OSCP Active Directory Attacks

Question 1

What is BloodHound used for during Active Directory penetration testing in OSCP?

Accepted Answer

Visualizing Active Directory relationships and attack paths to Domain Admin using graph analysis

Answer

BloodHound uses graph theory to visualize Active Directory relationships and automatically identifies the shortest attack paths to high-value targets like Domain Admin.

Question 2

What tool is used to collect Active Directory data for BloodHound?

Accepted Answer

SharpHound (or BloodHound.py)

Answer

SharpHound (C# .NET assembly) or BloodHound.py (Python for Linux) are the data collectors (ingestors) that enumerate Active Directory and produce JSON files that BloodHound ingests.

Question 3

What does AS-REP Roasting target in Active Directory?

Accepted Answer

Accounts with Kerberos pre-authentication disabled, whose AS-REP can be cracked offline

Answer

AS-REP Roasting targets accounts where Kerberos pre-authentication is disabled; the KDC responds with an AS-REP encrypted with the account's hash, which can be cracked offline without any credentials.

Question 4

What is the purpose of the 'net user /domain' command in Active Directory enumeration?

Accepted Answer

Lists all user accounts in the current Active Directory domain

Answer

The 'net user /domain' command queries the domain controller and returns a list of all user accounts in the Active Directory domain, useful for user enumeration.

Question 5

What is DCSync and what privilege is required to perform it?

Accepted Answer

A technique that mimics domain controller replication to extract all password hashes; requires Replicating Directory Changes All privilege

Answer

DCSync uses Mimikatz to simulate a domain controller replication request (DRS protocol), extracting all password hashes from Active Directory; it requires the 'Replicating Directory Changes All' privilege typically held by Domain Admins.

OSCP Practice Test

OSCP Practice Test

OSCP Active Directory Attacks