OSCP Week 5

I started with the PWK course to go for my OSCP. This series documents my progress. I hope to give some insight into the brutal proces and examn that goes into obtaining the coveted certificate.

On jinxing yourself

Last week I wrote that this week would be dedicated to OSCP. I meant that, the computer gods thought it would be fun to mess with me though.

I work on OSCP in the evenings on Monday through Thursday. With a little luck, depending on other obligations, I also work on it Friday morning when my kid is at school. So during my last meeting on Monday my MacBook Pro started to spin its fans at 100%. Continuously. It never stopped.

By the time I got home I had already searched the internet for this symptom and found several articles about caches being corrupted during updates with the latest version. There was also still 1 update pending (13.3.3) so I decided to first give that a try, in case the new software fixed it. No luck.

Besides the fans spinning the disk also seemed to grind to a halt, which is odd as it is an NVMe disk that is normally super fast. The mouse pointer had issues moving and sometimes would just freeze for several seconds.

I ended up doing a lot of stuff to the machine:

  • Booting to Safe Mode to get rid of sandboxd file system error message in the console.app. There were about a million of them each boot.
  • Deleting all the caches and let them be rebuilt by the various system services.
  • Resetting the SMC
  • Resetting the NVRAM

My experience is that when I go to the Apple menu, select About this machine and check the Support section it will tell me that all my support has ended several months ago and I am stuck buying a new machine. This time however I still have about 5 months of AppleCare. So that is good.

This wasted my entire Monday night (and some of Tuesday morning to be honest) and left me with a heartbroken feeling as yet again a MacBook Pro dies.

Luckily I have a sound backup strategy, which I test ever once in a while:

  • Timemachine makes continuous backups when I am at home
  • I used CloudStation Backup from Synology to make a second backup (which does not really work really well. It seems to be limited to 50.000 files that it can actually sync on my device. So I was evaluation something else, see the next point.)
  • I started experimenting with restic for making backups of extremely important things.

The Timemachine backup is what saved my last week when I accidentally wiped my VMs due to bad code.

So the next day I brought the MacBook Pro to my local reseller for repairs. It will take 2 to 3 weeks to get my machine back.

No hardware is a problem

Obviously to do the OSCP you need some hardware. Luckily I have a Windows laptop that I get from my day job that I could use to do my work on for Tuesday evening. I used my ioddd 2541 which has an SSD in it to host my VMs and off I went, slowly. The machine is not really meant for running VMs, the internal disk is quite slow and the CPU specs are quite low compared to my MacBook Pro. It worked, but was sluggish and the host operating system is Windows, which I personally do not like.

Luckily I had been talking to my wife about getting a desktop again to run my home labs on. She had been getting quite annoyed with me maxing out my MacBook Pro's CPU with all the things I do. It causes it to go into Fan spin mode and at those times the little machines make a lot of noise. So on Tuesday evening I ordered the parts for my home lab machine. It was a blast from the past, as the last machine I assembled probably was an early Pentium series. From the early 2000s on I had only used laptops, mostly macs as well.

So what did I get?

  • Motherboard: Asus Prime X370 PRO
  • Memory: 32GB RAM
  • Storage:
  • 250GB SSD Crucial MX500 (Primary disk/OS disk)
  • 3000GB HDD Sata III (Storage of large projects/files/backups)
  • Graphics card: NVIDIA GTX 1050Ti 4GB
  • Case: Fractal Design Define R5

Everything came on Wednesday, which happened to also be my birthday (yay for me!). As a result I spent Wednesday night setting up the machine. I did not use Arch Linux as I did previously on my MacBook Pro (read here), but I used Linux Mint which is a Ubuntu LTS derivative. Its focus is on stability and that is what I need out of my main workstation. At the end of the night I was back up and running again to continue working on the OSCP.

Progress on OSCP

So in the end I got to spend Tuesday evening, Thursday evening and a part of Friday on the OSCP, so it was not too bad. I managed to hack into 4 machines, do the Post Exploitation and write the report on each one using my now text-only approach.

Machine Time
Machine 6 [O] 2:05
Machine 7 [O] 4:18
Machine 8 [O] 2:20
Machine 9 [O] 4:32

So a little more then 13 hours was spent on OSCP even due all the machine problems. I must admit that I somewhat exceeded my own boundary of going to bed before midnight on 2 occasions. I did not make it later than 1 am though, so I feel OK with that.

The total counter is not at 4151 minutes and that is 69.2 hours.


Next week

I will say nothing about next week. The only thing to note is that by going further into the lab it becomes more and more addicting and more enjoyable.

See you next week.