Skip to content

General

Day 1 - The Exam

Official start time: 7:30am

7:40 am

Today (2/3/2022) I took time off work to do an OSCP practice exam. The practice exam consists of the following:

  • 3 Active Directory HTB challenges. If I root all three I earn 40 points. No partial points awarded.

  • 3 "standard" HTB challenges. 10 points granted for each flag. Each box has user and root flag. Can earn up to 60 points.

Last night I finished scanning all the boxes and haven't looked at any of the scan results yet.

This morning I woke up feeling a little groggy. I probably shouldn't have stayed up programming till 1am :D

Helped get the kids ready for daycare, and now I'm getting started at 7:43. The plan is to fully review and feel out potential exploits for all the boxes before trying to exploit any of them. Webserver enum will come last.

For the sake of simplicity We'll say I started at 7:30am, so I have until 7:29am tomorrow to complete this.

7:50 am

Apparently I wasn't connected to VPN while scanning yesterday..... Pasted image 20220203075427.png

Adapt and overcome I guess :) - will start the morning by re-scanning each box. Going to have to pay attention to flow here and be sure to constantly be scanning something.

8:15 am

I went and had a fried egg sandwitch (dang eggs got over-done) and brew another cup of coffee while this first box is being re-scanned. This is a rough start so far, but I'm calm and not panicky. 24 hours should be plenty of time to do everything I can. Plus I'm wearing a black hoody, so everything will be ok, right?

9 am

Just finished my first pomodoro break (5 mins). I did some stretching, meditated, and got more coffee. Back to hackin!

9:30 am

Just finishing second break. I'm starting to get a bit nervous that the failure to scan everything last night will kill my chances at completing this all in 24 hours. Guess we'll have to wait and see. HOOD UP.

9:50 am

Just hit a bottleneck. Currently scanning box 3/6 with autorecon. It's still doing dirbuster and I'm hesitant to kill that. While the scan is running I've been prepping the documentation by filling out possible attack vectors for each box that has been scanned. I guess I could go back and look for public exploits (might be needed for initial foothold on some of these.)

10:03 am

I've started my first long break (15 mins). Watching some funny Smosh videos on youtube to let my mind relax and forget about the chaos that's happening with this exam :)

I was in the middle of collecting public exploits and felt like I could still going when break time came up. I started break to keep myself fresh; this is a marathon, not a sprint.

Got up and moved around a bit to keep myself from getting chair fatigue.

Looking at it....I'm actually doing pretty well for time. I'm almost 50% done with Recon in the first 2.5 hours (about 10% into the time limit)

10:19 am

Break is over, I'm all caught up with enumeration up to the scan point. The only scan left is Dirbuster on Cronos (10.10.10.13). I'm going to kill it and hopefully not miss anything. Can always start it again later if I get stuck on this box.

While the scan for the next box runs I'm going to take an early lunch.

11:44 am

Back from lunch. I even showered. If I fail this, I'm going to blame the lack of black hoody during exploit. Everyone knows you gotta look like this while you're hacking:

Pasted image 20220203114552.png

I ran into the bottleneck again. I'm going to let dirbuster run for about 30 mins and if NOTHING comes back in the 30 mins I think it's safe to abort.

Alright, lets get back at it!

12:46 pm

Time for another long (15min) break! Making good progress. Documenting/Enumertion is right behind the scanner. Scanning 5/6 and enumerating 5/6.

I'm excited and nervous to start the weaponization/exploitation phase of these attacks. The active directory boxes will be interesting - I'm thinking of saving them for last since it's all or none. I can at least get some points with the standard boxes. Then hopefully I'll have enough time to figure out the AD boxes with some research.

1:25 pm

I ended up extending my break, the mental fatigue is starting to set in. I may need to take a nap or something after this session.

1:35 pm

Started scan 6/6 - going to take a long break/nap and hopefully come back ready to exploit!

4:26 pm

I'm back to it. Had a good nap, ate some snacks. I'm not super excited to do this, but I'm ready.

6:47 pm

Finally feel like I'm back in a groove. After my nap, the kids got home for the day, we had dinner together, and it took me a minute to get back into a flow state. Good to go now tho! May have to keep at it all night...approaching the 12 hour mark with no points yet :)

8:04 pm

Past the 12 hour mark. Still no points. I just used my metasploit attempt and it failed....gonna go take a break.

10:32 pm

Time for another break. I got 10 points! YAY

11:00 pm

I'm back now, got some energy drinks and chips...Looks like tonight is going to be an all-nighter, havn't done this in a while.

12:04 pm

2 monsters in, I've nearly exhausted all optoins for PE on the machine I got user on. Going to try one more thing then move on to the next machine. Break time (waiting for results from exploit suggester anyhow)

Came back not even 10 mins later... back to windows PrivEsc :)

12:59 pm

Time for another break. The monsters are kicking in, good thing I didn't have any more.

2:13 am

Got another 10 points by getting user on cronos. So now I'm at 20! 20% of the way there with 5 hours left.

2:50 am

Got another 10 points by getting root on cronos. Total points now 30.

Taking another break....and another Monster.

3:10 am

back to it....I'm getting really tired. This was wayyy easier in highschool :D

8:07 am

Well, I crashed and just woke up. I feel ROUGH. No only did I fall asleep, but I wouldn't even have enough points to make the report worth it. I did lose quite a bit of time from the scanning fiasco...so I'm going to keep at it until 11am to see how I would have done without the lost time for re-scanning.

But first, I need to recover.

Pasted image 20220204081632.png

11:03 am

Well, it's official. My extended time is up and I haven't managed any more points. I'm still exhausted. I finished with 30 points, which means I would need to spend more money on a retake if this were the real exam.

Lessons Learned.

  • Validate your scanner is running before walking away. Don't assume it's working. You may not be connected to VPN.
  • Pomodoro is helpful, but I need to be more disiplined on the length of breaks. During this test exam I started losing interest quickly. I'm not sure if I over-relaxed to avoid anxiety or what. It doesn't seem like burnout - today as the end got closer I got more and more pumped. Maybe I should be setting more rigorous SHORT TERM GOALS to keep me engaged. 24 hours is a long time to be engaged, and I felt myself having a procrastination mindset pretty early on.
  • Get good sleep the night before. I saw this one online but ended up not following through.
  • I have no idea what's going on with Active Directory
  • Don't jump right in to credential stuffing; you could tip over the server. Also be sure to account for dynamic cookies; JUST USE BURP.

That's it for now. I don't even have enough points to make the report worth while, so I'll finish up these boxes, add more to lessons learned, and then possibly do a report.

Will need to study some AD hacking techniques.

Then I suppose I should do another practice exam :)

TTFN for now, guess I'll have to try harder <- great tune

Pasted image 20220204112648.png