OSCP- One Page Repository

Hello Everyone

This is the one page repository for OSCP learners.

1 Kali Linux Basic knowledge -

• Online Course Link: https://kali.training/lessons/introduction/

• Book Link: https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf

Hands on challenge to get comfortable with Linux:

• Overthewire Bandit: https://overthewire.org/wargames/bandit/

• Root me https://www.root-me.org/?lang=en

• Cmdchallenge.com: https://cmdchallenge.com/

• HackerRank Linux Shell: https://www.hackerrank.com/domains/shell

2 Learn Basics Bash Scripting and Python Language

• https://guide.bash.academy/

• https://www.learnpython.org/

3 Recon - Learn about network reconnaissance

• Nmap Resouces

  • Nmap Official Guide - https://nmap.org/book/toc.html

  • https://www.sans.org/blog/sans-pen-test-cheat-sheet-nmap-v1-1/

  • https://medium.com/@infosecsanyam/nmap-cheat-sheet-nmap-scanning-types-scanning-commands-nse-scripts-868a7bd7f692

  • https://blog.zsec.uk/nmap-rtfm/

• Service Enumeration

  • https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

4 Vulnerable Machines

Now move to vulnerable machines. There are two main websites for practice on vulnerable machines. Hackthebox machines and Vulnhub Machines. There are multiples infosec guys who has written blogs related to these machines for community. First thing you need to do, read blogs for 5 machine and try to understand the approach for start on these machines.

• https://www.hackthebox.eu/login

• https://www.vulnhub.com/

TjNull has shared a list which has OSCP related boxes.

• Below is the google sheet for vulnhub and hackthebox boxes: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8

Vulnhub List

Hackthebox List

5 Public Exploits

Most of the time in OSCP you will need to use a public exploit on your target to see if you can obtain a shell on it. With that exploit you may need to modify shellcode or even parts of the exploit to match with your system to obtain a connection from your target.

• Exploit-DB - https://www.exploit-db.com/

• SearchSploit - Offline kali Database - https://www.exploit-db.com/searchsploit

• Packetstorm - https://packetstormsecurity.com/files/tags/exploit/

6. File Transfer

There are multiple ways to transfer the files from attacker system to target system.

• Windows

  • https://sushant747.gitbooks.io/total-oscp-guide/transfering_files_to_windows.html

  • VBS Script

  • SMB Server

  • HTTP Server

  • FTP Server

  • TFTP Server

  • Powershell

  • Debug.exe

  • Certutil

• Linux

  • Python Server

  • Curl

  • Wget

  • Netcat

  • FTP

  • PHP

  • SCP - SSH

7. Privilege Escalation

• For Practice on Local Machine:

  • https://github.com/sagishahar/lpeworkshop

• Windows Privilege Escalation

  • http://www.fuzzysecurity.com/tutorials/16.html

  • https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

  • https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

• Linux Privilege Escalation

  • https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

  • Gtfobins - https://gtfobins.github.io/

8. Web App Vulnerabilities

• SQL Injection - http://pentestmonkey.net/category/cheat-sheet/sql-injection

• Remote File Inclusion - https://sushant747.gitbooks.io/total-oscp-guide/remote_file_inclusion.html

• Local File Inclusion - https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/

• Bypass File upload - https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf

• Vulnerable Application for Practice

  • OWASP Juice Shop: https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

  • Metasploitable 2

  • BWAPP

  • Multidae

  • DVWA - http://www.dvwa.co.uk/

9. Buffer Overflow

• Exploiting Simple Buffer Overflow on Win 32 https://www.pentesteracademy.com/course?id=13

• Buffer Overflow for Dummies - https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481

• For Practice:-

  • Windows Binaries (Recommend that you run these on Windows 7/XP 32 bit):

  • Brain Pan Machine - https://www.vulnhub.com/entry/brainpan-1,51/

  • Vulnserver: https://samsclass.info/127/proj/vuln-server.htm

  • Minishare 1.4.1: https://www.exploit-db.com/exploits/636

  • Savant Web Server 3.1: https://www.exploit-db.com/exploits/10434

  • Freefloat FTP Server 1.0: https://www.exploit-db.com/exploits/40673

  • Core FTP Server 1.2: https://www.exploit-db.com/exploits/39480

  • SLMAIL - https://www.exploit-db.com/apps/12f1ab027e5374587e7e998c00682c5d-SLMail55_4433.exe

• Linux Binaries:

  • Linux Buffer Overflow: https://samsclass.info/127/proj/lbuf1.htm

10 Pivoting & Port Forwarding

• Abatchy’s Port Forwarding Guide: https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide

• Windows Port Forwarding: http://woshub.com/port-forwarding-in-windows/

• SSH Tunneling Explained: https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/

• Understanding Proxy Tunnels: https://www.offensive-security.com/metasploit-unleashed/proxytunnels/

• Explore Hidden Networks with Double Pivoting: https://pentest.blog/explore-hidden-networks-with-double-pivoting/

• 0xdf hacks stuff. Pivoting and Tunneling: https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html

• Tools:

  • SSHuttle: https://github.com/sshuttle/sshuttle

  • Proxychains: https://github.com/haad/proxychains

Youtube Channels for OSCP related HTB Boxes writeups

• IPPSEC TJ_NULL OSCP LIST -https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf

• https://www.youtube.com/watch?v=PP32yAtuMy8&list=PLYu4I0o3DfjfizB6wcSmKDIvQxJ5NXM2y

• https://www.youtube.com/watch?v=kWTnVBIpNsE&list=PLnPxWPfV-DjyS8PIqfYa8LT4LHH8QmunZ

• IPPSEC - https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA/playlists

HTB Boxes to Prepare for OSCP (Youtube Playlist): https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf

Tool Set

• Web Recon

  • Dirsearch: https://github.com/maurosoria/dirsearch

  • Dirbuster: https://tools.kali.org/web-applications/dirbuster

  • Gobuster: https://github.com/OJ/gobuster

  • Wfuzz: https://github.com/xmendez/wfuzz

• SQL

  • SQLmap: https://github.com/sqlmapproject/sqlmap/wiki/Usag

  • NoSQLMap: https://github.com/codingo/NoSQLMap

  • SQLNinja: http://sqlninja.sourceforge.net/

• Windows Privilege Escalation

  • Winpeas

  • Window exploit suggester - https://github.com/GDSSecurity/Windows-Exploit-Suggester

  • Powerup

  • Sharpup

  • Seatbelt

  • Sherlock - https://github.com/rasta-mouse/Sherlock

  • Windows Priv checker

  • JAWS - https://github.com/411Hall/JAWS/commits?author=411Hall

• Linux Privilege Escalation

  • Linux smart enumeration

  • Pspy64

  • Linenum - https://github.com/rebootuser/LinEnum

  • Linpeas

  • Lpe

  • Linux Exploit Suggester

  • Beroot

  • Bashark

  • Linux priv checker

• Password Cracking

  • John The Ripper - https://www.openwall.com/john/

  • Hashcat: https://hashcat.net/hashcat/

  • Online Tools for Password Cracking:

    • THC Hydra: https://github.com/vanhauser-thc/thc-hydra

    • Medusa: http://h.foofus.net/?page_id=51

• Wordlist generators:

  • Cewl: https://digi.ninja/projects/cewl.php

  • Crunch: https://tools.kali.org/password-attacks/crunch

• Wordlists:

  • In Kali: /usr/share/wordlists

  • Seclists: apt-get install seclists You can find all of his password lists here: https://github.com/danielmiessler/SecLists/tree/master/Passwords

• Online Password Crackers:

  • https://hashkiller.co.uk/Cracker

  • https://www.cmd5.org/

  • https://www.onlinehashcrack.com/

  • https://gpuhash.me/

  • https://crackstation.net/

Other OSCP guides:

I got some content from these below OSCP guides.

• https://sushant747.gitbooks.io/

• https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#kernel-exploits

• https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html

• https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html

• https://411hall.github.io/OSCP-Preparation

• https://www.gitbook.com/book/sushant747/total-oscp-guide

• http://0xc0ffee.io/blog/OSCP-Goldmine

• https://h4ck.co/oscp-journey-exam-lab-prep-tips/

• https://tulpa-security.com/2016/09/11/review-oscp-and-pwk/

• http://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/

• Other Links:

• https://practicalpentestlabs.com/

• https://immersivelabs.co.uk/

• http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

• https://maikthulhu.github.io/2017-11-20-onenote-layout