OSCP 2022 Exam:
Active Directory set of 2 hosts and domain controller (40 points, no partial points)
Box 1 (20 points)
Box 2 (20 points)
Box 3 (20 points)
Lab report (10 points)
*One of the standalone boxes may be a buffer overflow — this will be made clear once you log in to the exam control panel
Note: I will not be discussing specifics of the exam in order to comply with Offensive Security’s privacy policy regarding their exam.
I failed at 30 points, counting 10 points for a lab report. My weaknesses included: exploiting vulnerable web applications / services, Active Directory and Windows priv esc. I was also not happy with how long it took me to privilege escalate: I missed something that should have been obvious and spent precious time enumerating further when the vulnerability was right in front of me.
The main topic to prepare for on the new exam is Active Directory, with the AD set being a whopping 40 points. Although I made limited progress on the AD set my best guess for the path to pwning it is:
Host 1: Gain RCE thru vulnerable service (probably a web application) on a computer on the domain -> Privilege escalate on Host 1 -> Pivot to Host 2 -> Possibly privilege escalate on host 2 or find domain credentials -> domain admin login
From reading other’s experiences, it seems much of the AD set is similar to the course PDF exercises so I recommend reviewing those in depth.
For several of the boxes, I believe I identified the specific vulnerability I needed to exploit but was unable to do so. In some cases, I could identify a vulnerable service and find exploit code, but could not successfully modify the code to exploit.
In retrospect, the exam was an eye opening learning experience for me. Once I knew I had failed (when I had 12 hours left and only 30 points, with only a foothold on the AD set) I spent as much time as I could running AD enumeration tools and taking conspicuous amounts of notes to learn as much as possible.
My notes for prep are located on my Github repo here: https://github.com/Scr1ptK1ddie/OSCPprep
I plan on retaking the exam in the future and will continue to track my progress.
Some resources I found helpful for studying and on the exam:
Good luck to everyone!
-fw
