As of now, 5/9, I’m pretty much done with my Vulnhub VM list. Here’s what it looks like
Kioptrix 1-4 LordofTheRoot Metasploitable 2 Mr.Robot Pwnlab_init pwnOS 1.0 SickOS 1.2 SickOS 1.1 Tr0ll Tr0ll2 Vulnix
Metasploit, the Penetration Tester’s Guide Practical Malware Analysis
- Hacking Exposed 7
- Violent Python
Server 2003 x2 Server 2008 R2 x2 Server 2012 x2 Windows 7 x2 Windows XP x2 Windows Vista Windows 8 Debian Ubuntu server
I did have to remove a few Vulnhub VMs just because I couldn’t get them to work or the known working exploits weren’t working. They are:
I knocked out the Network videos as well as RTFM (more of a reference manual then a book).
My biggest complaint about Vulnhub VMs is when they require brute forcing with a dictionary. I understand that it will be necessary for real life engagements and stuff, but for something that is known vulnerable it’s kind of ridiculous to make someone throw rockyou.txt and wait two days for something they know will eventually work. If you are going to make it so bruteforcing is necessary, require a shorter wordlist.
As far as the OSCP goes I might start next month, depending on my schedule. I should find out within the week or next. I feel I am ready to start the PWK class, as I think I have a decent understanding of what to expect. Some things that I read in Vulnhub writeups make sense and others do not and external research doesn’t always turn up something, so I’m hoping PWK does cover those. I probably won’t read all the books I have listed, as they’re absolutely huge, but glancing through them (aside from Python) shows I know majority of the material. I’m not ready for the OSCP exam yet, not by a longshot, but I’m ready to being PWK.