Course content: 18/18
Lab machines: 6/55
For the first half of this week I was horribly stuck on a machine, and struggled for about 3 days to no avail before I decided to cut my losses and move on. Thankfully, I was able to make solid progress in the back half of the week, rooting 3 machines using the Metasploit framework. Although the use of Metasploit is restricted in the exam to only a single use, the OSCP course encourages you to make use of it during the labs for learning purposes. The machines I rooted are also vulnerable to manual exploits, so if I have the time I may go back to revisit them later.
The three machines I rooted were made so easy with the use of Metasploit. It really showcased the power and versatility of Metasploit as a penetration testing tool, particularly in the exploitation phase. You still have to do your due diligence enumerating, but once you have found a relevant Metasploit module it becomes almost trivial to gain access to a machine. Having used it for three machines this week, I feel much more comfortable using Metasploit and had a good time learning about Metasploit and the various functions of Meterpreter sessions.
As I touched on earlier, I was stuck for three days on a single machine and still have yet to overcome an issue I was having. I think situations like this are inevitable, and I am quite proud of how easily I was able to move on from this machine and make progress elsewhere, but it is still frustrating having that sense of unfinished business. It is not a lack of direction that is holding me back, as I am unable to successfully exploit a RFI vulnerability despite having confirmed it’s validity via the Student Forums. I’ll make a second attempt at this machine early next week to see if I have any luck, but again the aim will be to not spend too much time stuck on this particular machine.
I also went back and re-rooted all the machines I have done so far, taking detailed screenshots and documenting each required step. This is something I should be doing as I go, but have neglected to do so. This is mainly due to not knowing the defined path to root until after I’ve found it, which makes it hard to know exactly what needs to be screen-shotted and what information or steps are a dead-end.
As an added bonus, when going back through a previously rooted web application I got a good idea as to how I should solve the issue I am currently stuck on. Watch this space…