After a lot of enumeration, I finally rooted my first lab machine. Like almost everything else, it seems like the most common downfall is overlooking the simplest things. After going through and writing a detailed report, I realize that the process is actually very easy and it feels like the hours I spent could have been done in 15 minutes if I am looking for the right things, but that will definitely come with experience. Having gone through the material has helped a lot, but learning from the labs is a very different experience that requires a lot of patience and critical thinking.
Here are some things I learned from this week:
- Port knocking
- SSH Cracking
- Scraping and generating a custom wordlist for brute force attacks
- Buffer overflows and how to perform them
- How to endlessly enumerate and mult-task.
- Efficiently using Tmux
- A lot of different linux system services and what they do
- In-depth linux permissions and how they can be used for privilege escalation
- .. and much more.
Goals for next week
From here on out, my goal is to root an increasing amount of boxes each week. At the moment, I think that one is a reasonable goal until I gain more experience. I have covered the majority of the material, but will be going back through everything and taking better notes.