🔧

Creating an Active Directory for OSCP Lab

Feb 5, 2025

Building an Active Directory Environment for OSCP Lab Exam

Introduction

  • Overview of setting up Active Directory for OSCP lab.
  • Focus on Windows 10 workstations and AD Domain Controller.
  • Using Kali box with OpenVPN for connectivity.

Environment Setup

Hardware and Virtual Machines

  • Local Kali box as a virtual machine.
  • OpenVPN server, MSO1, MSO2, and DC01 on an Intel NUC running ESXi.
  • Centralized control using ESXi.

Network Configuration

  • Outside and inside subnets.
  • Dual-homed machine with two interfaces.

Windows 10 Workstations

Virtual Machine Creation

  • MSO1 (Windows 10 64-bit):
    • 2 processors, 4GB RAM, 32GB HDD (thin provisioned).
    • Interfaces: Outside and Inside Subnet.
  • Basic installation steps for Windows 10.
  • Network settings with dual interfaces.

Software Installation

  • VMware tools installation.
  • Disabling tamper protection and configuring network settings.
  • Installation of vulnerable software (e.g., Remote Mouse, Wise Care).
  • XAMPP setup for web server needs.

Domain Join and Local User

  • Creation of local user (Lucy) with limited privileges.
  • Preparation for domain joining.

Active Directory Domain Controller

Setting Up DC01

  • Installation of Windows Server 2016/2019.
  • Network configuration and DNS setup.
  • Promoting server to Domain Controller with OSCP.lab domain.

Group Policies and User Accounts

  • Creating Group Policies:
    • Disable Windows Update auto-updates.
    • Disable Antivirus real-time protection.
  • Creation of user accounts and groups (IT Admins, Service Accounts).
  • Configuration of Kerberostable and AS Rep Roastable accounts.
  • Setup of password-protected backup shares for IT admin credentials.

Completing MSO1 Setup

Connection and Configuration

  • Staging and transferring files from Kali to MSO1.
  • Auto logon configuration using sysinternals tools.
  • Breadcrumb setup (e.g., PowerShell history, local shares).

Final Steps

  • Cleaning up unnecessary profiles (e.g., delete 'delete me').
  • Creation of local.txt and proof.txt files for challenge purposes.
  • Final cleanup and verification.

MSO2 Configuration

  • Similar setup as MSO1.
  • Join to domain as needed.
  • Auto logon and IT Admins group setup for administration.
  • Ensure availability of SMB shares for exploitation.

Cleanup

Securing the Environment

  • Remove traces of setup on Kali box.
  • Clear history and unnecessary files.
  • Ready for lab practice with no leftover artifacts.

Conclusion

  • Complete setup of an Active Directory environment tailored for OSCP lab practice.
  • Emphasis on creating vulnerabilities for realistic exam preparation.

Full transcript