I’ve been in the PWK labs for about a month now and have gotten a feel of what to expect on the exam. All the machines have one of three processes:
- Hard to get intial shell, easy privilege escalation
- Easy to get initial shell, hard privilege escalation
- Hard to get initial shell, hard privilege escalation
It’s a pretty simple format but it shows where your weakness is pretty quickly. Personally, I have a hard time getting initial shells. I’ve found that LFI’s are something I have trouble with. I can exploit them easily and read files, but I have a hard time converting that into a shell, despite the numerous amount of tutorials on the internet or in the documentation. Speaking of documentation, a word on it: The PWK documentation is good to introduce you into a vulnerability but is no means a comprehensive guide, you will have to Google a lot of things. In order to be successful in the labs.
Out of the 40 something machines in the labs I have 15.5 down. My progress is slower than I thought, and there’s a few machines I know exactly what I have to do, I just have trouble doing it (errors and what-not). I have 2 months to get 25.5 machines. I’ve knocked out most of the “easy” ones so it will only get harder. I don’t know if I’ll get all of them down, probably not, and maybe I’ll buy an extension if (probably) I fail the first exam attempt. I will say that each box has a lesson to be learned. Once PWK is over, I’ll publish my “Takeaways” from each box with the machine names redacted so you can see what I learned from the machines.
The one thing that is important is that the forums can be good and bad. There’s only been a few boxes where I haven’t not gone to the forums to. I do this because I mostly want to confirm I’m not going down a rabbit hole and inevitably there’s something new that I have to be tipped off to in order to get the initial shell or root, but the forums can be good and bad. Direct spoilers are not allowed on the forums and will be omitted from posts, so extremely vague hints are tossed around which can easily be misinterpreted and send you down a rabbit hole. Admins will be the only ones who don’t misdirect you, so I’ve started to use the ‘chat with admin’ page more than I have the forums.