Well, things are still going OK and I'm pretty happy with my progress. At this rate I'm rooting at least one box a night after work.

I've definitely sped up and improved my enumeration skills, which is helping me with the initial entry point into the target server. As like everyone says, enumeration is king... and it really is. Spending that time reviewing and looking through everything your nmap, nikto, dirbuster etc scans present is a good way to make sure you're not missing anything. 

I've also come to learn about testing the basics and trying stupid things that seem obvious, where you would think "nah no way"...  but it work!

Today I just finished PAIN!

I got my initial limited shell quite easily, comped to other servers. And I thought really? Is that it? Then the real PAIN came with privilege escalation. 

Again, like my statements above. Take a step back, enumerate again once you're on the system, think, READ any exploits you've found. And just think about it before running it. What's it trying to do, what does the target system look like etc..

A bit of trial and error, I got it working and saw that lovely shell appear:

#uid=0(root) gid=0(root) groups=0(root)

BOOOOOOOOOOOOOM!

--> n33dle

Since my last post, I've had some success and a little bit of a much needed confidence boost.

I've rooted 3 machines and gained access to a dual-nic machine with access to a new network.

I've learnt a hell of a lot in the last few days and I feel like my enumeration, locating entry points and firing off exploits is getting better. (Slightly!)

I had these 3 machines on cycle, so now I'll start looking for my next few victims to work on.

I'm finding that's a better approach. 

Constantly cycling between targets, rather then smashing out one of a time. Keeps the ideas fresh, and when you hit a wall, move on and come back.

I guess a technique to work on, especially for the exam.

Here's hoping I can snag a few more over the weekend.

--> n33dle

Hit a bit of a lull the other day.

I started doing a bit of lab-wide scanning and enumeration. Trying to see how much information I could gather, without much effort.

Did some nmap scans using the entire lab range, looking for all sorts.

Managed to perform a zone transfer with DNS, and got some hostnames for within the Public network.

All was going well. Then I started on one of the boxes (just randomly chose it).

I spent a couple of hours last week, falling into the deep dark rabbit holes.

Going to bed super late, getting up for work and just feeling miserable and started saying to myself "do I even want to do this anymore". "I can't even get passed here, what chance do I have".

Anyway, yesterday, after a marathon 6-7 hours, I persevered and got through. Turns out this was one of the 'harder' boxes.

When I saw that first reverse shell come back to me, it was the greatest thing I had ever seen. I think I just sat there and stared at it for a while.

It was only a limited shell. But within about an hour or two. Again, beating me head against the wall!

I got that damn sexy ROOT shell, and boy did it feel good!

Anyway, this was my first non-windows rooted box, and not a point-and-click exploit. This has restored my faith, and it's time to push on!

--> n33dle

So I spent all last night on my very first box. After about 4 hours, I got nowhere. That's after enumerating the shit out of it!

Tonight, I decided to leave that one for now and start on another 'obvious' one. 30 minutes later I'm on a SYSTEM level shell. Wowsers. That's made me feel a bit better.

I've been searching and enumerating as much as I can on this box, and I'm finding heaps of clues, or dead ends...

Either way, success tonight. But I'm buggered for now.

Here we go...

--> n33dle

Spent today collating all of my PWK exercise notes that were in KeepNote into the lab report/exercise report. Think I should’ve done this from the beginning. I also drafted the first section of the lab report and prepped it for the lab work.

--> n33dle

Completed all remaining course content (pdf section of Metasploit and avoiding AV) and exercises.

--> n33dle

Completed the port tunneling pdf content and exercises.

Also watched all of the Metasploit and antivirus avoidance videos.

--> n33dle