Become an AceSign inSign up
RihaMaheshwari/ OSCP-Preparation-Material
View on GitHub
Need help with OSCP-Preparation-Material?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

RihaMaheshwari
134 Stars 89 Forks 19 Commits 1 Opened issues

Description

All in One OSCP Preparation Material

Services available

!
?

Need anything else?

Contributors list

No Data

OSCP Preparation Material

OSCP Approach

For you to begin, I have divided the OSCP Preparation in three phases i.e. Pre-Enrolment, Post-Enrolment and Examination. Hope this helps!!

Approach for OSCP Examination - https://jagskap.blogspot.com/2020/06/approach-to-crack-oscp-examination.html

Other Blogs to refer -

  • OSCP Preparation Guide - https://www.secjuice.com/oscp-prep-guidance/
  • OSCP Journey - https://fluidattacks.com/web/blog/oscp-journey/
  • OSCP Preparation (Newbie) -http://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/
  • Pentest tips and Tricks - https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/

Basic understanding

  • Reverse and Bind Shell - https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
  • Nmap - https://resources.infosecinstitute.com/nmap/#gref
  • Netcat and ncat Basics - https://www.varonis.com/blog/netcat-commands/
  • Metasploit - https://www.offensive-security.com/metasploit-unleashed/metasploit-fundamentals/
  • Sceneriao Based Exploitation - Metasploit - http://www.fuzzysecurity.com/tutorials/13.html
  • Certutil for File Transfer - http://carnal0wnage.attackresearch.com/2017/08/certutil-for-delivery-of-files.html
  • Ways to Download a file - https://blog.netspi.com/15-ways-to-download-a-file/
  • Web Application Attacks - https://kentosec.com/2018/08/12/oscp-prep-episode-9-web-app-attacks/
  • Reverse Shell - http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
  • One Liner Reverse shell - http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
  • Different ways to get shell - https://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/
  • Spawning a TTY shell - https://netsec.ws/?p=337
  • Port Forwarding - https://www.howtoforge.com/port-forwarding-with-rinetd-on-debian-etch
  • Best Enumeration - http://www.0daysecurity.com/penetration-testing/enumeration.html

Machines

Beginners

  • Kioptrix: Level 1 - https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
  • Kioptrix: Level 1.1 - https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
  • Kioptrix: Level 1.2 - https://www.vulnhub.com/entry/kioptrix-level-12-3,24/
  • Kioptrix: Level 1.3 - https://www.vulnhub.com/entry/kioptrix-level-13-4,25/
  • FristiLeaks: 1.3 - https://www.vulnhub.com/entry/fristileaks-13,133/
  • Stapler: 1 - https://www.vulnhub.com/entry/stapler-1,150/
  • PwnLab: init - https://www.vulnhub.com/entry/pwnlab-init,158/
  • Mr-Robot: 1 - https://www.vulnhub.com/entry/mr-robot-1,151/

Intermediate

  • Kioptrix: 2014 - https://www.vulnhub.com/entry/kioptrix-2014-5,62/
  • Brainpan: (Bufer Overflow) - https://www.vulnhub.com/entry/brainpan-1,51/
  • HackLAB: Vulnix - https://www.vulnhub.com/entry/hacklab-vulnix,48/

Advance

  • VulnOS: 2 - https://www.vulnhub.com/entry/vulnos-2,147/
  • SickOs: 1.2 - https://www.vulnhub.com/entry/sickos-12,144/
  • /dev/random: scream - https://www.vulnhub.com/entry/devrandom-scream,47/
  • pWnOS: 2.0 - https://www.vulnhub.com/entry/pwnos-20-pre-release,34/
  • SkyTower: 1 - https://www.vulnhub.com/entry/skytower-1,96/
  • IMF - https://www.vulnhub.com/entry/imf-1,162/

Linux Gaining Shell/Privilege Escalation

  • Gotmilk - https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
  • SUID - Priv Esc- https://pentestlab.blog/category/privilege-escalation/
  • SUDO - Priv Esc - https://touhidshaikh.com/blog/?p=790
  • Priv Esc- suid - https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/
  • Exploit- Priv Esc- https://payatu.com/guide-linux-privilege-escalation/
  • Samba - https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/#smb-enumeration-tools
  • Using . in Path - https://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/
  • CronTab - https://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/
  • LFI Tricks- https://sushant747.gitbooks.io/total-oscp-guide/localfileinclusion.html
  • NFS - https://www.tecmint.com/how-to-setup-nfs-server-in-linux/
  • Mysql UDF Exploit - Priv esc - https://www.adampalmer.me/iodigitalsec/2013/08/13/mysql-root-to-system-root-with-udf-for-windows-and-linux/
  • SSH authorized key - http://blog.jr0ch17.com/2018/No-RCE-then-SSH-to-the-box/
  • Editing etc/passwd file priv esc - https://www.hackingarticles.in/editing-etc-passwd-file-for-privilege-escalation/
  • Understanding etc/passwd file format - https://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
  • MySQL - Raptor Udf.c - https://github.com/1N3/PrivEsc/blob/master/mysql/raptor_udf.c
  • MySql UDF Exploit - https://www.facebook.com/notes/security-training-share/mysql-root-to-system-root-with-libmysqludfsys-for-windows-and-linux/865458806817957/
  • MSSQL to RCE - https://www.tarlogic.com/en/blog/red-team-tales-0x01/
  • TFTP- https://null-byte.wonderhowto.com/how-to/hack-like-pro-using-tftp-install-malicious-software-target-0157547/

Windows Gaining Shell/Privilege Escalation

  • Hacking & Security - http://hackingandsecurity.blogspot.com/2017/09/oscp-windows-priviledge-escalation.html
  • Fuzzy Security - http://www.fuzzysecurity.com/tutorials/16.html
  • GUIF - https://guif.re/windowseop
  • MySql UDF Exploit windows -https://osandamalith.com/2018/02/11/mysql-udf-exploitation/
  • Priv Esc Methods - https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
  • Priv Esc Guide - https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

Buffer Overflow

  • Understanding BO - https://www.radiojitter.com/buffer-overflow-exploit-part-1/
  • Understanding BO - https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
  • Brainpan - https://jagskap.blogspot.com/2019/06/brainpan-buffer-overflow.html
  • SLMAIL 5.50 Mail Server - https://github.com/R4v3nG/Seattle-Lab-Mail-SLmail-5.5-POP3-PASS-Remote-Buffer-Overflow

Scripts

  • LinEnum - https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
  • Linux Priv Checker - https://gist.github.com/sh1n0b1/e2e1a5f63fbec3706123
  • Windows Service pack exploits- https://github.com/abatchy17/
  • Powershell Exploit - https://github.com/EmpireProject/Empire/tree/master/data/module_source/privesc
  • Windows Privesc Check - Powershell - https://github.com/silentsignal/wpc-ps
  • Priv Esc Vul Checker - https://github.com/rasta-mouse/Sherlock
  • SecLists - https://github.com/danielmiessler/SecLists
  • Windows Privesc Check - https://github.com/pentestmonkey/windows-privesc-check
  • Just Another windows Enum Script - https://github.com/411Hall/JAWS
  • Windows Privesc Check - Powershell - https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
  • Windows-Privilege-Escalation - https://github.com/frizb/Windows-Privilege-Escalation
  • Payload of All Things - Windows PrivEsc - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
  • Payload of All Things - https://github.com/swisskyrepo/PayloadsAllTheThings

Practice Platforms

  • Vulnhub - https://www.vulnhub.com/
  • HackTheBox - https://www.hackthebox.eu/
  • Metasploitable2 - https://sourceforge.net/projects/metasploitable/
  • DVWA - https://github.com/ethicalhack3r/DVWA

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.