This is intended to be a resource where students can obtain small nudges or help while working on the PWK machines.
It consists in 3 main steps which are taught in the PWK course:
- Information gathering (Enumeration)
- Shell (Vulnerability exploitation)
- Privilege Escalation
Note that we do not recommend students to rely entirely on this resource while working on the lab machines. Students should do their own enumeration and research and then come to this resource if they feel they have exhausted all of their options for a specific system.
- Initial Enumeration:
- Some machines may have certain defensive mechanisms.See Machine Firewalls
- We cannot comment much, but the devil is in the details. Identify what you see
- I know you can include a malicious file somewhere
- What's the ASCII of blank space?
- Remember the defensive mechanisms mentioned before
- Privilege Escalation:
- Find out how old this machine is
- New exploits are created as time goes by. Make sure to try them all