He shoots…and a miss! (or my first OSCE lab exam)


My last post was Novemberish…which coincides with the time that I signed up for the OSCE course from Offensive Security. Many hours were spent xor’ing, jumping, popping, pushing, moving, add-ing, and sub-ing. All of  which culminated this weekend in my lab exam. Let’s just say that, I’ll be revisiting it again…but am proud of what I accomplished. With that, I thought I’d try to add a little levity to an otherwise stressful weekend…

For those of you who have taken it, perhaps you can relate. For those of you that haven’t taken the lab you…you’re in for a treat. (A delightfully twisted, and painful treat). Here’s a breakdown of the many states of emotion during my exam experience. YMMV. Individual results may differ. etc. etc…you get the point. And now…here they are.

First stage (pre-exam)

Am I ready? I’m ready. No I’m not. Yes I am. No I’m not. Shit…I have no idea what I’m doing. Fuck it…let’s do this.

The email arrives…

VPN works, control panel opens…reviewing the requirements of each box…ok…here we go

I think most of us pick the one we think we can knock out quickly. For me, that was one of the higher point value targets.

MFW I managed to find the first entry point pretty quickly…

But then, after that, it took me a while to make progress….

But then…about 4 hours later…I found what I needed.

Trying to escalate privileges had me like…

But then…it happened.

…and there was much rejoicing.

Onto the next box…which looked easy. Sure…I’ve done that before…let’s get this over with. Easy 15 points coming up…

About an hour later…

Then…an epiphany. (or maybe I re-read something I had before, just in more depth)

An hour or so after said epiphany…tango down.

Ok…moving on. Let’s just say that one of the challenges felt…very familiar. However…that’s not necessarily a good thing. For various reasons…I skipped this one.

Alright, onto the last box. Took a little while to find the initial entry point, and get things set up the right way, but eventually, I got what we all love. AAAA.

Giggity giggity gig. Alright, let’s do this. But then, you slowly realize…oh, this is “the one,” and you settle in for the long haul.

Eventually, I was able to get some signs of life from my exploit. Confirmation at least that the basics were working….

And…

Spending a little more time with it…and eventually end up here…

Then…

Then…

Some more of this…

Despair sets in…

Time for a nap. I wake up like…

Back to work. Tried some ideas…and one worked. It worked well in fact. It was glorious…with about 20 minutes to spare on the development machine. Fired away at the target, and…

What the…seriously? But then, it hit me.

To be vague, I had done something to the dev machine a few hours earlier to get my exploit to work, but realized it wasn’t “there” by default.

With that…down goes the VPN.

So. Many. Feels. I’ll be back for round 2 Offsec. We shall meet again. Many thanks go to @seeonedave for his listening to my venting.