OSCP 2022 Exam:
Active Directory set of 2 hosts and domain controller (40 points, no partial points)
Box 1 (20 points)
Box 2 (20 points)
Box 3 (20 points)
Lab report (10 points)
*One of the standalone boxes may be a buffer overflow — this will be made clear once you log in to the exam control panel
I failed at 30 points, counting 10 points for a lab report. My weaknesses included: exploiting vulnerable web applications / services, Active Directory and Windows priv esc. I was also not happy with how long it took me to privilege escalate: I missed something that should have been obvious and spent precious time enumerating further when the vulnerability was right in front of me.
The main topic to prepare for on the new exam is Active Directory, with the AD set being a whopping 40 points. Although I made limited progress on the AD set my best guess for the path to pwning it is:
Host 1: Gain RCE thru vulnerable service (probably a web application) on a computer on the domain -> Privilege escalate on Host 1 -> Pivot to Host 2 -> Possibly privilege escalate on host 2 or find domain credentials -> domain admin login
From reading other’s experiences, it seems much of the AD set is similar to the course PDF exercises so I recommend reviewing those in depth.
For several of the boxes, I believe I identified the specific vulnerability I needed to exploit but was unable to do so. In some cases, I could identify a vulnerable service and find exploit code, but could not successfully modify the code to exploit.
In retrospect, the exam was an eye opening learning experience for me. Once I knew I had failed (when I had 12 hours left and only 30 points, with only a foothold on the AD set) I spent as much time as I could running AD enumeration tools and taking conspicuous amounts of notes to learn as much as possible.
My notes for prep are located on my Github repo here: https://github.com/Scr1ptK1ddie/OSCPprep
I plan on retaking the exam in the future and will continue to track my progress.
Some resources I found helpful for studying and on the exam:
GitHub - Tib3rius/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which…
It's like bowling with bumpers. - @ippsec AutoRecon is a multi-threaded network reconnaissance tool which performs…
GitHub - 61106960/adPEAS: Powershell tool to automate Active Directory enumeration.
adPEAS is a Powershell tool to automate Active Directory enumeration. In fact, adPEAS is like a wrapper for different…
PayloadsAllTheThings/Methodology and Resources at master · swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF - PayloadsAllTheThings/Methodology…
Good luck to everyone!