No plan survives first contact with implementation. A second straight week of getting my ass kicked has caused me to reevaluate for the next few weeks, and reexamine my own intentions for how I see this thing playing out.
So, the quick update: I didn’t manage to privesc my one low shell. I was able to get a handful more reverse shells on some other easy machines. I also wrote a script that automatically runs through my basic scanning strategy and ran that against a ping sweep of all machines overnight, so that saved me a lot of time. So more enumeration, but a lot of increasingly frustrated banging of my head against a wall this week.
I say this as a preamble to what I realized about doing the OSCP this last week. I told myself at the beginning of this process that I was doing this thing as a stretch goal, with less so the intention of passing by any means necessary, and moreso with the goal of learning as much as possible about pentesting with the stretch goal of passing a test about it. I’ve let that slip away as time went on, so I’ve been working at this thing so far under the assumption that I have to move at a speed that will allow me to pass this thing. This week, as I realize how far I am from that goal, I was getting frustrated and impatient doing the work, which was causing me to work less effectively, which made me more impatient, so on and so on. The biggest take away from this last week has been a check of the ego and a check of reality, both of which have reminded me exactly how much I have to learn about how this all works before I should worry about passing any kind of superficial test.
It’s hard to write this out without feeling like I’m giving up or letting myself off too easy. That’s certainly one way of looking at what this is. Another way to spin it is that I’m reminding myself that I have time to learn, and that trying to go too fast is going to cause me to resent this thing that I enjoy.
So, anyway, the takeaway here is this: I’m realizing as time goes on that this thing is a bigger stretch than I had hoped. I’ll keep clocking hours at it, but at the right speed as to maximize both my progress and my excitement for the work. I’m on a vacation with my family this week with inconsistent internet access, so I’ll call this the post for week 6 and 7 since I’ll take week 7 mostly off. I’ll be back at it again for week 8.