OSCP Third Week

Date: 15 July - 21 July 2018
PDF: 380/380
Videos: 149/149
Exercises: 37/42
Exploited Machines: 50
(Alice, Alpha, Barry, Beta, Bethany, Bob, Brett, Carol, Carrie, Core, Cory, DJ, Dotty, FC4, Gamma, Gh0st, Helpdesk, Hotline, JD, James, Jeff, Joe, John, Kevin, Kraken, Leftturn, Luigi, Mail, Mario, Master, Mike, Niky, Nina, Observer, Oracle, Pain, Payday, Pedro, Phoenix, Pi, Punchout, Ralph, Sean, Sherlock, Slave, Sufferance, Susie, Timeclock, Tophat, Tricia)
Unlocked Networks: 4 of 4
(Public, IT, Development and Admin)

Day 15
Exploited Machines (2): Master and Bethany

Day 16
Exploited Machines (3): Nina, Niky and Jeff

Day 17
Exploited Machines (3): Carrie, Cory and Brett

Day 18
Exploited Machines (2): James and Timeclock

Day 19
Exploited Machines (2): Carol and John

Day 20
Exploited Machines (2): Mario and Luigi

Day 21
Exploited Machines (2): Pi (314159265) and Tricia

Exploiting Master machine using the intended way indeed a long journey but its worthy. I think that's the way OffSec want us to learn, by doing proper post-enumeration and try figure out how the machine related with the others. This week I exploited 16 machines and unlock Development and Admin Network. This means I have successfully unlocked all of the networks in the lab. I am getting closer to achieve my personal challenges.

So far my opinion about the lab is the Public and Admin network more dominant on the kernel exploit and misconfiguration, the IT and Dev networks more about how well you do the post-exploitation, figuring relationship between the machines and client-side exploit.

TIPS:

• Dedicate yourself, refuse to give up! All the pain and sufferance will be gone when you finally did the root dance!
• If things start getting complicated and you think you are deep in rabbit holes, take a break. Check again your enumeration note and ask yourself if there are any steps you missed or some obvious/simple things you forget to do.
• Running NMAP with Proxychains is slow, especially on double pivoting. As an alternative, you can upload NMAP to the "pivot" machine and scan it from there or scan using NC.
• For double pivoting, I found this website explained it well and applicable. https://pentest.blog/explore-hidden-networks-with-double-pivoting/