I lied a bit in my previous post. I said that my next step after finishing a course in hacking was to organize my notes, and change this website so that it reflects them. The past week, I did quite a bit opposite to that!
After looking at my notes, I got very much interested in learning more. So much so, that I begin two more courses. One was in Web Application Testing, and the other was in Windows Privilege Escalation. I just couldn’t stop learning! The right answer was to do what I described in the previous paragraph, but something just led me to absolutely wanting to know more. I couldn’t stand the fact that there was so much more knowledge out there to learn. In perusing these new courses, I learned a lot, but still needed to take a step back.
The courses were showing some awesome stuff! So many tools for enumeration, and ways to pwn a machine after the initial foot-hold… but after some pretty intense enumeration on ‘Hack The Box‘ and ‘Try Hack Me‘ I learned that I am in the perfect part of my learning!
As a current student of hacking, there must always be a time where something clicks; it did tonight. With all of the knowledge that I’ve acquired over the past few months, I felt confident that it was time to pwn some machines that I’ve never seen before. In playing with the initial enumeration of these machines, it dawned on me that… quite frankly… privilege escalation is pretty easy! With some Google skills, anyone that has an initial foot-hold of a machine can take over the entire machine within minutes. However, the initial foot-hold is the key to all of that.
When I tried to get an initial foot-hold on any machine tonight, it took quite a while to understand what the machine was doing, and what services could give me a good insight into how I could ‘start’ to own the server. It’s the enumeration that was the key; doing reconnaissance on one machine for as long as it takes to know everything about what its intention are. Weather it’s an email server, or a simple web server, the initial attack vector means everything. Not only that, but being stealthy on a machine can determine if you are going to be successful at continuing the attack, or stopped in your tracks by both human and electronic surveillance.
So I’ve made some decisions tonight. First, I am absolutely still going to organize my notes from the first course. It’s the right thing to do, and it’s been a promise to myself since my early college days. Second, I want to concentrate on learning more about the initial foot-hold that gives you access to a box. I want to play around with as many machines as I can to find that initial attack vector which will give me user privileges. Quite frankly, the privilege escalation and root privileges will be a skill that comes as a second nature due to the knowledge that I’ve acquired. It’s that initial foot-hold that I really want to concentrate on at the moment.
I would hope that anyone reading this would be seeking knowledge on hacking, and trying to figure out for themselves what learning paths to take. If you’re anything like me, you’ll concentrate on that initial foot-hold which gains you user privs. Everyting else will fall into place!