OSCP Week 4: Web App Double Act

Course content: 18/18
Lab machines: 3/55
Days: 28/90

As I mentioned in my previous post, Friday and Saturday were exclusively taken up with Kiwicon, New Zealand’s largest hacker conference. Because of this, I expected my OSCP progress to stall somewhat, but I was still able to root a further 2 machines which I was extremely pleased with.
I had a great time at Kiwicon, the first time I’ve attended an event of this kind. For a more in depth recap of my Kiwicon experience, see my dedicated post here.

Weekly High:

The 2 machines I rooted this week were both web applications, and I’m starting to feel very comfortable with these attack vectors. On the second machine especially I was pleased with my enumeration process and the (relative) lack of issues I had when uploading and executing a reverse shell. When I had a quick browse of the student forums for this machine, many students were running into issues that I was able to completely avoid, so I think my web application attack process is working out pretty well for me so far.

Weekly Low:

No major low for me to report this week. If I had to highlight one area I need to improve on thought it is my reliance on the student forums. It’s becoming a bad habit for me to browse a few posts in the forums even if I haven’t run into any issues. In some cases I am reading posts in the forums before I even begin to attempt the machine to get a “feel” for what I’m going to be looking at. I think this is fine to do for now as I’m still starting out in the labs, but something I need to be aware of moving forward. An over reliance on the student forum will not be good preparation for the OSCP exam.

At this stage, I am tentatively aiming to root 3 machines per week as I continue to improve past the noob stage. I’ll increase this rate in the future if I feel the need but for now one machine every ~2 days is a solid progress that I am happy with so far.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s