My OSCP exam is in 72 hours. If all goes well, next week could be the end of this 12-week journey. I wanted to go ahead and post a write-up of the last few weeks. My goal when I started the lab was to complete 30 lab machines and I hit that mark in week 11.
- Completed host #24. Here I learned not to trust pre-compiled exploit binaries from GitHub. I also had some issues with smbserver.py and had to mount a shared folder between my Kali VM and the Offsec-provided Windows 7 VM. Have multiple paths to transfer files between machines at your disposal!
- Recon and enumeration against Pain. Got a low privilege shell and started working on privesc.
- Completed Pain. That’s 3 of the big 4 down, and 25 hosts toward my goal of 30. Primary lesson from this box is that details matter when preparing an exploit. Some bugs need the right environment to thrive. Also started initial discovery of box #26.
- Completed box 26. Pretty straightforward, I was briefly concerned that the host might not have been in the right state when I started. I just got lucky and chased the right rabbit pretty quickly. Also started enumeration of host 27.
- Did some initial recon against two targets that apparently have major dependencies on other systems. Decided to switch to another box for target #27, then completed it quickly. I also spent some time cleaning up my documentation a bit.
- Completed target 27. This one taught me to be more thorough in my enumeration (hint, don’t just scan TCP ports). Started recon and enumeration of target 28.
- Completed #29 in about 15 minutes. Started enumeration against Humble, which I ceremoniously chose as my 30th target.
- Attempted (and failed) exploitation against Humble. Still haven’t obtained a low-privilege shell yet. I need more webapp testing experience.
- Finally got a low-priv shell on Humble. Started enumerating for privesc.
- Identified the path to escalate privileges on Humble and what appears to be the exploit I’ll need to use. Did some testing but more is needed.
- Finally completed Humble and reached my goal of 30 compromised lab machines. I learned a lot here about being detail-oriented with exploit code, and researching how applications I’m unfamiliar with work and are configured to fit all the puzzle pieces together.
- Started working on my lab & exercise report.
- Finished the lab & exercise report.
- I started going through buffer overflow exercises again and making some notes around workflow
- I started and completed host 31 to unlock the Dev subnet. I realized I hadn’t unlocked it yet and just wanted to check that box.
Through week 11 I have invested 130.5 hours into the course and labs. As for this past week (week 12) I have mostly focused on going through buffer overflow resources and compiling a reference sheet for things I want to remember during the exam without having to think about them. Command shortcuts, methods to consider in certain situations, etc.
I also plan to write down some ‘exam principles’ I’d like to stick to, and to set up a series of alarms on my phone to remind myself to take breaks, eat, and step away during the exam. Wish me luck, hopefully by this time next week I’ll officially be an OSCP!