OSCP omnibus

a collection of OSCP resources for everyone 📚

Books

• Network Security Assessment, 2nd Ed.
• Hacking: The Art of Exploitation, 2nd Ed.

Other Resources by Topic

Information Gathering

Passive

• Google Filetype Conversions - a nifty guide to filetype specifications that work in Google dorks

Active

• Hackertarget Nmap Cheat Sheet - handy guide to Nmap commands
• smb NSE Library - pretty much all the details you'd ever need to know about interacting with SMB via Nmap Scripting Engine
• A New Look at Null Sessions and User Enumeration - if you regularly use enum4linux or rpcclient, then read this! it may save you from false negatives.
• AutoRecon - a powerful, time-saving network recon tool

Vulns

• IP Traffic Accounting with iptables - all about traffic accounting with iptables

Buffer Overflows

• dostackbufferoverflowgood - guide and workshop on stack buffer overflows complete with vulnerable executable
• Vortex's Guide to PWK/OSCP Stack Buffer Overflow Practice - I think this is where I found out about dostackbufferoverflowgood!

Exploit Development

• Mona.py Manual - guide to the mona.py pycommand for Immunity Debugger
• Corelan Exploit Development Tutorials - starting at the oldest and working toward the newer material, these tutorials begin with stack buffer overflow-based exploits and get progressively more complex
• 0x7 Exploit Tutorial: Bad Character Analysis - A brief tutorial on bad character analysis for shellcode development

Working with Exploits

I've been spending a lot of time reading up on pointers in C for this section.

• The Basics and Pitfalls of Pointers in C
• When 4 + 1 Equals 8: An Advanced Take on Pointers in C
• C Pointer Arithmetic

Post-Exploitation

Upgrading Shells & Transferring Files

• Transferring Files from Kali to Windows - I like the Python webserver one-liner
• Upgrading Simple Shells to Fully Interactive TTYs
• Spawning a TTY Shell
• Flying a Cylon Raider - video on post-exploitation without Meterpreter
• PowerShell Download Cradles
• LOLBAS - binaries, scripts, and libraries for living off the land in Windows

SQL

• Accessing and Hacking MSSQL from Backtrack Linux - Good info about sqsh and xp_cmdshell
• SQL Cheat Sheet

Privilege Escalation

Windows

• PayloadsAllTheThings - Windows Privilege Escalation - explanations and tools for lots of privesc methods
• Windows Privilege Escalation Techniques and Scripts - detailed writeup of privesc methods
• Windows Privilege Escalation - An Approach for Penetration Testers
• icacls - lists all the possible permissions you might see when running icacls against a file
• Windows Privilege Escalation Techniques (local) - Tradecraft Security Weekly #02 - video on Windows privesc techniques
• Windows Privilege Escalation for OSCP & Beyond! - Udemy course by Tib3rius

Scripts/Executables

• PowerUp.ps1 - privesc script from the PowerSploit project
• Windows Privesc Check - EXE that checks for common privesc opportunities
• SessionGopher - script for digging up stored session information
• Powerless - script for privesc in environments that lack PowerShell

Linux

• PayloadsAllTheThings - Linux Privilege Escalation - explanations and tools for lots of privesc methods
• LinEnum.sh - privesc shell script
• GTFOBins - Unix binaries that can be used to bypass security restrictions and sometimes escalate privileges
• Linux Privilege Escalation - Tradecraft Security Weekly #22 - video on Linux privesc techniques
• Linux Privilege Escalation for OSCP & Beyond! - Udemy course by Tib3rius

Web Application Attacks

• XSS Filter Evasion Cheat Sheet - OWASP - XSS filter evasion techniques
• WordPress Vulnerability Discovery and Exploitation - Tradecraft Security Weekly #6 - video on WordPress vulnerabilities (it's usually the plugins)
• Basic and Advanced SQL Injection Techniques - video with good explanations of various types of SQL injection vulnerabilities and exploitation techniques

Tunneling and Port Redirection

• Dynamic Port Forwarding (SSH) - brief walkthrough of dynamic SSH port forwarding with proxychains
• Evading Filters with Traffic Tunnels
• How to tunnel SSH over SSL/TLS - quick guide to client and server setup of stunnel
• Using Stunnel - red hat stunnel docs

Metasploit

• Metasploit Cheat Sheet
• Shikata Ga Nai Encoder Still Going Strong - a good post from FireEye on Shikata Ga Nai
• Porting Exploits - Metasploit Unleashed

Other Random Stuff

• Mimikatz Cheat Sheet
• basic terminator config - multi-tab, multi-pane terminator config with installation instructions here