Zero to OSCP: Concise Edition

zero-to-oscp.md

https://medium.com/@1chidan/zero-to-oscp-concise-edition-b5ecd4a781c3

PWK Preparation

• https://linuxjourney.com
• https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf
• https://www.cybrary.it/course/cisco-ccna/
• https://www.cybrary.it/course/ethical-hacking/
• https://overthewire.org/wargames/bandit/
• https://www.codecademy.com/
• https://www.offensive-security.com/metasploit-unleashed/
• https://shellterlabs.com/en/
• https://sourceforge.net/projects/metasploitable/
  • https://metasploit.help.rapid7.com/docs/metasploitable-2-exploitability-guide
• https://www.vulnhub.com/

Buffer Overflows

• https://vimeo.com/15247686
• https://www.vulnhub.com/entry/exploit-exercises-protostar-v2,32/

PWK Course

• https://forums.offensive-security.com/
  • Find g0tmilk’s guide to ‘alpha’ on the student forums.
  • Read it.
  • Read it again.
  • Read between the lines. (hint:methodology)
  • Read it and hack along.
  • Go over your notes, try ‘beta’ and then move onto whatever other low hanging fruit you can find.
• https://github.com/samratashok/nishang
• https://netsec.ws/?p=337
• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
• http://www.fuzzysecurity.com/tutorials/16.html
  • windows-exploit-suggester.py is a great tool that takes a text file dump of the ‘systeminfo’ command output and returns public exploits and metasploit modules that could lead to elevation of privileges. Produces a lot of false positives, but I’ve gotten lucky a few times by working through its suggestions.
  • wes.py is the ‘next generation’ of Windows exploit suggester that works much like its unofficial predecessor, but has better support for post Windows Vista era machines. You can also pass flags to specifically filter out privilege escalation vulnerabilities with known public exploits.
  • jaws-enum.ps1, or Just Another Windows (Enum) Script is another powershell script that allows users to quickly identify privilege escalation vectors. Again, quite verbose in output but learn to parse it quickly and see what jumps out.
  • PowerUp.ps1 is a powershell script that checks for ‘common Windows privilege escalation vectors that rely on misconfigurations’. It’s not a catch-all by any means, but I’ve had success using it.
• https://highon.coffee/blog/reverse-shell-cheat-sheet/
• https://github.com/SecWiki/windows-kernel-exploits

OSCP Exam

https://support.offensive-security.com/oscp-exam-guide/ https://www.hackthebox.eu/ https://www.youtube.com/ippsec https://github.com/21y4d/nmapAutomator