Week 4: The hunt for OSCP

2 minute read

I started with the PWK course to go for my OSCP. This series documents my progress. I hope to give some insight into brutal proces and examn that goes into obtaining the coveted certificate.

Vacation time

As I said last week, this week is a holiday week over here. We went on a trip to one of the islands and spent some quality time as a family. I think times like these are extremely important as they ground you with your loved ones.

So, I did not spent a whole lot of time on the lab. In total only 10 hours (609 minutes). In this time I worked on 2 machines, rooting 1 of them. At this time I am finding that I still spend a lot of time on the post exploitation (finding and getting information from the machine). These machines are turning out to be quite the learning experience.

I updated my graphs below.

Time spent (minutes) week 4

Backups are important

You might notice that I put an item up detailing I spent 30 minutes on backup recovery. I accidently ran some untrusted code on my VM that wiped the disk of the VM. This was a dumb and silly mistake. Normally I would just be able to revert to a snapshot, but there was something here.

To share information between the guest and host I mounted my OSCP directory with materials (and thus also the VM’s vmdk files) as a shared folder. Sadly the untrusted code wiped that shared folder as well.

So I had to go to my backups and retrieve the materials once again. Luckily the backup was made just a few minutes before.

So, things to note:

  • Never trust code from the internet
  • Do not mount a folder with important data to the VM
  • Make (and test) regular backups

Reporting

There is a sample report available on the Support pages. The templates for this report are also available in Word and OpenOffice formats.

Personally I really do not like writing reports in these types of products. I find that it becomes unruly and inconsistent to manage large reports. I would rather just use a modular plain text format to create the reports.

So I spent some time on trying to build the necessary reports using pandoc to convert from plain text (Markdown in this case) to PDF.

Take a look at some side-by-side screenshots of the PDFs. First the sample Executive Summary. You will note that I use A4 as the paper dimensions where Offensive Security uses the US Letter.

Executive Summary comparison

And then the page describing the proces of getting a low privilege shell.

low privilege page comparison

This setup means that I now have a verion controllable, reproducable buildable and greppable format for my reporting. If it works out during the course I will make the source for it available.

Next week

The coming week should be quite dedicated to the course, so I expect to make some good progress.

Tags:

Updated: