Oh Shit, Can’t Pwn?

I’ve kicked about doing CTF’s and VM’s and it’s all been fun and good. I’ve learned some cool things. I work in InfoSec, so see loads of different attack vectors and read loads of papers and security blogs. OSCP should simplicity itself, right? Ummmm No.

I’m struggling like I never have before with a ‘learning’ experience. True to its word you learn a lot, but yet I still feel like I know nothing. The difficulty I am having is that the learning is not structured. You get an awesome video series that makes everything look like simplicity itself. You get an accompanying PDF of around 370 pages, which reinforce the fact that all of this is dead simple. Look at how eloquently it’s written with no fuss! It explains everything in a easily digestible manner, this is going to be great. You mop up the materials and now it’s time to take a look at the labs..

You can take the lessons learned and try apply them to the multitude of boxes that are available to you.. first you’ve got to find the box that is associated with the lesson though, and that’s normally buried under several layers of enumeration. Guess work, you can’t just pick a box vulnerable to SQLi, you must hunt. When I pick a box I am always asking myself is this box linked to something in the materials?? Multiple ports and multiple services and web services on top of it all! It’s daunting. I don’t want to ask for assistance for a few reasons.

  • Number 1; I don’t just want to be told to try harder.
  • Number 2; I DON’T just want to be told to try harder.
  • Number 3; My questions feel ‘frivolous’, I’ve spent 5 hours on this web app, should I continue with this or go and have at another service.

Getting started is really, really difficult (or in my eyes at least)and more than a little bewildering.

There is talk of ‘low hanging fruit’, this assumes you know what low hanging fruit looks like. Again this seems to be very much about the enumeration and I am sure will come with time and patience.

I knew this was going to be hard, but in hindsight I am starting to think I wasn’t nearly prepared enough for this course. I’m watching the lab days tick by with very few root shells under my belt. I’m trying to avoid metasploit usage, to really learn what's going on (also making the assumption metasploit will make life easier, it may not). I’m starting to question this, purely so I can get to the boxes that require proxy chaining to get into other networks. I’ve never done this, it’s not something that stand alone VM’s offer, and it’s an area I really would like to explore. I’m getting a bit worried I’m not going to get out of the Public/DMZ network.

I’m hoping for a ‘moment of clarity’ where things start to make sense. I’m not even close yet, and my mood is rapidly becoming something akin to someone afflicted with bipolar issues; my wife is thrilled with this.

Tonight is going to be OSCP-less, good food, with good friends. OSCP, I shall see you tomorrow (you bastard thing).