I just purchased my third month, and I have mixed feelings about doing so. I have spent almost 6 weeks (minus 2 out of the 8 for selling my house and moving), averaging almost 20 hours per week. At this point i have 25 machines fully rooted/system’d, including the ‘gimme’ msf box. My goal was 24 before taking the exam, but that goal has changed as i discovered my personal weak areas. That being privilege escalation and modification of binary exploits.
I can say with certainty that web based application hacking experience has carried me far, and fast. I dropped MANY machines by utilizing web based attack vectors, but have been informed that most machines have multiple avenues of compromise.
Currently, I have all but one network unlocked (dev…wtf?!). This is a major bone of contention for me. I have access to the machine that touches the dev network, but haven’t gotten priv esc to unlock the network key. Why is that frustrating? because i have shell, and can…well in the real world I WOULD be able to….access the dev subnet. But because i haven’t unlocked the subnet, i can’t reset machines, and am having port scans come up dead.
So the try harder adage applies right? Well, yes, but i have uncovered no less than half a dozen machines that unlock the IT network, and only one that unlocked the admin network, and one that will likely unlock dev. I find this to be disproportionate, and ridiculous, especially when i find a fucking IT subnet key, on an admin network machine (you have to unlock IT before admin).
So i’m a bit frustrated, and a bit disillusioned. Having done Red Team exercises and pen testing (professionally) for a few years now, i find some of the lab to be realistic, and other parts nothing more than game play. There is literally a box where it’s nothing more than a CTF style challenge. No spoilers, but that one aggrevated me on a whole new level, and not because I couldn’t pop it, but because it had no real value other than playing a ‘game’. It’s not realistic in the slightest.
This leaves me with another month to do the following:
- Pop a few more boxes (ideally the dev net…sight)
- Practice priv esc until i gain a little more comfort
- Practice exploit modification (essential for the exam)
- Write my lab report
- Prep my test report
That’s a tall order for one month, but i’m tired of the ‘game’ aspect of the lab, and really fatigued. I need to rest, and want the exam done with. So i will be scheduling it for a few weeks after this month is over. So I should be taking it sometime before christmas. I can’t wait….lol