tarting Point: Initial Target WS26 (192.168.x.206) OSCP ADSet v4
OSCP ADSet v4 usually opens in a fairly straightforward way, but that doesn’t mean you can afford to rush. The initial target, WS26 (192.168.x.206), is one of those machines where a calm, methodical start pays off more than anything else.
At first glance, it looks like a standard domain-joined workstation. Nothing flashy, nothing obviously broken. That’s exactly the trap. The real value here comes from how you enumerate it, not how fast you move past it.
Basic service enumeration should give you enough to start building a picture. SMB, WinRM, maybe some exposed services depending on the setup. The key is to treat every small detail as something worth revisiting later.
First Foothold: [email protected] OSCP ADSet v4
It doesn’t usually take long before [email protected] shows up somewhere in your enumeration results. Maybe through SMB access, maybe via credential leakage, or even something as simple as a misconfigured share.
On its own, the account doesn’t look particularly powerful. No obvious admin rights, no immediate privilege escalation. But that’s typical for ADSet v4. Initial access is rarely about high privilege—it’s about getting a stable foothold.
Once you have credentials tied to a.betty, the focus should shift to validation and reuse. Can you authenticate over SMB? Does WinRM accept the login? Are there any saved sessions or cached credentials on WS26 (192.168.x.206)?
Small wins here tend to stack quickly.
Credentials That Matter: OffSec NIC and BusyOfficeWorker890
At some point, credentials like OffSec NIC and BusyOfficeWorker890 start to surface. Maybe they come from a file, maybe from memory, or maybe from a bit of careless storage on the system.
This is where ADSet v4 starts to open up.
Credentials in this environment are rarely isolated. If you find one, there’s a good chance it works somewhere else. The mistake a lot of people make is testing it once and moving on. Instead, it’s worth trying these across multiple services and hosts.
- SMB access across other machines
- Remote login attempts
- Service authentication
BusyOfficeWorker890, in particular, feels like one of those passwords that gets reused more often than it should. And in a lab like this, that’s usually intentional.
Moving Deeper: SRV22 at 172.16.x.202
Once you start pivoting, SRV22 at 172.16.x.202 becomes an obvious next step. It sits deeper in the network and typically requires you to think a bit more about how you’re moving laterally.
By this stage, you should already have a couple of working credentials. The question is no longer if you can access another system, but how.
This is where good note-taking pays off. Which user worked where? Which service responded? Which attempt failed but might work under slightly different conditions?
SRV22 often acts as a turning point. If you reach it with the right context, things move quickly. If not, it can feel like hitting a wall.
Don’t Overlook Users Like l.evgeny OSCP ADSet v4
Some accounts are easy to miss. l.evgeny is a good example of that.
Nothing about the name stands out. It doesn’t scream privilege or importance. But in ADSet v4, those are often the accounts that matter most. They sit somewhere in the middle—connected enough to be useful, but not obvious enough to draw attention immediately.
It’s worth checking:
- Group memberships
- Access to shared resources
- Any link to service accounts or internal systems
More often than not, users like this become the bridge between low-level access and something more meaningful.
What Makes ADSet v4 Work
OSCP ADSet v4 isn’t about flashy exploits or one-click wins. It’s about consistency. If you take the time to enumerate properly, reuse credentials intelligently, and pay attention to how accounts relate to each other, the path starts to form on its own.
WS26 (192.168.x.206) gives you the entry point.
[email protected] gives you the foothold.
Credentials like OffSec NIC and BusyOfficeWorker890 expand your reach.
And systems like SRV22 at 172.16.x.202 push you further into the environment.
The rest comes down to how well you connect those pieces.
There’s no single trick here. Just solid fundamentals, applied carefully.
Vendor: https://www.offsec.com/courses/pen-200/
Check our oscp services: https://cyberservices.store/certificates/oscp-service-list/
