Week 3: The hunt for OSCP

2 minute read

I started with the PWK course to go for my OSCP. This series documents my progress. I hope to give some insight into brutal proces and examn that goes into obtaining the coveted certificate.

The lab environment

This week I finished up the PWK course materials. With my previous knowledge I spent 30 hours on going through the PDF, watching the videos and doing the exercises. I have no idea if that is a lot of time compared to other student, but as the material is very substantial I think I made good progress.

Finishing up the materials I transitioned into the lab environment. This basically is a very large playground where you get to hack all kinds of systems and software. For me the purpose of the lab is to 1) build up a good methodology, 2) get used to looking at systems from all possible angles and 3) getting into a discipline of documenting everything.

So far I played around with CherryTree for note taking. I got this tip from an OSCP Review by Ellingson Mineral. Although the tool is good at making notes it does not like how I put the machine in sleepmode within virtualbox. I already has caused me to loose some notes at the end of a session. Obviously I could just close all windows before putting the machine into a save state.

I experimented with doing the same in my beloved Emacs with org-mode. So far it works, it just means I need to work disciplined with the screenshots. You can not paste screenshots into Emacs, you need to put them into a directory and reference them in a link. This is a small inconvenience to deal with for all the extras you get the Emacs/org-mode combination.

Hard to stop

I made an agreement with myself that I would watch the time spent to make sure I get enough sleep. I still have my day-job as well. This week I noticed I spent some more time because I wanted to figure out how to get an certain exploit to work, or to do that final bit of post-exploitation.

In the 3 days (and a little bit) I already exploited and explored 4 machines. I try to stick to manual exploits and only use metasploit to verify my hunches. There is an extensive Exam requirement that limits what you can do with Metasploit during the exam. Due to this restriction I am trying to teach myself not to rely on it.

Of the 4 machines I found manual exploits for 3 of them, so that makes me quite happy. In my timesheets I indicate this success with a ‘[O]’ behind the machine indicator. As I cannot expose internals of the lab to the outside world I have just numbered the machines in my timesheet. In the context of this blog only the time spent is relevant anyways.

Time spent

So week 3 was quite a busy week. I spent 1141 minutes, that is 19 hours, during the evenings (Monday through Thursday) and a little bit on Friday morning on the tasks at hand. You can click on the images below to see them in more detail.

Time spent (minutes) week 3

Next week

Next week is winter holiday here in The Netherlands. I am going to have a long weekend, which means I will basically only spend 2 days on my course, so I expect to not get a lot of things done next week.

Tags:

Updated: