I was focused more on completing machines than how much time I was spending. I got into a pretty good rhythm of finishing one box shortly before I was ready to turn in for the night and using the last few minutes to fire off initial scans against my next target. Now let’s look at week 6:
- Recon and numeration against box 11.
- Completed exploitation of box 11. Main lesson here is to stay on task and be thorough, do NOT get distracted and skip over things based on assumptions. Lots of time wasted on box 11 because of this. Also started and completed box 12.
- Completed box 13. Once again, details matter. I burned 20-30 minutes because I had created my payload with one LPORT and was running my listener with a different one. These are silly yet costly mistakes that I can’t afford on the exam.
- Scans and initial recon against gh0st (box 14 if you’re keeping track).
- Completed gh0st. Stayed up way too late, but conquered my first of the ‘big 4’. Now I see why everyone says enumeration is key.
- Completed box 15. I had initially targeted two other machines, but they both appear to have dependencies on other systems before I can directly compromise them.
I spent 16.5 hours in the lab in week 6, largely because of gh0st. In hindsight that machine wasn’t actually that bad once you have a foothold, but you need to be very thorough and methodical in your enumeration. Are you detecting a theme in all of the OSCP tales scattered around the Internet?
My total time commitment is now up to 85.5 hours. After week 6 I also decided to extend my lab time by 30 days (expiring 6⁄14) and moved my exam date back slightly to Monday 6⁄10. I’ve upped my goal of compromised lab machines from 30 to 40, and also plan to review the buffer overflow section of the course material in the week leading up to my test.
Overall I’m feeling confident, but just because I’m learning so much from each lab machine. If I were to take the test today I’m certain I would fail, but I’m hoping another six weeks of lab time will have me ready.