Rooted another one.

Counter is on 11 !! 

Sounds like your living in a prison !! A prison which you can see Ubuntu, touch Ubuntu, taste Ubuntu, or smell Ubuntu. A prison for your Ubuntu mind. The differences between something which you see and the truth is so much in this Ubuntu prison.

I think it was just wishful thinking.

There is no such thing as a pause. The OSCP is all about the labs.

Just rooted nr 10.

DAY 23

Another day, another ROOT !

COUNTER: 9 ROOTED BOXES

It seems to be that the exploits I tried when I started the lab that aren't working are working now. How is this possible ?

Hate to admit it, but it's maybe because I'm getting slighter better at it. I still have to say that I consider this all to be 'low hanging fruit' so far.

One strange thing happened today, I tried to exploit a certain service with a know overflow bug by MS. I crashed the server really hard. So hard maybe that when I reverted it several times, that one service is not coming up at all. That service also ran for several weeks so I'm wondering maybe it's a service that another hacker opened ? I have a complain about the labs, I'm hacking a server and I'm not the only one, all of the sudden the webdir is full of exploit code., I revert it, but the other guy who's also working on it, puts back quickly his exploit code. I kinda hate that :-(


I'm also still in my student network and no sign at all of any links to any other networks. Still a really really long way to go imho !!!

There will be less hacks in the future.

Buffer overflows will be hardware and compiler wise protected and compilers will be more intelligent in producing software security holes.

I talk to many programmers, there is a change since the whole anonymous group in the press, the coders are much more aware of the security issues.

The differences between something which you see and the truth is so much

Just rooted another one.

I was trying different stuff on that server and in my notes I wrote about a vuln: NOT WORKING - TRIED

But I said, really, and I tried it again, a little more deeper this time, and it worked!

Meaning... I can be wrong too, it's not because I say it's not working that it's not working :-)

Counter is now on 8 rooted boxes.

Thanks, just rooted another one and finished the half one too ;-)

That puts the number on 7 boxes rooted.

 

DAY 22

Started with SQL Injection and managed to bypass one web authenticate login to the admin console on a server I didn't rooted yet. So I guess that's a half server hacked today :-)

I must say, Hacking Web Applications is a BIG subject, and the PDF and the Videos cover it only on the surface, back to reading books now !!!!

I'm also planning to re-read the PDF and review all the videos starting from tomorrow.

Linux is not a service. It's an OS.

Check out their pdf on their site, they address your questions.

Every server I came across has specific applications running.

I can just say: They look just like a real server.

They are not like a clean image with patches missing, that's for sure.

DAY 21

Another day, another server ? I rooted another one. And this time, I have to say it was really really cool meaning -without spoiling it for the others- that I came across something that I said: Hey I might use this on server X, I tried it, and it worked.

Puts the counter on 5 servers rooted so far. Let's do some more reading further on the day and try another one tomorrow.

Instead of trying several servers at once, I now try to take 1 server out per day and try to hack it. Focused on only 1 server. It seems to be a little less frustrated and let me go deeper on the server but it makes me need to read more and more :-)

Let's see if I can hack another one tomorrow!

DAY 20

Okay okay OKAY again ;-)

I listened and read more in the books but meanwhile took 1 server out with many ports opened and worked on it.

Found one way to enter it, so I rooted it, that puts the number on 4.

Not a lot. Step by step... but happy I rooted another one.