OSCP Diaries: 1st Day Back in the PWK Labs

Began today on my 15 day lab access extension with the intention of completing all the course exercises. (I rooted about 20 lab boxes previously, but didn't document all the chapter exercises) Of course, while working on that, I found a vulnerability in another one of the lab boxes, and pursued that until rooting it. 😃





Things I leaned today:

• Always enumerate a vulnerable service, as much as is feasible, before exploiting or moving on. Enumerate, Enumerate, Enumerate.
• Google is often better at finding exploits than other methods like searchsploit - sometimes an exact match doesn't even show. Wtf?
• It always pays to read any writeups available about the exploit you're using.
• Sometimes vaguely worded source code comments can lead you to think you should be utilizing one service, when it's another you want.
• Always upgrade your shell to a tty/pty whenever you can. It will often save you time and frustration later.