Up to 31 rooted servers as of yesterday afternoon. I started a social engineering project yesterday afternoon, so I won't have as much study time, but I will make due.

Thanks, azmatt! My RFI skills have improved a lot since the exam. I am starting to think like a hacker, for a lack of better terms. I was making some big mistakes on my last exam attempt and prior to that. One example was not scanning all 65,535 ports. There were ports and services I wasn't detecting. I figured out something yesterday that was a big help. I ran an exploit that gave me system level access to cmd.exe, but it limited me to on that command prompt. So I tried adding another account to the local administrators group, but I got an error and could not add the account. So I discovered if I launched programs or admin tools from the command prompt, they ran with system level access. So I did some Googling and found a solution. You run this from the command line "control userpasswords2" and it launched the user manager utility. The control part of that syntax refers to the control panel. So if you know the other names for the other control panel apps/utilities, you can launch them from the command line. My Windows local privilege escalation skills have improved over the past two weeks. I learned another cool tick, which is how to turnoff the Windows firewall from the command line, which is "netsh firewall set opmode disable". That comes in handing when you only have shell access to a Windows box. Then you can connect with remote desktop. More lab time was my key to improvement. I am doing the things you hear everyone say, like sticking to one server at a time and enumeration, enumeration. I am confident I will do a lot better on my exam retake.

Awesome idea, thanks!

If you have other ideas I would like to hear them. I know I may not be doing things the optimal way and would like to have more options.

For those that have taken the exam multiple times, is it always the same or do they have different machines and vulnerable services each time?