| title | author | date | subject | keywords | subtitle | lang | titlepage | titlepage-color | titlepage-text-color | titlepage-rule-color | titlepage-rule-height | book | classoption | code-block-font-size | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Offensive Security Experienced Penetration Tester Exam Report |
|
2022-01-25 |
Markdown |
|
OSEP Exam Report |
en |
true |
DC143C |
FFFFFF |
360049 |
2 |
true |
oneside |
\scriptsize |
The Offensive Security OSEP exam documentation contains all efforts that were conducted in order to pass the Offensive Security Experienced Penetration Tester exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Experienced Penetration Tester certification.
The objective of this assessment is to perform an external penetration test against the Offensive Security Exam network. The student is tasked with following methodical approach in obtaining access to the objective goals. This test should simulate an actual penetration test and how you would start from beginning to end, including enumeration and post-exploitation. The exam report is not meant to be a penetration test report, but rather a writeup of the steps taken to locate, enumerate and compromise the network. Enumeration and post-exploitation actions that lead to subsequent attacks with successful compromises should be included in the report. An example page has already been created for you at the latter portions of this document that should give you ample information on what is expected to pass this exam. Use the sample report as a guideline to get you through the reporting.
The student will be required to fill out this exam documentation fully and to include the following sections:
- High level summery of findings, including the depth of compromise.
- Methodology walkthrough and detailed outline of steps taken including enumeration.
- Each finding with included screenshots, walkthrough, sample code or reference.
- Screenshot of any local.txt, proof.txt or secret.txt.
A brief description of the attack chain with machine names, including the depth of compromise should be included here.
| Server IP Address | Hostname | Compromised | Low-Privilege User | High-Privilege User |
|---|---|---|---|---|
| 192.168.X.X | HOSTNAME | No | N/A | N/A |
| 192.168.X.X | HOSTNAME | Yes | user | root |
| 192.168.X.X | HOSTNAME | Yes | N/A | root |
The chain of attack followed for getting into the machines from above in the network DOMAIN was as follows:
- 1 -
- 2 -
- 3 -
- 4 -
- N -
- 9 -
Briefly description of how the DOMAIN_NETWORK_X was compromised throughout the VECTOR_X.
Local.txt
fooProof.txt
barProvide relevant techniques and methods used to perform enumeration prior to initial compromise, the steps taken should be able to be easily followed and reproducible if necessary. Include any reference to public tools, if custom code then reference it in the Appendix, for example "Code for AMSI Bypass in Appendix 4.1".
Provide a description of exploitation steps to compromise the machine and obtain shell access, the steps taken should be able to be easily followed and reproducible if necessary. Only the steps that ended up working are required. Include any reference to public tools, if custom code then reference it in the Appendix, for example "Code for AMSI Bypass in Appendix 4.1".
\ 
{ width=70% }
Provide relevant post-exploitation enumeration steps related to the network or local privilege escalation, the steps taken should be able to be easily followed and reproducible if necessary. Include any reference to public tools, if custom code then reference it in the Appendix, for example "Code for AMSI Bypass in Appendix 4.1".
Provide a description of exploitation steps to escalate privileges on the machine if applicable, the steps taken should be able to be easily followed and reproducible if necessary. Include any reference to public tools, if custom code then reference it in the Appendix, for example "Code for AMSI Bypass in Appendix 4.1".
\ { width=70% }
Proof.txt
barSecret.txt
foobarProvide relevant techniques and methods used to perform enumeration prior to initial compromise, the steps taken should be able to be easily followed and reproducible if necessary. Include any reference to public tools, if custom code then reference it in the Appendix, for example "Code for AMSI Bypass in Appendix 4.1".
Provide a description of exploitation steps to compromise the machine and obtain shell access, the steps taken should be able to be easily followed and reproducible if necessary. Only the steps that ended up working are required. Include any reference to public tools, if custom code then reference it in the Appendix, for example "Code for AMSI Bypass in Appendix 4.1".
\ { width=70% }
Provide relevant post-exploitation enumeration steps related to the network or local privilege escalation, the steps taken should be able to be easily followed and reproducible if necessary. Include any reference to public tools, if custom code then reference it in the Appendix, for example "Code for AMSI Bypass in Appendix 4.1".
Local Privilege Escalation doesn't apply as the initial access was already an elevated one.
Detailed explanation of how the DOMAIN_NETWORK_X was obtained throughout the VECTOR_X this section belongs to.
| Hostname | local.txt Contents | proof.txt Contents |
|---|---|---|
| HOSTNAME | foo | bar |
| HOSTNAME | foo | bar |
| Username | NTLM Hash | Found in |
|---|---|---|
| Administrator | HASH | HOSTNAME |
| Found in | Corresponds to | Password |
|---|---|---|
| HOSTNAME | USER BELONGS | Password123* |
| Found in | File | Type |
|---|---|---|
| HOSTNAME | FILE FROM WHERE IS IT | Example: SSH Priv. Key |