Scribd
Upload
305 views

OSCP OS XXXXX Lab Report Template

Uploaded by

Silver Uchiha
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
305 views

OSCP OS XXXXX Lab Report Template

Uploaded by

Silver Uchiha
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 33

OFFENSIVE SECURITY

Penetration Test Report for


Internal Lab and Exam
v.2.0

[email protected]

OSID: XXXXX

Copyright © 2021 Offensive Security Ltd. All rights reserved.

No part of this publication, in whole or in part, may be reproduced, copied, transferred or any other right reserved to its copyright owner,
including photocopying and all other copying, any transfer or transmission using any network or other means of communication, any broadcast
for distant learning, in any form or by any means such as any information storage, transmission or retrieval system, without prior written
permission from Offensive Security.

Table of Contents

1.0 Offensive Security Lab Penetration Test Report 4


1 | Page
1.1 Introduction 4
1.2 Objective 4
1.3 Requirements 4
2.0 High-Level Summary 5
2.1 Recommendations 6
3.0 Methodologies 6
3.1 Information Gathering 6
3.2 Penetration 7
System IP: 192.168. () 7
Service Enumeration 7
Privilege Escalation 7
System IP: 192.168. () 9
Service Enumeration 9
Privilege Escalation 9
System IP: 192.168. () 10
Service Enumeration 10
Privilege Escalation 10
System IP: 192.168. () 11
Service Enumeration 11
Privilege Escalation 11
System IP: 192.168. () 12
Service Enumeration 12
Privilege Escalation 12
System IP: 192.168. () 13
Service Enumeration 13
Privilege Escalation 13
System IP: 192.168. () 14
Service Enumeration 14
Privilege Escalation 14

2 | Page
System IP: 192.168. () 15
Service Enumeration 15
Privilege Escalation 15
System IP: 192.168. () 16
Service Enumeration 16
Privilege Escalation 16
System IP: 192.168. () 17
Service Enumeration 17
Privilege Escalation 17
3.3 Maintaining Access 18
3.4 House Cleaning 18
4.0 Additional Items 19
Appendix 1 - Proof and Local Contents: 19
Appendix 2 – PWK Course Exercises 20

3 | Page
1.0 Offensive Security Lab Penetration Test Report

1.1 Introduction

The Offensive Security Lab penetration test report contains all efforts that were conducted in order to
pass the Offensive Security Lab. This report will be graded from a standpoint of correctness and fullness
to all aspects of the Lab. The purpose of this report is to ensure that the student has a full understanding of
penetration testing methodologies as well as the technical knowledge to pass the qualifications for the
Offensive Security Certified Professional.

1.2 Objective

The objective of this assessment is to perform an internal penetration test against the Offensive Security
Lab network. The student is tasked with following a methodical approach in obtaining access to the
objective goals. This test should simulate an actual penetration test and how you would start from
beginning to end, including the overall report. An example page has already been created for you at the
latter portions of this document that should give you ample information on what is expected to pass this
course. Use the sample report as a guideline to get you through the reporting.

1.3 Requirements

The student will be required to fill out this penetration testing report fully and to include the following
sections:

● Overall High-Level Summary and Recommendations (non-technical)


● Methodology walkthrough and detailed outline of steps taken
● Each finding with included screenshots, walkthrough, sample code, and proof.txt if applicable.
● Any additional items that were not included

4 | Page
2.0 High-Level Summary

I was tasked with performing an internal penetration test towards Offensive Security Lab. An internal
penetration test is a dedicated attack against internally connected systems. The focus of this test is to
perform attacks, similar to those of a hacker and attempt to infiltrate Offensive Security’s internal Lab
systems – the THINC.local domain. My overall objective was to evaluate the network, identify systems,
and exploit flaws while reporting the findings back to Offensive Security.

When performing the internal penetration test, there were several alarming vulnerabilities that were
identified on Offensive Security’s network. When performing the attacks, I was able to gain access to
multiple machines, primarily due to outdated patches and poor security configurations. During the
testing, I had administrative level access to multiple systems. All systems were successfully exploited and
access granted. These systems as well as a brief description on how access was obtained are listed below:

● 192.168.xx.xx (hostname) - Name of initial exploit


● 192.168.xx.xx (hostname) - Name of initial exploit
● 192.168.xx.xx (hostname) - Name of initial exploit
● 192.168.xx.xx (hostname) - Name of initial exploit
● 192.168.xx.xx (hostname) - Name of initial exploit
● 192.168.xx.xx (hostname) - Name of initial exploit
● 192.168.xx.xx (hostname) - Name of initial exploit
● 192.168.xx.xx (hostname) - Name of initial exploit
● 192.168.xx.xx (hostname) - Name of initial exploit
● 192.168.xx.xx (hostname) - Name of initial exploit

5 | Page
2.1 Recommendations

I recommend patching the vulnerabilities identified during the testing to ensure that an attacker cannot
exploit these systems in the future. One thing to remember is that these systems require frequent patching
and once patched, should remain on a regular patch program to protect additional vulnerabilities that are
discovered at a later date.

3.0 Methodologies

I utilized a widely adopted approach to performing penetration testing that is effective in testing how well
the Offensive Security Lab environments is secured. Below is a breakout of how I was able to identify
and exploit the variety of systems and includes all individual vulnerabilities found.

3.1 Information Gathering

The information gathering portion of a penetration test focuses on identifying the scope of the penetration
test. During this penetration test, I was tasked with exploiting the Lab network. The specific IP addresses
were:

Lab Network

● 192.168. ● 192.168.
● 192.168. ● 192.168.
● 192.168. ● 192.168.
● 192.168. ● 192.168.
● 192.168. ● 192.168.

6 | Page
3.2 Penetration

The penetration testing portions of the assessment focus heavily on gaining access to a variety of systems.
During this penetration test, I was able to successfully gain access to X out of the X systems.

System IP: 192.168. ()

Service Enumeration
The service enumeration portion of a penetration test focuses on gathering information about what
services are alive on a system or systems. This is valuable for an attacker as it provides detailed
information on potential attack vectors into a system. Understanding what applications are running on the
system gives an attacker needed information before performing the actual penetration test. In some cases,
some ports may not be listed.

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

7 | Page
Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

Proof.txt Contents:

8 | Page
System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

9 | Page
Proof.txt Contents:

System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

10 | Page
Proof.txt Contents:

11 | Page
System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

12 | Page
Proof.txt Contents:

13 | Page
System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

14 | Page
Proof.txt Contents:

15 | Page
System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

16 | Page
Proof.txt Contents:

17 | Page
System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

18 | Page
Proof.txt Contents:

19 | Page
System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

20 | Page
Proof.txt Contents:

21 | Page
System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

22 | Page
Proof.txt Contents:

23 | Page
System IP: 192.168. ()

Service Enumeration

Server IP Address Ports Open

192.168. TCP:

UDP:

Nmap Scan Results:

Initial Shell Vulnerability Exploited

Additional info about where the initial shell was acquired from

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Proof of Concept Code Here:

Initial Shell Screenshot:

Privilege Escalation
Additional Priv Esc info

Vulnerability Exploited:

Vulnerability Explanation:

Vulnerability Fix:

Severity:

Exploit Code:

Proof Screenshot Here:

24 | Page
Proof.txt Contents:

25 | Page
3.3 Maintaining Access

Maintaining access to a system is important to us as attackers, ensuring that we can get back into a system
after it has been exploited is invaluable. The maintaining access phase of the penetration test focuses on
ensuring that once the focused attack has occurred (i.e. a buffer overflow), we have administrative access
over the system again. Many exploits may only be exploitable once and we may never be able to get back
into a system after we have already performed the exploit.

3.4 House Cleaning

The house cleaning portions of the assessment ensures that remnants of the penetration test are removed.
Often fragments of tools or user accounts are left on an organization's computer which can cause security
issues down the road. Ensuring that we are meticulous and no remnants of our penetration test are left
over is important.

After collecting trophies from the Lab network was completed, the student removed all user accounts and
passwords as well as the Meterpreter services installed on the system. Offensive Security should not have
to remove any user accounts or services from the system.

26 | Page
4.0 Additional Items

Appendix 1 - Proof and Local Contents:

IP (Hostname) Proof.txt Contents

192.168. ()

192.168. ()

192.168. ()

192.168. ()

192.168. ()

192.168. ()

192.168. ()

192.168. ()

192.168. ()

192.168. ()

27 | Page
Appendix 2 – PWK Course Exercises
2.3.6 - Exercises

2.4.3.4 - Exercises

2.5.3 - Exercises

2.6.6.1 - Exercises

3.1.3.2 - Exercises

3.2.5.1 - Exercises

3.3.5.1 - Exercises

3.5.3.1 - Exercises

3.6.3.1 - Exercises

3.7.2.1 - Exercises

3.8.3.1 - Exercise

3.9.3.1 - Exercises

4.1.4.3 - Exercises

4.2.4.1 - Exercises

4.3.8.1 - Exercises

4.4.5.1 - Exercises

4.5.3.1 - Exercises

5.7.3.1 - Exercises

6.3.1.1 - Exercise

6.4.1.1 - Exercises

6.5.1.1 - Exercise

6.6.1.1 - Exercise

6.7.1.1 - Exercise

28 | Page
6.12.1.1 - Exercises

6.13.2.1 - Exercises

7.1.6.3 - Exercises

7.2.2.9 - Exercises

7.3.2.1 - Exercises

7.4.2.1 - Exercises

7.5.1.1 - Exercises

7.6.3.6 - Exercises

8.2.4.2 - Exercises

8.2.5.2 - Exercises

8.2.6.1 - Exercises

8.3.1.1 - Exercise

9.3.4.1 - Exercise

9.4.1.3 - Exercises

9.4.2.5 - Exercises

9.4.3.2 - Exercise

9.4.4.5 - Exercises

9.4.4.7 - Exercises

9.4.4.10 - Exercises

9.4.5.4 - Exercises

9.4.5.9 - Exercises

9.4.5.11 - Exercises

9.4.5.13 - Exercises

9.5.1 - Exercises

29 | Page
10.2.5 - Exercises

11.1.1.2 - Exercises

11.2.3.1 - Exercises

11.2.5.1 - Exercises

11.2.7.1 - Exercises

11.2.9.1 - Exercises

11.2.10.1 - Exercise

11.2.10.2 - Extra Mile Exercises

12.2.1.2 - Exercises

12.3.1.1 - Exercises

12.5.1.1 - Exercises

12.6.1.1 - Exercises

12.7.1.1 - Exercises

13.1.2.3 - Exercises

13.2.2.1 - Exercises

13.3.2.1 - Exercise

13.3.3.1 - Exercise

13.3.4.1 - Exercises

14.3.1.1 - Exercises

15.1.3.1 - Exercises

15.1.4.1 - Exercises

15.1.5.1 - Exercise

15.1.6.1 - Exercises

15.1.7.1 - Exercises

30 | Page
15.2.3.1 - Exercises

15.2.4.1 - Exercises

16.1.3.2 - Exercises

16.2.5.1 - Exercises

17.3.3.2 - Exercises

17.3.3.4 - Exercises

18.1.1.13 - Exercise

18.1.2.1 - Exercises

18.2.3.2 - Exercises

18.2.4.1 - Exercises

18.3.2.1 - Exercise

18.3.3.1 - Exercise

19.1.1.1 - Exercise

19.2.1.1 - Exercises

19.3.1.1 - Exercises

19.3.2.1 - Exercise

19.3.3.1 - Exercise

19.3.4.1 - Exercises

19.4.1.1 - Exercises

19.4.2.1 - Exercises

19.4.3.1 - Exercise

20.1.1.1 - Exercises

20.2.1.1 - Exercises

20.2.2.2 - Exercises

31 | Page
20.2.3.1 - Exercises

20.3.1.1 - Exercises

20.4.1.1 - Exercise

20.5.1.1 - Exercises

21.2.1.1 - Exercise

21.2.2.1 - Exercises

21.2.3.1 - Exercises

21.2.4.1 - Exercises

21.2.5.2 - Exercises

21.3.3.1 - Exercises

21.3.4.1 - Exercises

21.3.5.1 - Exercises

21.4.2.1 - Exercise

21.4.3.1 - Exercises

21.4.4.1 - Exercises

21.5.1.1 - Exercises

22.1.3.1 - Exercises

22.2.1.1 - Exercise

22.3.3.2 - Exercise

22.3.7.1 - Exercises

22.4.1.1 - Exercise

22.5.4.1 - Exercise

22.6.1.1 - Exercise

23.1.3.1 - Exercises

32 | Page
23.3.1.1 - Exercises

24.2.2.2 - Exercise

24.5.1.1 - Exercises

33 | Page

You might also like