Course content: 18/18
Lab machines: 9/55
Days: 42/90
I spent this weekend just gone visiting friends in Auckland, so wasn’t able to spend as much time on the OSCP labs as I have done in previous weeks. My week started off well though, as I was able to root 3 machines in 3 days before I hit another wall and my progress halted completely. Considering the weekends are where I typically spend the most amount of time on the OSCP, I’m still pleased that I managed to root 3 lab machines and reach my target for the week.
Weekly High:
I finally achieved root status on the machine I was stuck on last week! Having previously spent over 3 days struggling to make a particular vulnerability work, it was a great feeling being able to succeed after a lot of banging my head on the desk. As I hinted at in last week’s post, going back through the machines I had previously rooted gave me a good idea that ended up being exactly what I needed to achieve root on this one. This just goes to show how important it is to fully understand everything you’ve learned from previous machines, as those skills or techniques are likely to be relevant in later situations also.
Weekly Low:
In what is quickly becoming a recurring pattern, I’m stuck once again. Unlike the other times this has happened, it’s not exactly obvious what I’m supposed to be doing and I don’t have any solid leads. I’ve tried various exploits (both manual and via Metasploit) but haven’t had any successes so far. The only thing of note I’ve been able to do is bypass a login portal using basic SQL injection for the username and password fields. However, this only presents a a blank ‘welcome’ page and doesn’t seem to lead to anywhere else. I’ll revisit the machine tomorrow for a fresh attempt after my weekend away so hopefully I fare better the second time around.
—
Not much else to report on this week. Before I hit my most recent wall I was making some really good progress and found my overall ability getting better, in particular my speed. It was disappointing when that momentum was halted somewhat but I am confident that I am slowly (but surely) getting better.
Kento.
KentoSec 