This is intended to be a resource where students can obtain small nudges or help while working on the PWK machines.
It consists in 3 main steps which are taught in the PWK course:
- Information gathering (Enumeration)
- Shell (Vulnerability exploitation)
- Privilege Escalation
Note that we do not recommend students to rely entirely on this resource while working on the lab machines. Students should do their own enumeration and research and then come to this resource if they feel they have exhausted all of their options for a specific system.
- Initial Enumeration:
- Some machines may have certain defensive mechanisms. Link
- There are various paths you can take, make sure to enumerate thoroughly to reach the end
- Do not rely on a single transfer method
- Old is gold
- New exploits are created as time goes by. Make sure to try them all
- Privilege Escalation:
- Enumerate your access, what can you reach now that you couldn't reach from the outside?
- Any name around that rings a bell? Post enumeration in the whole network is key
- Once you know what to do just research and troubleshoot