EH-Net

Hi guys,

I've been really busy lately doing my internship and the PWB V3.0 course!

I was getting worried because it took ages for me to finally hack something. But now I can say I successfully penetrated several machines. They're all windows machines, but oh well. Also I managed to reach another network with a bit of help from DRaid 8)

The guys on IRC are very helpful and they always steer me to the right direction without giving spoilers.

I've carefully documented all exercises and most extra miles, which is a very time consuming task. I've studied all the material (labs and video's), and have about 17 lab days left to hack as much as possible.

I'm still very thankful for getting this opportunity. I've already learned so much  8) I might even pursue a security related career instead of development. Before starting this course I knew I was going to become a software engineer..but now I'm not so sure :P

Now its time to pwn some Linux boxes :D

Cool :) Good luck in continuing the course and preparing for the exam. Thanks for the update.

Yep, good luck and keep us updated.

Out of curiosity - how many hours do you spend on the course á day/ week?

Great, zeroflaw! 

Feel free to ping me, as well, if you need anything.  I passed mine a few weeks ago, as well.  But sounds like you're well on your way!

Good work zeroflaw.

Its great to see your doing the extra mile challenges. When you get the chance be sure to get some experience exploiting some of the linux machines. You and I are in the same boat in what were going into for our career. I'm going for development and eventually may switch over to the infosec field. Keep at it.

Kris

Nice zeroflaw, and thanks for the update.
Gl pwning those Linux boxes ;)

nice! great news to hear! i got about a week left on my lab time and i have not reached the other networks yet...working hard right now but keep hitting walls...i must say its harder then i initially thought it would be...keep it up and i will talk to ya soon!

@j0rDy I have heard that in the test, you don't have to pivot to attack another network. So although it is very useful, if you can't find other networks during your lab time, you should be ok for the exam.

BTW, after my initial lab time has expired, I was going on holidays (DefCon!). So I asked them if I had to buy a lab extension right away or if I could wait a bit. They said I could take all the time I wanted, so I ended up waiting a full month before buying some extra time.

All that to say if you are planning to buy more lab time, you don't have to buy it right away.

Also, I am scheduled for the OSCP test Saturday, August 21st! So I am buying 10 days of lab today to get ready for the exam!!! Man I hope I pass it...

@H1tM0nk3y and j0rDy - good luck on the exam.  Just remember, as muts and the admins always stress, 'Take your time, take breaks, walk away and clear your head occasionally, etc...'  It definitely helps.  A couple of times, on my exam, I hit a wall -just came up on something I dind't expect or see coming, and threw me for a loop - and that little time away from it was exactly what I needed, and my brain just suddenly 'woke up,' and I cruised through.

I won't say whether or not you have to worry about pivoting, as I've taken it, and obviously, I'm not supposed / permitted to say.  However, what I WILL tell you is, if you do well against the initial subnet of machines, Windows AND *nix, pivoting or not, you should do well on the exam.  :)

I wish you both well on the course and exam.

I try to spend about 2-3 hours on the course in the evenings when I have to work during the day. I sorta have vacation since last week so I can spend at least 5 hours a day, also on weekends.

It depends usually, when I get stuck on something I can work on it all day till I get it fixed :P

@hayabusa Thanks for the advice! I will probably break more often than not and do something totally different so my brain will think about something else.

What a course!!!

No doubt, but boy, was it worthwhile, for me!

Good luck on the exam!  Make sure you take a break now and then, especially if you get stuck on something; it'll help relax you can clear your mind so you can come at the problem with a fresh perspective.

Let us know how you do.

Kind regards,
eternal_security

@eternal_security - Thanks!

I am almost ready now. I am lucky (or bad lucky?) not to have a contract this week. So I am 100% studying and practicing. I am a little more confident now.

Knocking on wood!!

Little update!

My lab days have officially ended! For some reason I still have access to the labs and actually rooted a few extra :P

I've found all networks and got 1 machine in the admin network, though I got some help with that :P I was working till 3 am on my last lab day to get in! Maybe good practice for the exam lol.

In total I've pwned 20 machines, which probably is more than enough. I feel more confident than before. I found some nice linux privilege exploits that seemed to work on lots of the machines.

I've scheduled the exam for 25th of September. I have this weird feeling that I'm not going to pass, but oh well. I've really learned a lot lately, so it's all good :D

Now I'm just going through the lab guide and video's again. Still have some extra mile exercises to keep me busy.

I'll probably do a review after the exam, or sooner if I can find the time.

Sounds like you did great :)
Gl reviewing everything and most of all, gl for the exam!

Do you feel you can share them? Are they general privilege exploits or too specific for the OSCP lab?

Most of the exploits I used came from exploit-db.com

Linux Kernel < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit:
http://www.exploit-db.com/exploits/14814/

Linux Kernel 2.6.13 <= 2.6.17.4 sys_prctl() Local Root Exploit (3):
http://www.exploit-db.com/exploits/2006/

There's also another one which I can't find at the moment, something like ext4 exploit. I think it was this one:
http://xorl.wordpress.com/2010/01/01/cve-2009-4131-linux-kernel-ext4-ioctl-insufficient-checks/

I'm going to grab as many kernel exploits as I can and sort them by kernel version. Hopefully will speed things up when I'm doing the exam.

I will practice them tonight!  ;D

Spender's kernel exploitation framework should help as well...

http://www.grsecurity.net/~spender/enlightenment.tgz