Finally, I am getting to Metasploit. Wow.

Well, I haven’t written for a while, but my daughter turned 4, my wife is expecting in July, and I am waking up pretty early to start studying these days. It’s a slow process, but I’ll get there. My plan is finish the labs, practice on and take the test in early September. I feel like failing the first time is simply a right of passage, so if that happens, at least I’ll know what to expect for the next time. I will get this cert. It might take time, but I am going to get it.

I am getting to the end of the labs, and I know now why metasploit is last and why you can only use it on one box – it’s pretty powerful. I did use it to pop my first shell on the lab machines – using 08-067 to exploit SMB!

This gif never gets old…

I didn’t know about meterpreter before the exploit, so I was hanging onto my shell for dear life, trying to upload a privilege escalation executable using certutil and tftp, but the shell was non-interactive and yeah… didn’t get far. But I started reading about meterpreter and all I could think about is how I am going to root that box now with my new knowledge.

The labs ask to perform a few things that I had to skip and gain my knowledge on – i.e., using metasploit to dump hashes and pass the hash. So now, I have to go back and finish up those labs. My lab report, w/o and writeups of pwning the 10 machines is almost at 200 pages. I am not going to fail to get those 5 points. Even if I have to come back and pay for more lab time.

I will have to say that I am really enjoying my time learning through PWK. People slam it for not being current (the exploits and the material), but I think that’s part of it – TRYING HARDER. Also, forget that man, it’s a VERY solid foundation for pen testing.