My second attempt at the OSCP begins tomorrow. Yesterday I finished revising my PWK lab report, and today I’ve decided to have some fun in the HackTheBox labs. In part, as always, I hope to learn something new. But mostly, I just want to hack for the joy of it. During my PWK lab time, I felt like I had to focus the beam of my attention on my PWK studies.
Goodness, how time flies! As of this post, I’ve got two days left in the PWK labs, and I’ve rooted 37 systems in the network. I feel significantly more prepared than I was two months ago, when I first took the OSCP exam. I’ve learned so much cool stuff, and I look forward to opportunities to use my skills in the wild (legally, of course). One of the key elements of the OSCP exam (as well as the PWK lab) is the pentest report.
Today I decided to hack Netmon on HackTheBox. While the machine gave me some frustration, it wasn’t because the machine was too challenging, but rather because the machine was buggy and didn’t function reliably. That being said, after wrestling with unreliable exploits and resetting the machine multiple times, I finally defeated the machine and captured its flags. As always, I created a walkthrough for the machine, so that my readers can see how I tackled the challenge.
This week I’m diving back into the PWK labs in preparation for my second attempt at the OSCP test. Since I’ll likely be disappearing for another couple months, I figured I’d leave you all with another HackTheBox walkthrough before I go. (I fully intend to make occasional posts throughout the course, but I had the same intentions last time, and we know how that turned out.) For this walkthrough, I decided to target Jerry, a fairly easy-looking Windows machine.
This week I’ll be diving back into the PWK labs, aiming to learn everything I can so I can improve my skills and pass the OSCP test. I’ve spend the last couple weeks reviewing my notes, reorganizing my data, and preparing myself to rejoin the fray. One of the ways I’ve been preparing is by finishing my first Buffer Overflow tutorial, which covers the development of a simple BoF exploit, from initial discovery all the way through developing a “weaponized” Metasploit module.