Finally I cracked it. My first root and system own at hackthebox.eu.
I went for a Windows machine called Bastion, marked at the easier end of the scale. Moving on from my last post, I have continued with the late nights and have started taking notes using CherryTree.
It was an interesting box, though I did have to use the forums for hints on getting the initial foothold. I’ll need to be careful of that in future though, if I am serious about going for the OSCP. This crutch won’t be there in the exam condition.
I am getting more confident with my enumeration methodology — I have taken notes of the tools and various commands. In addition to NMap, there is a tool called Reconnoitre. This tool seems to have been specifically written for the OSCP so I guess it’s OK to use. It is handy as it performs an Nmap scan and then outputs a file called ‘findings’, which lists further enumeration steps and commands to run.
I have learnt that the OSCP exam requires taking an initial Pentesting with Kali Linux(PWK) course prior to the exam. I am using Debian Linux to build up my tool-set and knowledge as opposed to just installing Kali. Hopefully I’ll be able to use my Debian machine in the exam condition. The exam requires that you hack five boxes in 24 hours. Seems quite intense, considering it took me three days to root Bastion, and that was with pointers from the forums. I think I need about a year to upskill here.
There is a tool called Metasploit that I have become aware of. It’s use in the OSCP exam is limited to one box only, so I am going to try and avoid using it for the time being to focus on downloading and learning about the tools as needed.
It is a whole eco system in and of itself, complete with new words and terminology to learn. Bit flipping, fuzzing, BOF, pwn. All good fun though. The buffer overflow one seems tricky but worth learning.