Date: 08 July - 14 July 2018
PDF: 380/380
Videos: 149/149
Exercises: 37/42
Exploited Machines: 34
(Alice, Alpha, Barry, Beta, Bob, Core, DJ, Dotty, FC4, Gamma, Gh0st, Helpdesk, Hotline, JD, Joe, Kevin, Kraken, Leftturn, Mail, Mike, Observer, Oracle, Pain, Payday, Pedro, Phoenix, Punchout, Ralph, Sean, Sherlock, Slave, Sufferance, Susie, Tophat)
Unlocked Networks: 2 of 4
(Public, IT)


Day 8
Exploited Machines (3): Tophat, Dotty, Leftturn

Day 9
Exploited Machines (3): DJ, Susie, Oracle

Day 10
Exploited Machines (3): Hotline, Alpha, Beta

Day 11
Exploited Machines (3): Gamma, Core, Kevin

Day 12
Exploited Machines (3): Mail, JD, Punchout

Day 13
Exploited Machines (3): Pedro, Sean, Joe

Day 14
Exploited Machines (2): Slave and Observer

This week I exploited 20 machines and unlock IT Network. Pivoting required to exploits the machines in IT network, personally I use Proxychains with socks4. The lab getting harder and interesting, some of the machines cannot be exploited directly. To exploit them the relationship between machines must be find out first. Some of the machines have easy or unintended way to exploit but it always better to do the intended way, it teach a lot.


For the last couple of days, I keep checking the exam slot availability. The slot has been filled till 20 August, but today I check and found the slot on 14 and 15 August. It could be some of the students rescheduled their exams date. I decide to scheduled my exam on 15 August, 15:00.


TIPS:

  • POST Enumeration is really important. Make sure you do and document it or you gonna need to return to all of the machines you have been exploited.
  • Some binaries/executables on the machine not located in the default PATH. If your rev-shell/RCE didn't work, enumerate more.
  • Client-side exploit require more times to be executed. Be patient.
  • If you encounter login page of certain software, first things you need to do is looking for its default login credentials on google.
  • Developer guide manual of certain software can be a good resource if you unfamiliar with the software.
  • If you see a lot of ports open from NMAP result, go for the low hanging fruit first such as Samba and FTP.
  • After you get low privilege shell, make sure you spawn TTY shell. Some exploits won't work without TTY shell.