Offensive Security

Penetration Test Report for

Internal Lab and Exam
v.1.0

YOUR EMAILS

OSID: 4XXXX

©
All rights reserved to Offensive Security, 2014

No part of this publication, in whole or in part, may be reproduced, copied, transferred or any other right reserved to its copyright owner,
including photocopying and all other copying, any transfer or transmission using any network or other means of communication, any broadcast
for distant learning, in any form or by any means such as any information storage, transmission or retrieval system, without prior written
permission from Offensive Security.

1|Page
Table of Contents

1.0 Offensive Security Lab and Exam Penetration Test Report…………………………………………………………..….4

1.1 Introduction………………………………………………………………………………………………………………………….4

1.2 Objective………………………………………………………………………………………………………………………………4

1.3 Requirement………………………………………………………………………………………………………………………..4

2.0 Report - High-Level Summary…………………………………………………………………………………………………………..5

2.1 Report – Recommendations………………………………………………………………………………………………...5

3.0 Report – Methodologies……………………………………………………………………………………………………………………6

3.1 Report -Information Gathering……………………………………………………………………………………………..6

3.2 Report – Service Enumeration.……………………………………………………………………………………………..7

3.2 Report –Penetration……………..………………………………………………………………………………………………8

3.2.1 MACHINE 1 ……………..………………………………………………………………………………..

3.2.2 MACHINE 2……………..…………………………………………………………………………………

3.2.3 MACHINE 3……………..……………………………………………………………………………...

3.2.3.1 Privilege Escalation…………………………………………………………………………

3.2.4 MACHINE 4……………..………………………………………………………………………………..

3.2.4.1 Privilege Escalation………………………………………………………………………..

3.2.5 MACHINE 5……………..…………………………………………………………………………………

3.2.5.1 Privilege Escalation…………………………………………………………………………

3.3 Report - Maintaining Access………………………………………………………………………………………………

3.4 Report – House Cleaning……………………………………………………………………………………………………

3.5 Additional Items Not Mentioned in the Report

3.5.1 Metasploit Usage……………………………………..……………………………………………………………………

2|Page
3.5.2 Flag captured that submit to exam panel ……………………………………………………………………...

3.5.3 Exam Goals ……………………………………………………………………………………………………………..…

3|Page
 1.0 Offensive Security Lab and Exam Penetration Test Report

1.1 Introduction

The Offensive Security Lab and Exam penetration test report contains all efforts that were conducted in
order to pass the Offensive Security course. This report should contain all lab data in the report template
format as well as all items that were used to pass the overall exam. This report will be graded from a
standpoint of correctness and fullness to all aspects of the lab and exam. The purpose of this report is to
ensure that the student has a full understanding of penetration testing methodologies as well as the
technical knowledge to pass the qualifications for the Offensive Security Certified Professional.

1.2 Objective

The objective of this assessment is to perform an internal penetration test against the Offensive Security
Lab and Exam network. The student is tasked with following methodical approach in obtaining access to
the objective goals. This test should simulate an actual penetration test and how you would start from
beginning to end, including the overall report. An example page has already been created for you at the
latter portions of this document that should give you ample information on what is expected to pass this
course. Use the sample report as a guideline to get you through the reporting.

1.3 Requirements

The student will be required to fill out this penetration testing report fully and to include the following
sections:

 Overall High-Level Summary and Recommendations (non-technical)

 Methodology walkthrough and detailed outline of steps taken
 Each finding with included screenshots, walkthrough, sample code, and proof.txt if applicable.
 Any additional items that were not included

4|Page
2.0 Report – High-Level Summary

OS-4xxxx was tasked with performing an internal penetration test towards Offensive Security Labs. An
internal penetration test is a dedicated attack against internally connected systems. The focus of this
test is to perform attacks, like those of a hacker and attempt to infiltrate Offensive Security’s internal lab
systems. OS-4XXXX ’s overall objective was to evaluate the network, identify systems, and exploit flaws
while reporting the findings back to Offensive Security.

When performing the internal penetration testing, several alarming vulnerabilities were identified on
Offensive Security’s network. While performing the attacks, OS-4XXXX was able to gain access to
multiple machines, primarily due to outdated patches and poor security configurations. While
performing the testing, OS-4XXXX had administrative level access to multiple systems. Systems were
successfully exploited, and access granted. Image below is the list, proof that I have submitted into the
exam center.

< IMAGE OF FLAG SUBMITTED IN EXAM PANEL IMAGE >

5|Page
2.1 Report - Recommendations

OS-4XXXX recommend patching the vulnerabilities identified during the testing to ensure that an
attacker could not perform an exploit on these systems in the future. Key thing to remember is that
these systems require frequent patching, and once patched; should remain on a well-maintained regular
patch program to protect any vulnerabilities that are discovered later.

3.0 Report – Methodologies

OS-4XXXX utilized a widely adopted approach to perform penetration testing’s that are effective in
determining how secure both; Offensive Security Labs and Exam environments are. Below is a
breakdown of how OS-4XXXX was able to identify and perform exploit on the variety of systems, and
included all individual vulnerabilities found.

3.1 Report – Information Gathering

The information gathering segment of the penetration testing focuses on identifying the scope of the
penetration testing. During this penetration testing, OS-4XXXX was tasked with exploiting the lab and
exam networks. The specific IP addresses are listed below:

Exam Network

192.168.XX, 192.168.XX.XX, 192.168.XX.XX, 192.168.XX.XX, 192.168.XX.XX

6|Page
3.2 Report – Service Enumeration

The service enumeration part of a penetration testing focuses on gathering information of services that
are alive on a system or systems. This is valuable for an attacker, as it provides detailed information on
the potential attack vectors into a system. Knowing what applications are running on the system could
help the attacker better understand the environment before performing the actual penetration testing.
In some cases, some ports may not be listed.

Server IP Address Ports Open

192.168.XX.XX TCP:

192.168.XX.XX TCP:

192.168.XX.XX TCP:

192.168.XX.XX TCP:

192.168.XX.XX TCP:

7|Page
3.3 Report – Penetration

The penetration testing part of the assessment focuses heavily on gaining access to a variety of systems.
During this penetration test, OS-4XXXX was able to successfully gain access to 5 machines with: 4 root
access and 1 low privilege shell.

3.2.1 Machine 192.168.XX.XX

Vulnerability Exploited: BUFFER OVERFLOW

System Vulnerable: 192.168.XX.XX

Vulnerability Explanation: A buffer overflow, or buffer overrun, is a common software coding mistake
that an attacker could exploit to gain access to a system by perform fuzzing which leads to the system
crashing.

Vulnerability Fix: Notify the developer to perform patching on the vulnerability.

Severity: Critical

<STEPS BY STEPS OF CRAFTING YOUR SCRIPT>

Proof of Concept Code Here: Modifications to the existing exploit is needed.

DUMP THE FINAL POC.PY IN HERE

Screenshot Here:

3.2.2 Machine 192.168.XX.XX

8|Page
Vulnerability Exploited: WHAT VULNERABILITY

System Vulnerable: 192.168.XX.XX

Vulnerability Explanation: XXXX

Vulnerability Fix: XXXX

Severity: XXXX

Information Gathering:

<img of nmap>

<IMG OF ENUMERATION ,STEPS BY STEPS >

Proof of Concept Code Here <EXPLOIT URL FOUND>

modification required, the red line are original code, blue code is new (modified code)

DUMP THE EXPLOIT HERE IF MODIFICATION REQUIRED

IF MODIFICATION NO NEEDED DELETE THIS TABLE

Screenshot Here:

9|Page
3.2.3 Machine 192.168.XX.XX
Vulnerability Exploited: WHAT VULNERABILITY

System Vulnerable: 192.168.XX.XX

Vulnerability Explanation: XXX

Vulnerability Fix: XXX

Information Gathering :

STEPS BY STEPS OF THE FINDING

Proof of Concept Code Here: <EXPLOIT URL>

Screenshot Here:

3.2.3.1 Privilege Escalation on Machine 192.168.XX.XX

10 | P a g e
3.2.4 Machine 192.168.XX.XX
Vulnerability Exploited: XXX

System Vulnerable: 192.168.XX.XX

Vulnerability Explanation: xxx

Vulnerability Fix: xxx

Severity:   xxxx

Information Gathering: xxxx

POC Here: <URL>

Screenshot Here:

PoC Privilege Escalation: xxxx

Screenshot Here:

11 | P a g e
3.2.5 Machine 192.168.XX.XX

Vulnerability Exploited: XXXXXX

System Vulnerable: 192.168.XX.XX

Vulnerability Explanation: XXX

Vulnerability Fix: XXX

Severity: XXX

Information Gathering:

POC Code Here: <URL>

Screenshot Here:

3.2.5.2 Privilege Escalation on Machine 192.168.XX.XX

POC Privilege Escalation: URL

Screenshot Here:

12 | P a g e
3.3 Report – Maintaining Access

Maintaining access to a system is important to us as attackers, ensuring that I can get back into a system
after it has been exploited is invaluable. The maintaining access phase of the penetration test focuses on
ensuring that once the focused attack has occurred (i.e. a buffer overflow), I have administrative access
over the system again. Many exploits may only be exploitable once and I may never be able to get back
into a system after I have already performed the exploit.

3.4 Report – House Cleaning

The house cleaning portions of the assessment ensures that remnants of the penetration test are
removed. Often fragments of tools or user accounts are left on an organizations computer which can
cause security issues down the road. Ensuring that we are meticulous, and no remnants of our
penetration test are left over is important.

After the trophies on both the lab network and exam network were completed, OS-4XXXX removed all
user accounts and passwords as well as the Meterpreter services installed on the system. Offensive
Security should not have to remove any user accounts or services from the system.

13 | P a g e
3.5 Additional Items Not Mentioned in the Report

3.5.1 Metasploit Usage

IF ANY USAGE OF METASPLOIT HERE , IF DON’T STATE ‘NO USAGE OF METASPLOIT’

3.5.2 Flag captured

Flag that capture in OSCP Exam and the Flag that submitted to exam control panel
Machine Local.txt Proof.txt
192.168.XX.XX NULL NULL
192.168.XX.XX NULL NULL
192.168.XX.XX NULL NULL
192.168.XX.XX NULL NULL
192.168.XX.XX NULL NULL

3.5.3 Objective of the entire exam

THE NOTES IN THE EXAM PANEL JUST PASTE HERE/ YOU MAY WANT TO PASTE OR DON’T UP TO YOU

14 | P a g e