#100DaysOfCode, Day 3: OSCP, The First

Today I had my first OSCP attempt. It was not a serious one, I just didn’t want the voucher to expire just like that…

I had bought a 90 days subscription for OSCP last summer. Unfortunately the exam voucher is only valid for 7 months, and it was about to expire, so I just gave a shot to the exam. Since I was really unprepared, I didn’t expect too much of it. I even had plans for the afternoon, so I only enumerated the machines for 4 hours and then stopped.

And as expected, I wasn’t very successful :-( However in the last 30 minutes, I found a local user flag for submission (it was very easy), so at least I managed something… Besides that I couldn’t really find any foothold, although I found a couple of things that I think might have worked.

I took notes of all application banners I could find, just in case I see those again… And that was it, my first OSCP attempt - very unspectacular.

I was quite frustrated after I gave up, but I guess it also had some good things. For one thing, now I know quite well where I stand (it’s still a loooong way…). Secondly, I know now the exam looks like (it is exactly like described in the FAQ), so it was a good choice I guess. The best thing is that I could verify my technical set-up is fine (laptop, monitor, external HDD with a Kali Linux virtual machine image). But still, it was quite a downer :-)

Anyway, today evening I also did the new Starting Point machine on Hack The Box, “Unified”, which tackles the log4j-vulnerability. It’s a very interesting one, but unfortunately my session died just before I could finish the privilege escalation. I guess I will finish it tomorrow and post the write-up too.

All in all, I guess I spent around 7 hours today with OSCP & Co.