Course content: 18/18
Lab machines: 14/55
I rooted 5 machines this week, which is my new personal record and a significant improvement over any of the other week so far. In doing so, I passed the milestone of rooting 10 lab machines. Although this may seem small, it was the first goal I placed for myself when tackling the lab machines so I’m pleased to have met my first major progression goal in the course.
With that said, I’m going on holiday soon so will be working hard to get as much done as I can before I give myself a well earned break. More on that below.
The amount of machines I rooted is enough to be my ‘weekly high’ for the week. I was very satisfied with how quickly I was able to root some machines, and the relative lack of difficulties I had was also a bonus. In particular, a web application with an arbitrary file inclusion vulnerability was an extremely fun and interesting box. I also managed to manually exploit machines that could otherwise have been exploited using the Metasploit framework, which is definitely something I have relied on a little too much thus far. One exploit in particular needed some manual tweaking before it could be used, which made it even more satisfying than the simple ‘point and shoot’ method Metasploit provides.
The aforementioned web application was the most difficult machine I faced, and it took me a long time to wrap my head around what was going on. In the end, I’ll admit to spending some time on the student forums to gain some clarity on what I was seeing. Despite this, I learned a lot from this machine and about these types of vulnerabilities in particular. I have constantly heard that the lion’s share of learning comes from the lab machines, and I absolutely agree with this. The OSCP course is almost entirely self taught, with minimal direction from Offensive Security staff or admins. This can make the course difficult and frustrating at times, but also much more satisfying when things click and you learn things for yourself. I guess I’m starting to understand what the “Try Harder” mantra is all about.
As I briefly mentioned in the introduction to this post, I’m heading off on holiday from the 19th of this month. The holiday will be just over 3 weeks, which is a significant amount of my remaining lab time. Because I won’t be working on the OSCP labs while I’m away, it’s highly unlikely that I’ll be ready to sit and pass the exam when I get back. To make up for the weeks I will be missing, I will purchase a lab extension to give myself some extra time when I get back. I’ve set myself a personal target of 20 lab machines before I go, so will be working as hard as I can to reach this in the days I’m still here. It’s definitely a stretch goal but I hope I can make it!