Definitely waiting for the next one. After seeing you use ligolo, using chisel and proxychains feels stupid, thank you for introducing me to this tool.
Great walkthrough! Doing PEN-200 right now, starting the last three AD chapters as of now and then move on to practicing machines. Great way to kick start the AD section! Looking forward to more content and tips from you.
currently preparing oscp and watched a few times on this video and i kept learning from you and even listening while i'm walking back home. very good walkthrough and i learned a lot of things from you. Thank you so much and looking forward to your other videos!
Really nice and informative video, I just got my PNPT and I am now preparing for my OSCP now. This is gold, I'm making notes from these videos and doing HTB side by side. Really good work mate, keep them coming. 😄
Omg, this helps me so much for OSCP prep! Good pace, great info, good summary. Also very much enjoy that you say what tools you dont like and why. Cause i feel like I get flooded with tools all the time. Also enjoy details like "msrpc is not really covered in PEN200". Its true, I spend so many hours on pentesting msrpc already, but never got foothold over it. This is pure gold. Hope you make another one soon :)
Thank you very much for your videos, keep going...You have made one of the best AD Series that exits over internet I am going do download all this series as my disaster recovery plan in order not to be deleted from youtube :)
awesome, great i was having a lot of trouble for reverse shell in pivoting, msfconsole doesn't helpme out that muuch and all the other pivoting options are way too complicated you made it so fcking easy, loved it great work please post these contents regularly learnt a lot
By the way you can upload a folder that have tools like mimikatz using xfreerdp and it automaticly will be share folder in the network using this argument /drive:, but I really don't know if it's accessible by other devices rather then the rdp you access from (worth to try)
First of all, thanks alot pro for your very interesting sharing. I've learnt many new techniques from your videos. I have one unsure question: At time point about 1:37:23 , Are you sure this hash can be abused to pass the hash? If it is, show me how. At my point, this hash is not ntlm hash, it is ntlm.v2 respond hash which is created from ntlm hash in NTML protocols. So we can not abuse it to pass the hash.
I have my collection of notes/references but I don't have a specific cheat sheet. That said, I'm a big fan of S1ren's common: sirensecurity.io/blog/common/
Thanks for this tutorial man. It is very structed and methodical which helps us form our own methodology. By the way did you msfvenom at all in your OSCP?
I absolutely did! You can use msfvenom as many times as you want on the exam, it's msfconsole (metasploit) that you're limited to attacking only one target with. and I did end up needing to use that once against a target I needed priv esc on. I knew the vulnerability but I was out of time to try and exploit it so... I used the quick/easy module within metasploit.
Hi Derron, this is fantastic. Can you please share the default configuration for the whole Lab? I mean, which software did you install, Win versions, etc, so we can recreate manually. This is awesome work, Thanks
Is it possible to use LIGOLO to go even deeper? For example, if the dc01 was dual hommed, could I use the ligalo for pivoting to reach another network segment?
absolutely! I have been thinking about showing that type of scenario but it's not as relevant for OSCP. More along the lines of OSEP. The short version is you can create a second ligolo interface and use that for the additional agent/subnet routing
you ABSOLUTELY can use bloodhound on the exam and I encourage it! I didn't use it on the first two videos as I wanted to show folks the basics and also how to perform enumeration manually. I did add bloodhound into the 3rd video and I'll be using it in a 4th video also. great question!
I see a lot of tools being used, but are most of them not blocked by Windows defender. I know mimikatz don't go well on windows. even though you disable Defender it will still try to block the exe. and also if trying to post code to Powershell that could look like mimi. i also think that a lot of the attacks would easily get flagged when trying different brute force methods
Correct, you do not need to find and build your own buffer overflow exploit anymore. However, you do still need to enumerate hosts, find vulnerabilities, and then use exploits to accomplish your goals. Some of those exploits are likely to be buffer overflows. You just have to run and/or modify them a bit but you don't have to build a buffer overflow from scratch
thank you!! I really appreciate the feedback! No PP or buymecoffee, as of today. I'm just doing this to give back to the community and help others where I felt there was a lack of info out there.
DOOON'T STOP POSTING VIDEOS MAAAN!!! THIS IS PUUUURE GOLD!!!!
Definitely waiting for the next one. After seeing you use ligolo, using chisel and proxychains feels stupid, thank you for introducing me to this tool.
you're most welcome! I also used chisel and proxychains a lot and I still feel those pains 😖 once ligolo came out that was a game changer
2:02:10 For some reason --shares works only if a single user is used, or "--continue-on-success" is not specified.
Amazing content!
yeah I've had hit/miss with crackmapexec and some of those flags. I have since enjoyed playing with netexec (nxc)
one of the best videos on RUclips
Great walkthrough! Doing PEN-200 right now, starting the last three AD chapters as of now and then move on to practicing machines. Great way to kick start the AD section! Looking forward to more content and tips from you.
oh man that is such great content in there, I hope you're enjoying PEN-200! Best of luck on your OSCP endeavor!
currently preparing oscp and watched a few times on this video and i kept learning from you and even listening while i'm walking back home. very good walkthrough and i learned a lot of things from you. Thank you so much and looking forward to your other videos!
so glad you made a new one, thanks and please keep posting such videos
Really nice and informative video, I just got my PNPT and I am now preparing for my OSCP now. This is gold, I'm making notes from these videos and doing HTB side by side. Really good work mate, keep them coming. 😄
I'm glad this is helpful on your journey; congrats on the PNPT!!
Your videos are awesome. I've recommended your channel to a few people studying for the oscp
Yea exactly 💯
that's the highest of compliments, thank you so much!
Such a great video. I really like how you explain each step including trying different methods when one didn't work. Keep up the good work.
Awesome walkthrought and explaination, Darron. Hope you do more videos like this in future. God bless you man.
Omg, this helps me so much for OSCP prep! Good pace, great info, good summary. Also very much enjoy that you say what tools you dont like and why. Cause i feel like I get flooded with tools all the time. Also enjoy details like "msrpc is not really covered in PEN200". Its true, I spend so many hours on pentesting msrpc already, but never got foothold over it.
This is pure gold. Hope you make another one soon :)
Thank you very much for your videos, keep going...You have made one of the best AD Series that exits over internet I am going do download all this series as my disaster recovery plan in order not to be deleted from youtube :)
Hey! Glad to see another AD attack path from you!
Leaned about the bind shell working from the last part of the video it was very informative
That's a great video. Very informative. Especially your notes and thoughts
Wow! that's really some quality work here. Thank you ! I should have discovered you earlier before taking the exam
Dude! I love ur instruction, very easy to follow and understand. Appreciate!
awesome, great i was having a lot of trouble for reverse shell in pivoting, msfconsole doesn't helpme out that muuch and all the other pivoting options are way too complicated you made it so fcking easy, loved it great work please post these contents regularly learnt a lot
Will watch again in future
Awesome walkthrought and explaination
You make really good videos very informative and helpful keep up the good work man
i was sooooo happy that i clicked the like button 3 times. thanx man.
Love your videos man!! Keep doing stuff like these please
Great video! Thanks for sharing!
Thank you, I like your content, keep it up
this is fantastic, awesome stuff. thank you :)
Dude, this is sooo helpful
Great explanation!!!
1:41:36 i did not go deep on ligolo but proxychain cant work with ligolo like chisel? or its you dont prefer using proxychain?
thanks
We need more AD content brother! Linogo part was amazing. CarrotOvergrown has a quick start script he made on his github.
By the way you can upload a folder that have tools like mimikatz using xfreerdp and it automaticly will be share folder in the network using this argument /drive:, but I really don't know if it's accessible by other devices rather then the rdp you access from (worth to try)
I only recently realized that argument was available as well! You are correct it'll work for just the workstation you are RDP'd into.
First of all, thanks alot pro for your very interesting sharing. I've learnt many new techniques from your videos. I have one unsure question:
At time point about 1:37:23 , Are you sure this hash can be abused to pass the hash? If it is, show me how.
At my point, this hash is not ntlm hash, it is ntlm.v2 respond hash which is created from ntlm hash in NTML protocols. So we can not abuse it to pass the hash.
great work keep going
Use binary instead of ASCII mode when transferring ZIP files via FTP.
Great job!
Many thanks, This is a useful vdo for who need to take the OSCP certification don't miss.
Can you please share your cheatsheet link?
I have my collection of notes/references but I don't have a specific cheat sheet. That said, I'm a big fan of S1ren's common: sirensecurity.io/blog/common/
Thanks for this tutorial man. It is very structed and methodical which helps us form our own methodology. By the way did you msfvenom at all in your OSCP?
I absolutely did! You can use msfvenom as many times as you want on the exam, it's msfconsole (metasploit) that you're limited to attacking only one target with. and I did end up needing to use that once against a target I needed priv esc on. I knew the vulnerability but I was out of time to try and exploit it so... I used the quick/easy module within metasploit.
Great content and bravo!!! . Highly recommended. Does the PEN 200 course covers learning this priv esc techniques?
yes, it does; I try to provide tips and paths that are relevant to the exam and are touched on in the pen-200 course
Amazing content!!! Very helpful, the question is, how can I create that environment or if there is somewhere to download it. And thanks again
Hi Derron, this is fantastic. Can you please share the default configuration for the whole Lab? I mean, which software did you install, Win versions, etc, so we can recreate manually. This is awesome work, Thanks
Yes sir, I believe the link is in the description. Otherwise you can look at the OSCP playlist and you'll see the "how to build" videos for each lab
Is it possible to use LIGOLO to go even deeper? For example, if the dc01 was dual hommed, could I use the ligalo for pivoting to reach another network segment?
absolutely! I have been thinking about showing that type of scenario but it's not as relevant for OSCP. More along the lines of OSEP. The short version is you can create a second ligolo interface and use that for the additional agent/subnet routing
Excellent! you should consider having a Pentest/Hacking youtube channel
How do i create these ad environments and can do practice?
you are the best
Amazing
Are these box are up to the level of oscp???
Isn't using bloodhound better? Can I use it on the exam??
you ABSOLUTELY can use bloodhound on the exam and I encourage it! I didn't use it on the first two videos as I wanted to show folks the basics and also how to perform enumeration manually. I did add bloodhound into the 3rd video and I'll be using it in a 4th video also. great question!
why sometimes is it oscp\wade and sometimes its oscp.lab\wade is it the same thing?
it is the same thing, I just have a hard time doing it the same each time :) oscp\wade is just the short form
@@derronc ty! the slashes can get confusing
How do u make these kinds of labs bro?
Would it be possible to get Powershell Scripts to set this up?
I see a lot of tools being used, but are most of them not blocked by Windows defender. I know mimikatz don't go well on windows. even though you disable Defender it will still try to block the exe. and also if trying to post code to Powershell that could look like mimi. i also think that a lot of the attacks would easily get flagged when trying different brute force methods
utils like certutil.exe also get blocked and detected as a trojan if you try to transfere files. this guide my in an totally unprotected environment
I thought Buffer Overflow was no l longer used in the OSCP test?
Correct, you do not need to find and build your own buffer overflow exploit anymore. However, you do still need to enumerate hosts, find vulnerabilities, and then use exploits to accomplish your goals. Some of those exploits are likely to be buffer overflows. You just have to run and/or modify them a bit but you don't have to build a buffer overflow from scratch
Run "amap" on port 8094?
Good catch, I must have been typing too fast! definitely should be nmap :)
17:58
1:02:01
Up
Can you teach me?
If I had more time I would take on more mentoring opportunities. In the meantime videos like these are the best I can offer 😊
What a outstanding series you are creating of this walkthrough 😁... By the way Is there is any PayPal or buymecoffe of yours?
thank you!! I really appreciate the feedback! No PP or buymecoffee, as of today. I'm just doing this to give back to the community and help others where I felt there was a lack of info out there.