The final practical lab was today and it was on Pentesting.
I think this was the one that people struggled the most. Personally, it was the one I most enjoyed. Kevin also gave us a clue for this one so the part that everyone struggled was a bit easier, at least for me. I knew the moment the clue was key when I got to a certain part of the lab, so it really helped me to get the exploit to work. After getting the shell it was pretty straightforward.
I really liked this lab, to me it was the best of all the three labs. When I get all the flags I get this sense of accomplishment which is pretty cool. It feels like completing a game. I’m learning that having a methodology is very important for Pentesting. For example, when you get shell there are a few simple commands you should run first like: whoami, pwd, sudo – l, crontab -l, find / -perm -4000 2>/dev/null, env, ps aux, cat /etc/shadow. When all that doesn’t work, I like to run LinPEAS which tells you potential vulnerabilities on Linux.
It’s been an intense week, but after the lab I actually decided to do another easy CTF. I liked how easy it felt and I feel kinda proud of it because when I started the bootcamp I had never done a CTF and now I’m starting to get comfortable at least with this easy ones (although some of them are not that easy and take much longer than displayed).
Tomorrow I’ll get to do another one for the final presentation on Friday. I got together with Simon and Mathieu for this final group project so it’s really nice to end the bootcamp with people that I enjoy and that I’ve been doing CTFs.
