As many of you know, I am actively working on my Offensive Security Certified Professional (OSCP) and have unsuccessfully attempted the exam once. In concert with a few friends in dc865, I am working through several Hack the Box systems to get more comfortable with the process and better prepared for OSCP.

I am going to do more thorough write-ups on each box I do and publishing them a) immediately if they are retired; or b) as soon as they are retired. This will help others understand the process to pwn a system while helping me stay sharp with the verbosity level required to pass the exam. This could also serve as a roadmap as to how to write up a system for professional work in addition to hobbies and certification. I plan on writing systems up with the following sections (for both user and root; those marked with an asterisk [*] are not required for OSCP reporting - also note that this is out of order for OSCP):

Port Scan Results*

Here, I will share what I was able to find through my port scanning. I will also share the specific scan commands, switches, and syntax that I used. I will use this as a segue to talk about the enumeration phase, which is the next section.

Further Enumeration*

This is where I will talk about my initial enumeration beyond port scanning. This could include OSINT, web page crawling, and other tools. This is the section that most highly-successful penetration testers and red-teamers have told me to focus the majority of my time.

Methodology

Here, I will explain how I got to the point of gaining access and the flags. I will also discuss any red herrings and pitfalls that I encountered as well as my thought processes going in. The flags and code will be in the next section.

Findings, Sample Code, and Flags

This is where I will discuss the actual pwnage. I will share any code that I wrote or modified and how I got the flags. I will not share the actual flags, go find them yourself -Try Harder!

Additional Actions

I reserve this for any additional information. In an actual report, this would be a good section to talk about pivoting in. If anything of importance doesn’t fit another category, put it here.

High-Level Summary and Recommendations

This is where I will discuss the system, what is wrong, and what management should do (but in business terms). It is just as (if not more) important to be able to explain to someone in a non-technical role how you accomplished something and why the current settings are a problem. While we do typically write for a technical audience, we have to remember that they have non-technical people that they answer to.

Tools Used

Here, I will discuss which tools I used and for what.

For this, I used Medium :-)

See you soon, after I pop some shells!

Walkthroughs:

Arctic
Blue
Lame
Legacy
Mirai