OSCP Practice Lab: Active Directory Attack Path #2 (Back to the Basics)
Рет қаралды 19,059
Күн бұрынThis video walks through one of the paths to complete domain compromise I practiced for passing the OSCP. Specifically this video is going "back to the basics" and showing the tools, methods, and tactics I practiced first, before moving on to move complex ones. I'm thinking the next attack path I share will be one of the more 'advanced' flows.
Thank you for watching and I hope this helps you with your journey!
The link to setting up this lab environment is here: • OSCP Practice Lab: How...
0:00 Intro
2:29 OpenVPN
4:40 /etc/hosts
7:39 MS01 Enumeration
21:36 MS01 Information Disclosure
26:59 MS01 Password Spraying with Hydra
29:57 MS01 Password Spraying with CrackMapExec
33:23 MS01 Initial Foothold: FTP
34:24 MS01 Hunting for an Exploitable Service
41:44 Using Shellcode
47:30 MS01 Application Exploitation
51:45 MS01 winPEAS
59:39 MS01 Priv Esc: Scheduled Task
1:13:09 Backdoor Acct and RDP Access
1:20:42 MS01 Mimikatz
1:28:35 Cracking with Hashcat
1:32:50 Pivoting with Ligolo-ng
1:42:39 Kerberoasting
1:44:30 AS-REP Roasting
1:49:55 Credential Spraying AD
1:59:57 crackmapexec
2:03:03 enum4linux
2:04:24 smbclient
2:07:42 crackmapexec for WinRM
2:08:55 crackmapexec for RDP
2:10:20 RDP Access with xfreerdp
2:12:23 MS02 Priv Esc
2:18:00 Payload Transfer to the Inside
2:23:35 MS02 Mimikatz
2:26:28 Cracking with Hashcat
2:28:46 DC01 Pass-The-Hash with evil-winrm
2:31:46 BONUS: Port Forwarding to Transfer Payloads
2:37:29 BONUS: Port Forwarding to Catch Shells
2:43:16 BONUS: Bind Shells
@YAHWA-fb7ww 4 ай бұрын
DOOON'T STOP POSTING VIDEOS MAAAN!!! THIS IS PUUUURE GOLD!!!!
@newhackerlearning7160 Ай бұрын
currently preparing oscp and watched a few times on this video and i kept learning from you and even listening while i'm walking back home. very good walkthrough and i learned a lot of things from you. Thank you so much and looking forward to your other videos!
@lakshyadutt5206 7 ай бұрын
Definitely waiting for the next one. After seeing you use ligolo, using chisel and proxychains feels stupid, thank you for introducing me to this tool.
@derronc 7 ай бұрын
you're most welcome! I also used chisel and proxychains a lot and I still feel those pains 😖 once ligolo came out that was a game changer
@SamilSitki 2 ай бұрын
Thank you very much for your videos, keep going...You have made one of the best AD Series that exits over internet I am going do download all this series as my disaster recovery plan in order not to be deleted from youtube :)
@AndersAndersson-he2et 7 ай бұрын
Great walkthrough! Doing PEN-200 right now, starting the last three AD chapters as of now and then move on to practicing machines. Great way to kick start the AD section! Looking forward to more content and tips from you.
@derronc 7 ай бұрын
oh man that is such great content in there, I hope you're enjoying PEN-200! Best of luck on your OSCP endeavor!
@techtimefly Ай бұрын
Such a great video. I really like how you explain each step including trying different methods when one didn't work. Keep up the good work.
@dgoncalo 7 ай бұрын
Great video! Thanks for sharing!
@ianp6742 7 ай бұрын
Hey! Glad to see another AD attack path from you!
@ishanupadhyaya3164 Ай бұрын
Awesome walkthrought and explaination, Darron. Hope you do more videos like this in future. God bless you man.
@mohamedbassia 7 ай бұрын
so glad you made a new one, thanks and please keep posting such videos
@AhmadAli-sd5mk 5 ай бұрын
one of the best videos on KZbin
@SjPn11 7 ай бұрын
That's a great video. Very informative. Especially your notes and thoughts
@htpeof6943 6 ай бұрын
Great explanation!!!
@zagnoxxx 3 ай бұрын
Love your videos man!! Keep doing stuff like these please
@ianp6742 7 ай бұрын
Dude, this is sooo helpful
@adamabengali3727 Ай бұрын
Great job!
@shivendraprajapati7200 7 ай бұрын
Leaned about the bind shell working from the last part of the video it was very informative
@lakshyadutt5206 7 ай бұрын
Really nice and informative video, I just got my PNPT and I am now preparing for my OSCP now. This is gold, I'm making notes from these videos and doing HTB side by side. Really good work mate, keep them coming. 😄
@derronc 7 ай бұрын
I'm glad this is helpful on your journey; congrats on the PNPT!!
@taximan1983 3 ай бұрын
i was sooooo happy that i clicked the like button 3 times. thanx man.
@MarcEis 7 ай бұрын
Omg, this helps me so much for OSCP prep! Good pace, great info, good summary. Also very much enjoy that you say what tools you dont like and why. Cause i feel like I get flooded with tools all the time. Also enjoy details like "msrpc is not really covered in PEN200". Its true, I spend so many hours on pentesting msrpc already, but never got foothold over it. This is pure gold. Hope you make another one soon :)
@ronorocky 5 ай бұрын
awesome, great i was having a lot of trouble for reverse shell in pivoting, msfconsole doesn't helpme out that muuch and all the other pivoting options are way too complicated you made it so fcking easy, loved it great work please post these contents regularly learnt a lot
@ChrisLinehan Ай бұрын
You make really good videos very informative and helpful keep up the good work man
@eaness 5 ай бұрын
great work keep going
@hackproof1 3 ай бұрын
Thank you, I like your content, keep it up
@tennesseetuned 16 күн бұрын
We need more AD content brother! Linogo part was amazing. CarrotOvergrown has a quick start script he made on his github.
@1a4s4l7 7 ай бұрын
Your videos are awesome. I've recommended your channel to a few people studying for the oscp
@0xdhacker 7 ай бұрын
Yea exactly 💯
@derronc 7 ай бұрын
that's the highest of compliments, thank you so much!
@ihuang694 25 күн бұрын
you are the best
@Vayanovic 3 ай бұрын
Thanks for this tutorial man. It is very structed and methodical which helps us form our own methodology. By the way did you msfvenom at all in your OSCP?
@derronc 3 ай бұрын
I absolutely did! You can use msfvenom as many times as you want on the exam, it's msfconsole (metasploit) that you're limited to attacking only one target with. and I did end up needing to use that once against a target I needed priv esc on. I knew the vulnerability but I was out of time to try and exploit it so... I used the quick/easy module within metasploit.
@kenseilabs 14 күн бұрын
Amazing content!!! Very helpful, the question is, how can I create that environment or if there is somewhere to download it. And thanks again
@leoleo-sp1db 3 күн бұрын
why sometimes is it oscp\wade and sometimes its oscp.lab\wade is it the same thing?
@sakyb7 25 күн бұрын
How do i create these ad environments and can do practice?
@MrWrist7m 3 ай бұрын
Many thanks, This is a useful vdo for who need to take the OSCP certification don't miss. Can you please share your cheatsheet link?
@derronc 3 ай бұрын
I have my collection of notes/references but I don't have a specific cheat sheet. That said, I'm a big fan of S1ren's common: sirensecurity.io/blog/common/
@fallingstars81 3 ай бұрын
First of all, thanks alot pro for your very interesting sharing. I've learnt many new techniques from your videos. I have one unsure question: At time point about 1:37:23 , Are you sure this hash can be abused to pass the hash? If it is, show me how. At my point, this hash is not ntlm hash, it is ntlm.v2 respond hash which is created from ntlm hash in NTML protocols. So we can not abuse it to pass the hash.
@vainkrantz 6 ай бұрын
Isn't using bloodhound better? Can I use it on the exam??
@derronc 6 ай бұрын
you ABSOLUTELY can use bloodhound on the exam and I encourage it! I didn't use it on the first two videos as I wanted to show folks the basics and also how to perform enumeration manually. I did add bloodhound into the 3rd video and I'll be using it in a 4th video also. great question!
@mattlai443 3 ай бұрын
1:41:36 i did not go deep on ligolo but proxychain cant work with ligolo like chisel? or its you dont prefer using proxychain? thanks
@christopherstigson6377 4 ай бұрын
Would it be possible to get Powershell Scripts to set this up?
@sakyb7 25 күн бұрын
Are these box are up to the level of oscp???
@miralnuruyev9177 3 ай бұрын
Up
@DannyNilsson 2 ай бұрын
I see a lot of tools being used, but are most of them not blocked by Windows defender. I know mimikatz don't go well on windows. even though you disable Defender it will still try to block the exe. and also if trying to post code to Powershell that could look like mimi. i also think that a lot of the attacks would easily get flagged when trying different brute force methods
@DannyNilsson 2 ай бұрын
utils like certutil.exe also get blocked and detected as a trojan if you try to transfere files. this guide my in an totally unprotected environment
@martinlastname8548 Ай бұрын
instead of using mimikatz at 1:24 could you not have just used sceretsdump with your admin privs?
@benyicl92 4 ай бұрын
1:02:01
@RT365 7 ай бұрын
Can you teach me?
@derronc 7 ай бұрын
If I had more time I would take on more mentoring opportunities. In the meantime videos like these are the best I can offer 😊
@OMER3-1-3 6 ай бұрын
What a outstanding series you are creating of this walkthrough 😁... By the way Is there is any PayPal or buymecoffe of yours?
@derronc 6 ай бұрын
thank you!! I really appreciate the feedback! No PP or buymecoffee, as of today. I'm just doing this to give back to the community and help others where I felt there was a lack of info out there.
Derron C
Рет қаралды 10 М.
Despereaux
Рет қаралды 74