I started with the PWK course to go for my OSCP. This series documents my progress. I hope to give some insight into brutal proces and examn that goes into obtaining the coveted certificate.
As I said last week, this week is a holiday week over here. We went on a trip to one of the islands and spent some quality time as a family. I think times like these are extremely important as they ground you with your loved ones.
So, I did not spent a whole lot of time on the lab. In total only 10 hours (609 minutes). In this time I worked on 2 machines, rooting 1 of them. At this time I am finding that I still spend a lot of time on the post exploitation (finding and getting information from the machine). These machines are turning out to be quite the learning experience.
I updated my graphs below.
Backups are important
You might notice that I put an item up detailing I spent 30 minutes on backup recovery. I accidently ran some untrusted code on my VM that wiped the disk of the VM. This was a dumb and silly mistake. Normally I would just be able to revert to a snapshot, but there was something here.
To share information between the guest and host I mounted my OSCP directory with materials (and thus also the VM's vmdk files) as a shared folder. Sadly the untrusted code wiped that shared folder as well.
So I had to go to my backups and retrieve the materials once again. Luckily the backup was made just a few minutes before.
So, things to note:
- Never trust code from the internet
- Do not mount a folder with important data to the VM
- Make (and test) regular backups
Personally I really do not like writing reports in these types of products. I find that it becomes unruly and inconsistent to manage large reports. I would rather just use a modular plain text format to create the reports.
So I spent some time on trying to build the necessary reports using
pandoc to convert from plain text (Markdown in this case) to PDF.
Take a look at some side-by-side screenshots of the PDFs. First the sample Executive Summary. You will note that I use A4 as the paper dimensions where Offensive Security uses the US Letter.
And then the page describing the proces of getting a low privilege shell.
This setup means that I now have a verion controllable, reproducible build-able and greppable format for my reporting. If it works out during the course I will make the source for it available.
The coming week should be quite dedicated to the course, so I expect to make some good progress.