OSCP and logging

This last Saturday I got my connection pack and have been able to start attacking the OSCP test labs. Having tons of fun digging into it and the accompanying training starts very basic is quite exhaustive and I am learning quite a bit from it.

That said I’ve never been great at note taking.. which is something that I have to get better at especially with how the OSCP test is structured. So While on the hack the box forums the other day I saw a post which used script to auto-log everything you do in the terminal to a file. This seemed like a great option to make sure I don’t forget anything major as a result of my poor note taking.

However it was setup so that you need to manually run a command to start logging (not bad in itself) but with me running in TMUX and actively switching between multiple windows I would have to use similar naming and remember to start it each time I opened up a new tab…. Cumbersome and likely to be forgotten mid attack.

So I expanded the code a bit to detect if the command was run within TMUX if it was it sets a few env variables and will trigger auto-logging with each new window. Additionally it allows you to give the logs a meaningful name beyond just date/time.

logme() {

INTMUXSESSION='0'
#check for tmux by looking at two ENV vars if both true then we are in tmux update
if [ $TERM = "screen" ] && [ -n $TMUX ]; then
INTMUXSESSION='1'
fi
#if we got an argument use as start of filename
if [ -n "$1" ]; then
SCRIPTFILE=$1'-'
fi

#setup for TMUX, define filename, then setup 2 tmux environment variables
#which we can check for when new windows opened
if [ $INTMUXSESSION = '1' ]; then
export SCRIPTFILE="$SCRIPTFILE$(date +%d%h%g-%H%M)-window-$(tmux display-message -p '#I')"
tmux setenv S_LOGGING 1
tmux setenv S_LOGNAME $1
else
#otherwise use argument name if supplied and date/time format
export SCRIPTFILE="$SCRIPTFILE$(date +%d%h%g-%H%M)"
fi
echo "Starting tty logging to ~/pwk/logs/${SCRIPTFILE}..."
script -c /bin/bash -q "/root/pwk/logs/${SCRIPTFILE}"
}

#in case you forget which file is the log
scriptfile () {
echo "${SCRIPTFILE}";
}

#for new TMUX window. If logging then start new log...
#however only if we are in shell lvl 3 or less. this prevents endless loop of spawning new bash shells (I may or may not have done that while testing)
#shell lvl 1 - initial terminal
#shell lvl 2 - TMUX
#shell lvl 3 - Logged session
#if launching directly into tmux would need to change to -lt 2
if [ "$S_LOGGING" = 1 ] && [ "$SHLVL" -lt 3 ];then
#logging is enabled
logme $S_LOGNAME
fi

#clear out ENV so future windows do not start new log files.
stoplog() {
tmux setenv $S_LOGGING 0
unset $S_LOGGING
unset $S_LOGNAME
}

It is a work in progress and as I continue working with it I expect that it will be expanded and I might need to also work on something for parsing the log files or for grouping or something to keep things tidy but that’s for later after I use these and see what I need.

Setup is pretty simple.. just add the code to your ~/.bashrc file run either logme or logme name and the files will be saved into the /root/pwk/logs/ folder with the given name (if you used it) with date-time in format like 06-JUN-18-2300. If it detects that its in TMUX session it appends -window-# to the end so with each new window that number will increase.

Fun times….

Now back to OSCP

Leave a Reply

Your email address will not be published. Required fields are marked *

Close