GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jtaubs1 → OSCP-Prep

jtaubs1 / OSCP-Prep

Licence: Unlicense license
Contained is all my reference material for my OSCP preparation. Designed to be a one stop shop for code, guides, command syntax, and high level strategy. One simple clone and you have access to some of the most popular tools used for pentesting.

Programming Languages

powershell
5483 projects
shell
77523 projects
PHP
23972 projects - #3 most used programming language
Batchfile
5799 projects
perl
6916 projects
python
139335 projects - #7 most used programming language

Labels

linuxpentesting-windowslinux-shellpentestingbatch-scriptbash-scriptpentest-scriptsoscppentesting-networkspentesting-tools

Projects that are alternatives of or similar to OSCP-Prep

Justtryharder
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (+1263.64%)
Mutual labels:  pentest-scripts, oscp
Sistem-programlama
Sistem Programlama Türkçe Kaynak (KTÜ)
Stars: ✭ 30 (-9.09%)
Mutual labels:  linux-shell, bash-script
revshfuzz
A tool for fuzzing for ports that allow outgoing connections
Stars: ✭ 18 (-45.45%)
Mutual labels:  pentest-scripts, pentesting-networks
Constole
Scan for and exploit Consul agents
Stars: ✭ 37 (+12.12%)
Mutual labels:  pentest-scripts, pentesting-tools
wifi-pentesting-guide
WiFi Penetration Testing Guide
Stars: ✭ 105 (+218.18%)
Mutual labels:  pentest-scripts, pentesting-tools
phisherprice
All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.
Stars: ✭ 38 (+15.15%)
Mutual labels:  bash-script, pentesting-tools
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+14739.39%)
Mutual labels:  pentest-scripts, pentesting-tools
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (+406.06%)
Mutual labels:  bash-script, pentesting-tools
xeca
PowerShell payload generator
Stars: ✭ 103 (+212.12%)
Mutual labels:  pentesting-windows, pentesting-tools
conti-pentester-guide-leak
Leaked pentesting manuals given to Conti ransomware crooks
Stars: ✭ 772 (+2239.39%)
Mutual labels:  pentest-scripts, pentesting-tools
scripts
Collection of useful scripts for Linux (git, docker, LUKS, Archlinux...)
Stars: ✭ 36 (+9.09%)
Mutual labels:  linux-shell, bash-script
lazyaircrack
Automated tool for WiFi hacking.
Stars: ✭ 301 (+812.12%)
Mutual labels:  linux-shell, bash-script
dotfiles
my dot files with git and docker extension for windows and linux
Stars: ✭ 13 (-60.61%)
Mutual labels:  bash-script
awesome-pentest-tools
List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Stars: ✭ 34 (+3.03%)
Mutual labels:  pentesting-windows
scout
Reading and writing in JSON, Plist, YAML and XML data made simple when the data format is not known at build time. Swift library and command-line tool.
Stars: ✭ 110 (+233.33%)
Mutual labels:  bash-script
dark-lord-obama
AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities
Stars: ✭ 61 (+84.85%)
Mutual labels:  oscp
Converto
Installing Kali linux on Vps Server
Stars: ✭ 100 (+203.03%)
Mutual labels:  bash-script
GRC-SECURITY-NOW-PODCAST-DOWNLOAD-SCRIPT
Purpose of this BASH script is to allow easy downloading of Security Now (GRC.Com/SecurityNow) podcasts and files related to it.
Stars: ✭ 23 (-30.3%)
Mutual labels:  bash-script
jbh
(JBH) Jekyll Blog Helper - A shell script to help manage a jekyll weblog site
Stars: ✭ 26 (-21.21%)
Mutual labels:  bash-script
dockertex
🐋📓📽 Latex & Texstudio Dockerfiles with multiple texlive versions and proper command line tools 🔮 Mirror only!
Stars: ✭ 26 (-21.21%)
Mutual labels:  bash-script
View All Similar Projects ➔

OSCP-Prep

This repo is not complete yet, I am working on it daily.

Repo Map

OSCP-Prep-Diagram-120 drawio

Methodology

alt text

Additional References

Step 1 Recon

  • Can you ping the target?
  • Is your VPN still connected?

Path

Start with recon-enumeration folder

  • Start the scans: What is open?
  • Use autorecon 10.10.10.10 -v
  • Once completed, rescan all ports with service detection nmap -sS -sV -sC 10.10.10.10 | tee nmap_output.txt
  • Consider running some targeted scripts against services running.
nmap --script "http*" 10.10.10.10 -p 8080 -vv | tee nmap_http_scripts.txt
  • Identify the Ports and Services running.

Web Server Running?

  • Go To: /web/web-servers.md
  • Find out CMS type and version --> check exploitdb
  • Look for usernames
  • Run nikto, gobuster --> try and map out the website
  • robots.txt file?
  • Default Credentials
admin:admin
administrator:administrator
admin:administrator
admin:password
administrator:password
admin admin123
admin root123
admin password1
admin administrator1
admin changeme1
admin password123
admin qwerty123
admin administrator123
admin changeme123

Upload Vulnerability PHP web shells

  • The best one for Linux and Windows
  • /shells/web-shells/php-reverse-shell/src/php_reverse_shell.php

FTP Running

  • Try anonymous login method
  • If you can get a username from another port try hydra
  • Make sure to connect to it as the root user from your local box
  • Remember the difference between Active and Passive mode

SSH/Telnet Running port 22, 23

  • Be on the look out for LFI on a web server --> Private keys
  • Think about Hydra if you can find a username

Email Ports 25, 110, 143?

  • /recon-enumeration/recon-enumeration.md

NFS port 2049

  • /recon-enumeration/recon-enumeration.md
  • Check for shares that are accessible

NetBios or Microsoft-ds Running ports 137, 138, 139, 445

  • /recon-enumeration/recon-enumeration.md --> SMB Enumeration section
  • Use smbmap, nmap --script, enum4linux, smbclient, rpcclient
  • Check all enum4linux output especially toward the bottom for potential usernames
  • Can be brute forced with medusa, and nmap --script "smb-brute"

Redis port 6379

  • /recon-enumeration/recon-enumeration.md
  • Redis Section

Rsync port 873

  • /recon-enumeration/recon-enumeration.md
  • Rsync Section

On a Windows Box

  • /windows-priv-esc/win-priv-esc.md
  • Set up secondary Shell with msfvenom and multi/handler
  • Check for hidden files as well
  • Can you enable RDP and use xfreerdp to mount your kali share to the target?

On a Linux Box

  • /lin-priv-esc/lin-priv-esc.md
  • Set up secondary Shell with msfvenom and multi/handler
  • Always stabilize your shells!
  • Get lse.sh and linpeas.sh on the box and in /dev/shm
  • /lin-priv-esc/priv-esc-scripts/
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].