Post Mission Brief Pwk Review Guide

Penetration with Kali (PWK) Review Guide after having completed 90 lab. Resources and tips to help fellow hackers develop & execute a plan for attacking the lab network.


Legal Usage: The information provided by [email protected] is to be used for educational purposes only. The website creator and/or editor is in no way responsible for any misuse of the information provided. All the information on this website is meant to help the reader develop penetration testing and vulnerability aptitude to prevent attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. Information provided by this website is to be regarded from an “ethical hacker” standpoint. Only preform testing on systems you OWN and/or have expressed written permission. Use information at your own risk.

By continued reading, you acknowledge the aforementioned user risks/responsibilities.


Abstract

This overview will be a 10,000ft internal view of Penetration with Kail (PWK )course/lab and explain procedures, contain personal thoughts and methodologies used throughout the 90 day training window purchased. This is to be used as a resource guide and will NOT contain any specifics pertaining to actual machines in the lab.

source: b24.net/MissionAnatomy.htm

Initial Impressions:

Penetration with Kali (PWK) course provided an environment to develop and hone in experience to aid in the completion of the Offensive Security Certified Professional (OSCP) certification.

Many throughout the web liken a comparison to Hackthebox (HTB) to which there are some similarities but having completed a 90 day training window I can attest that vaguely speaking I find HTB more challenging in that the rabbit holes are easier to find yourself in. Having practiced with multiple Vulnhub machines, countless hours of “his greatness” IppSec YouTube videos and hours spend reading and researching in preparation

Goal: Keep it simple develop foundation and build upon and grab every piece of prep material I can find along the way to help. Step two don’t get crushed.

Prior reading material/Courses

System Setup / Configuration

Hardware:

Software:

Offensive Security Custom Kali Image - Would highly recommend using it and customizing it to your own needs as new distros can cause issues while performing PWK exercises.

Exported VMware image to OVA imported to Virtual Box. Personally prefer Virtual Box to VMware do to the simplicity and consistency. Maintaining image across multiple virtualization software also aid in redundancy when dealing with disaster recovery.

Managing VMs and Disaster Recovery

With my main PWK image being used within VMware to connect to Offsec VPNs for the course as mentioned keeping multiple backups is KEY throughout this course. Horror stories of people losing data and having to start from scratch. This doesn’t have to be you.

Real Life Example: Salute to @Djax_Alpha misery - “another one bites the dust”

source: https://twitter.com/Djax_Alpha/status/1174436036417597440

These are the steps I used to safeguard and backup my image:

Firstly, as soon as you have configured the PWK image

  • Take an immediate snapshot.
  • Export an OVF to an external thumb drive.
  • Set a reminder on your phone to every week to at minimum perform the off system backup.
  • Put thumb drive in the same location you would store your passport. (known secure location)

Personally it didn’t take not more then 2 weeks into PWK that I encountered my first full system loss. Woke up fired up VMware Kali was toast and would not boot.

Notes Taking

An essential skill for any aspiring pentester. Anyone with the knowledge of how to exploit vulnerabilities but in the end it’s the management of information and being able to write a detailed report of an engagement that separates the Professionals from the rest.

Watching many saving their notes with a popular application CherryTree (Link) there was one fundamental problem with keeping notes on the application in the VM — Image Dies, so goes your notes unless backed up.

Image: cherrytree application via giuspen.com

OSCP Michael LaSalvia of DigitalOffensive had a great video explaining on how to setup rsync to backup cherrytree files to a google drive account that I’ll link below:

https://youtu.be/BvLMQMjV9YE

source: https://youtu.be/BvLMQMjV9YE

Reiterating, this is a solution but not my personal as I’m not a fan of relying solely on the VM image.

exec Notes Backup Solution

  • Download the CherryTree application for windows - cherrytree_0.38.9_setup.exe
  • Setup an OSCP folder locally
  • Backup folder with Google Backup and Sync application - Link

The cherrytree application functions exactly as is does within the VM and now you have the application in a windows 10 environment that is inherently more stable. Following more or less the same framework by utilizing the Google Back up and Sync application your files are saved automatically in the background to the cloud.

Target Engagement Notes

Enter - Paper by Dropbox

Dropbox Paper Example

I highly recommend that you take the same approach to off machine saving of target notes. I found that utilizing Dropbox Paper as an OUTSTANDING solution. Paper, uses the markdown language for streamlined organization with code blocks but also has a search function that parses through all notes you have taken. Simple put GAMECHANGER!

I cannot express the full extent of how easy paper made the not taking process and it was completely backup to the cloud. (connection of other people’s computers)

YouTube Dropbox Tour: https://youtu.be/BVCe8v7opUs

https://youtu.be/BVCe8v7opUs

Information / Tools (binaries) Management

Throughout the course you will be downloading/cloning many GitHub repositories and may have found a treasure trove of information from others in the same pursue. Initially, I felt like a hoarder

teenage mutant ninja turtles pizza GIF via giphy

Every piece of everything I began trying to find a place for it with the “I might need later” … It all became too much. Saving links from twitter to Google Keep (note taking application) just became overwhelming.

To this day still don’t have quite a solution for how to cut through all these weeds.

Takeaway

Save important commands and syntax to Dropbox Paper and use a hierarchy structure. Lean on the search feature to parse through notes.

Very important that you ensure your files are only visible to “Only you”

Attack Methodology

My initial thoughts after having connected the VPN server was “Ok, now what…” a bit of an overwhelming feeling that soon will subside as soon a you just remember this is YOUR training battlefield.

Network recon: A collection of recon scripts that were clearly laid out and offered tailored enumeration should you so be inclined. At the very least worth checking out

Structure

  1. Recon
  2. Enumeration of all version numbers found
  3. Search version number vulnerabilities with both duckduckgo and Google (discovered variations in search results)
  4. Establish foothold && a secondary shell (backup)
  5. Interpret your environment
  6. Search for vulnerable processes
  7. Elevate - “insert song Drake - Elevate”
  8. Run proof scripts
  9. Document steps taken to achieve this point — important

🎁 Gift to those who have gotten this far — hang on to for safe keeping: https://guif.re/

Final Thoughts

training pilot GIF

Penetration with Kali was an experience to say none the least. The levels of frustrations hit absolute peek levels and the 90 days seemed to have breezed by.

Honest advice, the course at times could be overwhelming but the will to endure needs to be more. Treating the targets as CTF’s is not the way to approach this situation. Your job is to learn how to discover vulnerabilities and exploit them and manage the documentation. It is here within the lab you hone that systematic approach.

Personally, I achieved 41/50 targets across all networks and while you can spend your time fighting against the “Big 4” I personally left them for the end and only accomplished 2 of 4.

Lastly, do yourself a favor after you enter the lab plan to take breaks to manage your sanity. You will quickly get burnt out and I found that taking time to physically work out help balance the mental strain — Trust me on this one.

Believe in yourself.

-Executeatwill