I've been working through the PWK labs. It's not the easiest, but I've rooted five boxes and I have a shell in another. I will work on privesc tomorrow.
At this point, the boxes haven't been particularly difficult, but I still don't feel that I'm where I need to be to pass this exam. I still have to practice Buffer Overflow, too. I hope I can force myself to practice it multiple times per week.
Some takeaways so far
I've been first going through the PWK learning path here. There are a few takeaways I have so far:
- It's said time and time again: Enumeration is key. These machines are designed to be popped, and being able to look at every service and figure out a way to compromise it is the only way to really succeed.
- Don't be afraid to use Metasploit: I tried to avoid Metasploit early on, but now, maybe because I'm on a timecrunch due to the limited lab time (As opposed to, say, hackthebox, which I use year-round) I don't want to waste too much time on a single host. It's better to learn something than to learn nothing. I am still having to polish my enumeration skills if I want to fling some 'sploit from MSF at the target. I can't just go launching a bunch of Hail Marys and hope something sticks. Well, I can, but it's not very efficient or effective.
- About Metasploit, I've learned a few new things about Metasploit, such as "show payloads" and "show targets." As well as "set payload." Simple things I never learned before because I was so bent on not using Metasploit. Furthermore, after I've used it, I can verify that the service I thought was vulnerable is in fact the vulnerable service. From there, I can backup a little, or revert the machine, whatever, and work on the manual exploit to solidify my understanding. There's absolutely nothing wrong with doing that, and now I've learned more things than I would have by limiting myself by some artificial restriction that will be imposed by the exam. In real life, you can usually use Metasploit, and it's not a problem. (Anyone who tells me otherwise can go eat dogfood, because unless there's a specific reason the client doesn't want you to use Metasploit, you are very likely going to use it.)
Anyway, that's all I've got for now.
A few interesting reads