I am officially nearly one month into PWK. I have to say, I am rather disappointed with my progress. Having the freedom to figure everything out yourself with no guidence is a bit challenging because it’s hard to know what to focus on and what to give attention to. I did however root my second box today and will hopefully accelerate this trend.
Something I found is that on the forums people mention other ways to root boxes. Apparently on one of the boxes I rooted, I was actually supposed to find an exploit using exploitdb, but I found an issue with privileges on a certain process that allowed to become root. Something interesting using newer exploits on the lab machines as well. It’s interesting to see how that can happen in the real world as well if things aren’t patched. A lot of what I am learning is mainly picking up on patterns. During the information gathering phase, it’s really easy to begin to notice suspicious things and figure out what’s vulnerable or misconfigured.
I was talking with someone that went through the OSCP before and he mentioned that it would probably beneficial to just run a vulnerability scanner to save time and find the easier machines. I am currently running scans. Obviously, vulnerability scanners can miss things and even give false results. In addition to that, they can’t be used on the OSCP, but I think that this is probably the best way to go in order to save time.