晨曦

[搬运文] - offsec在线考试作弊“技巧”

发布于 2023-12-09 | 分类于 OSCP | 12分钟 | 2555字数

搬运自Quora
按照该文中的方法操作了一下,还真是无感作弊😂,根本不知道别的人登录进了考试用的虚拟机
能写出这篇“技巧”的人对于“漏洞”的理解可不是一般的深
稍微推广一下其实可以发现:这个方法适用于所有线上需要使用虚拟机进行的认证考试
原文链接

图例


操作验证

实践是检验真理的唯一标准😇
博主对该文中的两种方法都进行过测试(本质都是通过另一个账户 + 图形界面访问考试机,一个是XRDP另一个是ESXi的web控制台)

第一种:考试机安装XRDP

简单直接
在Kali上安装XRDP并启动服务,在Win10上使用mstsc通过“usera”账户登录到Kali的XRDP(左边)图形界面;“usera”可以借用“kali”用户运行的“v2ray”服务进行代理转发(右边),这就意味着“kali”用户连接到offsec Lab OpenVPN之后,“usera”就可以同样通过这个隧道访问offsec Lab,并且在“kali“的桌面上也看不出有什么异样,也就是可以进行多人运动了😅,监考就成了个笑话(根本不知道还有另外一个人进来了);而且这个XRDP还可以通过路由器端口转发到WAN或者通过FRP进行转发后,从外部网络登录到考试机【直接就代考了】

XRDP内网直连

转发XRDP到外网

第二种:ESXi托管(有缺陷的方法)

有缺陷但可以解决
ESXi的web控制台并不能从外部网络【WAN -> LAN】被访问,更不用说通过web控制台/VMware对ESXi中的虚拟机进行操纵了(已转发ESXi主机本身的443和902端口,用nmap从WAN进行扫描得到这两个转发的端口都是filtered状态,初步估计是ESXi的安全机制对访问地址来源进行判断,非内网地址就不给访问了);以下两种方法本质上都是通过内网机器建立代理转发隧道

方法一

在内网搭建一个VPN/v2ray就能解决(通过VPN/v2ray对ESXi进行访问 等价于 处于同一内网中对ESXi进行访问

方法二

在内网搭建frpc,转发ESXi的443和902端口到公网frps上(注意:443 可以转发到别的端口,例如443->8443; 902只能对应902端口, 902->902),通过浏览器访问 / VMware连接到转发到frps的web端口即可操作用于考试的虚拟机

效果

能看到两边的画面都是同步的,等同于给虚拟机接上了两套屏幕鼠标键盘

实操效果

翻译(谷歌浏览器右键)

OSCP 考试成功秘诀

事实上,所有 OffSec 在线监考考试都“脆弱”,认证过程并不那么“可靠”。这篇文章将揭示一些绕过监考的技巧(如果没有被发现,就不算作弊)。

监考人员将记录的内容包括

  1. 出勤(考试期间请假和休息)。
  2. 在主机上执行软件(因为您需要运行脚本并将输出发送到监考人员)。
  3. 屏幕上和通过相机可见的所有内容。

以下方面将不会被监考人员记录或记录

  1. 隐藏进出您的主机和 Kali 考试虚拟机的连接/网络流量。
  2. 在 Kali 虚拟机上安装或启用的服务。
  3. 您在镜头之外或休息期间的活动。
  4. 镜头背后发生的事件。

考试前需要做的准备工作包括

  1. 确保您的 Kali 考试虚拟机和您的主机位于同一 LAN 中
  2. 找到一个/一些您可以信任并且愿意帮助您解决考试相关挑战的人。
  3. 配置与 Kali 考试机的连接,确保通过使用桥接连接的局域网 (LAN) 或通过端口转发的广域网 (WAN) 进行访问。此外,请确保您选择的帮助者可以访问您的 Kali 考试虚拟机,以解决考试实验室问题,而无需受到监考或报告。

主机设置:主机设置不需要执行任何特定操作。

Kali 考试虚拟机设置

  1. 将考试虚拟机(方法1)桥接到局域网(LAN)(例如主机IP:192.168.1.10,Kali考试虚拟机:192.168.1.11);或者,如果您不想安装或启用任何服务,请使用 ESXi 托管 Kali 考试虚拟机(方法 2)。
  2. 建议:在您的考试虚拟机上安装并启用 XRDP 服务,使用端口 3389。创建两个帐户,均具有 root 权限。这有助于帮助者通过可见的方式操作您的 Kali VM 并解决与考试相关的任务。(将助手帐户指定为“userb”,将您的帐户指定为“usera”。避免使用或使用同一帐户登录。)
  3. 或者:在高端口(例如 65522)上启用 Secure Shell (SSH),在另一个高端口(例如 65580)上启用 Apache,并配置 Web 目录。确保该目录可列出,以便帮助者可以查看和访问 Web 目录中的所有文件,例如考试主机扫描输出。(将 Web 目录设置为 /home/[你的 Kali 用户名]/Desktop/[whatever])

额外的:

  1. 如果考试期间帮助者留在您身边:允许帮助者访问您的局域网 (LAN) 以获取协作帮助。
  2. 如果帮助者提供远程协助:重新配置您的路由器;映射考试机 (SSH/Apache/XRDP) 的端口,以便通过广域网 (WAN) 访问它们。这可确保帮助者可以远程访问您的 Kali VM 和考试实验室。

实施说明

  1. 允许助手通过XRDP /SSH 直接操作您的考试 Kali 虚拟机。
  2. 如果 XRDP 未设置:将输出和所有相关信息存储在 Apache Web 目录中,以便您可以向助手提供考试详细信息,并且助手可以在没有监考的情况下访问它们。
  3. 确认您是摄像头画面中唯一可见的人。
  4. 请勿在主机和考试虚拟机上使用任何即时通信工具。
  5. 检查手机或笔记本电脑时,请远离考试桌和摄像头。
  6. 连接到考试实验室 OpenVPN 后,让您的助手开始提供支持,明显地向监考人员确认该连接是由您而不是其他人建立的。
  7. 获取帮助程序将拥有目标后,将考试实验室 IP 保存在 Kali 考试虚拟机上。
  8. 确保您和帮助者之间的互动是“同步的”。当您在检查台时,助手应该提供帮助。当您不在场时,帮助者应避免从事任何“复杂”的活动。如果有证据表明您不在时正在进行复杂的操作,则表明有其他人在场。
  9. 按照并重复帮助者提供的步骤来解决考试。
  10. 考试期间要保持勤奋努力的样子。

原文

Tips for success in OSCP exam

Actually ALL OffSec online proctoring exams are “vulnerable” that the certification process is not so “reliable”. This post will reveal some tricks about bypassing the proctoring (you don’t cheat if you aren’t caught).

What will be documented by the proctors includes

  1. Attendance (leaves and breaks taken during the examination).
  2. Execution of software on the host machine (because you need to run a script and send the outputs to the proctor).
  3. All visible content on your screen(s) and through the camera.

The following aspects will not be documented or recorded by the proctors

  1. Concealed connection/web traffic to and from your Host and Kali exam virtual machine.
  2. Services installed or enabled on your Kali virtual machine.
  3. Your activities while out of camera view or during breaks.
  4. Events occurring behind the camera.

Preparations required before the examination include
Make sure your Kali exam VM and your host is in the SAME LAN
Find a person/some people whom you can trust and who are willing to assist you in resolving exam-related challenges.
Configure the connection to your Kali exam machine, ensuring accessibility either through the Local Area Network (LAN) using Bridge connection or the Wide Area Network (WAN) via Port forwarding. Additionally, ensure that your chosen helper(s) can access your Kali exam virtual machine for the purpose of solving exam labs without being proctored or reported.
Host machine setup: No specific actions are required for the setup of the host machine.

Kali Exam Virtual Machine Setup
Bridge the exam virtual machine (Method 1) to the Local Area Network (LAN) (e.g., host IP: 192.168.1.10, Kali exam VM: 192.168.1.11); OR, utilise ESXi to host your Kali exam virtual machine in case you don't want to install or enable any service (Method 2).
RECOMMENDED: Install and enable XRDP service on your exam VM, utilizing port 3389. Create two accounts, both with root permissions. This facilitates the helper’s ability to operate your Kali VM and resolve exam-related tasks through visible way. (Designate the helper account as ‘userb’ and your account as ‘usera’. AVOID USING OR LOGGING IN WITH THE SAME ACCOUNT.)
OR: Enable Secure Shell (SSH) on a high port (e.g., 65522), Apache on another high port (e.g., 65580), and configure a web directory. Ensure that the directory is list-able so that the helper can view and access all files, such as exam host scanning outputs, within the web directory. (Set the web directory to /home/[your Kali username]/Desktop/[whatever])

Method 2: ESXi hosting
Host your exam machine on ESXi server and map the port 443 to and 902 (ESXi server) to a FRP server via local FRP client. BUT the screen activities on you exam kali and all activities that the helper does will be synchronous, you can see the helper moves the mouse and the helper can see you open something. It is equivalent to connenting two monitors,mouses and keyboards to the exam VM

EXTRA:
If the helper is physically stay with you during the exam: Allow the helper access to your Local Area Network (LAN) for collaborative assistance.
If the helper is providing remote assistance: Reconfigure your router; Map the ports of the exam machine (SSH/Apache/XRDP) to make them accessible through the Wide Area Network (WAN). This ensures that the helper can remotely access your Kali VM and the exam lab.

Implementation Instructions

  1. Allow the helper to directly operate your exam Kali vm through XRDP/SSH.
  2. IF XRDP IS NOT SET UP: store outputs and all relevant information in the Apache web directory so you can provide exam details to the helper and the helper can access them without being proctored.
  3. Confirm that you are the sole individual visible in the camera feed.
  4. Refrain from using any instant communication tools on both the host machine and the exam virtual machine.
  5. Step away from the exam desk and camera when checking your mobile or laptop.
  6. Have your helper commence support after connecting to the exam lab OpenVPN, visibly confirming to the proctor that the connection is made by you rather than others.
  7. Save the exam lab IPs on your Kali exam virtual machine after acquiring it that the helper will have the targets.
  8. Ensure that the interactions between you and the helper are “synchronous.” The helper should help while you are present at the examination desk. The helper should refrain from engaging in any “complicated” activities when you are not present. If there is evidence of ongoing complex operations while you are away, it indicates the presence of someone else.
  9. Follow and repeat the steps provided by the helper to solve the examination.
  10. Maintain an appearance of diligent effort during the examination.
  • 本文作者: 晨曦 · Chenxi
  • 本文链接: https://chenxi.in/post/bywozxkszbjq/
  • 版权声明: All posts on this blog are licensed under the BY-NC-SA license unless otherwise stated. Please cite the source for reprinting :-)
# OSCP
忙到没空更新 上一篇
朝鲜红星OS提权到root 下一篇
| Copyright © 晨曦 · Chenxi Since 2020 |

Made with in Sydney · AUSTRALIA

0%