An OSCP Review – The OSCP Epic Part 3

I just purchased my third month, and I have mixed feelings about doing so.  I have spent almost 6 weeks (minus 2 out of the 8 for selling my house and moving), averaging almost 20 hours per week.  At this point i have 25 machines fully rooted/system’d, including the ‘gimme’ msf box.  My goal was 24 before taking the exam, but that goal has changed as i discovered my personal weak areas.  That being privilege escalation and modification of binary exploits.

I can say with certainty that web based application hacking experience has carried me far, and fast.  I dropped MANY machines by utilizing web based attack vectors, but have been informed that most machines have multiple avenues of compromise.

Currently, I have all but one network unlocked (dev…wtf?!).  This is a major bone of contention for me.  I have access to the machine that touches the dev network, but haven’t gotten priv esc to unlock the network key.  Why is that frustrating?  because i have shell, and can…well in the real world I WOULD be able to….access the dev subnet.  But because i haven’t unlocked the subnet, i can’t reset machines, and am having port scans come up dead.

So the try harder adage applies right?  Well, yes, but i have uncovered no less than half a dozen machines that unlock the IT network, and only one that unlocked the admin network, and one that will likely unlock dev.  I find this to be disproportionate, and ridiculous, especially when i find a fucking IT subnet key, on an admin network machine (you have to unlock IT before admin).

So i’m a bit frustrated, and a bit disillusioned.  Having done Red Team exercises and pen testing (professionally) for a few years now, i find some of the lab to be realistic, and other parts nothing more than game play.  There is literally a box where it’s nothing more than a CTF style challenge.  No spoilers, but that one aggrevated me on a whole new level, and not because I couldn’t pop it, but because it had no real value other than playing a ‘game’.  It’s not realistic in the slightest.

This leaves me with another month to do the following:

  • Pop a few more boxes (ideally the dev net…sight)
  • Practice priv esc until i gain a little more comfort
  • Practice exploit modification (essential for the exam)
  • Write my lab report
  • Prep my test report

That’s a tall order for one month, but i’m tired of the ‘game’ aspect of the lab, and really fatigued.  I need to rest, and want the exam done with.  So i will be scheduling it for a few weeks after this month is over.  So I should be taking it sometime before christmas.  I can’t wait….lol