4AM 12/10/18 I received a reminder email and when I read it closer, it turned out that my exam started at 1AM not 1PM. It’s currently 4AM and so far I impressed myself. Almost immedietly after running a port scan on one the IP’s, I managed to avoid the many rabbit holes and got user within 5 minutes. I am currently stuck on the privilege escalation on that. Although, I rooted another machine. I am not feeling to confident about the rest, but so far having looked at everything, it is far easier than everyone makes it seem. I actually might go as far as saying hackthebox is harder than what you will encounter on the exam. So far I think I have 1/3rd of the points I need to pass. Time-wise I think I am doing fine, but these last few machines might be a lot more time consuming. I haven’t used metasploit yet either, so hopefully that will come in handy to save some time later on. On a somewhat unrelated note, the proctoring isn’t bad either. Other than the thought of someone watching you spell import -c pty.spawn around 6 times, you don’t notice anything. I am going to take a break to sleep a bit until around 7 or 8am.
8PM 12/10/18 I think I woke up at around 8:30 and got started working again. I forgot to keep track of time, but somehow did much better than I thought so far. Of the 70 points needed to pass, I am currently at 40 points. I spent an insane amount of time on trying to figure out privlege escalation on one machine and the buffer overflow machine isn’t going very well despite restarting it over 8 times. My last attempt, I found a new bad character I missed, but the shikata_ga_nai encoder refused to encode. I don’t have high hopes of passing because I am completely stuck on the buffer overflow machine/priv escalation/the other 20 point machine. I am going to focus the rest of my time on the buffer overflow stuff because of the point value. ———————– 1AM 12/11/18
I managed to figure out the privlege escalation and buffer overflow machine which brings me to 80/100 points, which means I passed! Or maybe I didn’t. After reviewing my screenshots, I realized I didn’t get the ipconfig portion in my screenshots. I really hope offsec isn’t that harsh to fail me for that, but I guess we will see.
5PM 12/11/18 I received an email from offsec notifying me that I passed the exam and earned the certification!