This is where I will be keeping all my references, notes, and code that I plan to use for the OSCP. I am making them public so that I can share this with the monitors, once I take the OSCP.
- Buffer Overflow
- Linux Commands and Privilege Escalation
- Windows Commands and Privilege Escalation
- Metasploit Emergency Use (in case I am running out of time and need some more points)
- ZeroLogon Exploit (just in case)
- GitHub Repo (this one) — https://github.com/ciwen3/OSCP.git
- MSFVenom Payload Creator — https://github.com/g0tmi1k/msfpc
- Exploit-DB — https://www.exploit-db.com/
- SearchSploit — https://www.exploit-db.com/searchsploit
sudo apt update && sudo apt -y install exploitdb
searchsploit -u
searchsploit -h
searchsploit afd windows local
Note, SearchSploit uses an AND operator, not an OR operator. The more terms that are used, the more results will be filtered out. Pro Tip: Do not use abbreviations (use SQL Injection, not SQLi). Pro Tip: If you are not receiving the expected results, try searching more broadly by using more general terms (use Kernel 2.6 or Kernel 2.x, not Kernel 2.6.25).
- Windows Kernel Exploits — https://github.com/SecWiki/windows-kernel-exploits
- Linux Kernel Exploits — https://github.com/lucyoa/kernel-exploits
- Hashcat — https://hashcat.net/hashcat/
- John the Ripper — https://www.openwall.com/john/
- pattern_create.rb — /usr/share/metasploit-framework/tools/exploit/pattern_create.rb
- pattern_offset.rb — /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb
- Kali's builtin Windows Resources:
/usr/share/windows-resources/
/usr/share/windows-resources/binaries/
- GoBuster — https://github.com/OJ/gobuster
- Recursive GoBuster — https://github.com/epi052/recursive-gobuster
- Nikto — https://github.com/sullo/nikto
- dirb — https://tools.kali.org/web-applications/dirb
- Feroxbuster — https://github.com/epi052/feroxbuster
- Rustbuster — https://github.com/phra/rustbuster
https://help.offensive-security.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide
- proof.txt - This file is only accessible to the root or Administrator user and can be found under the /root/ directory or the Administrator Desktop. This file is available on every target machine.
- local.txt - This file is accessible to an un-privileged user account and can only be found on certain machines. The targets containing these files are detailed in your control panel.
- The order in which the exam machines are documented inside your exam report is the same order in which the exam machines will be graded and valued
- Points will be awarded for partial and complete administrative control of each target machine
- Each machine has a specific set of objectives that must be met in order to receive full points
- You must achieve a minimum score of 70 points to pass the exam
- It is possible to achieve a maximum of 100 points on the exam
- Specific objectives and point values for each machine are located in your exam control panel
You will receive no points for a specific target for the following:
- Using a restricted tool
- Using Metasploit Auxiliary, Exploit, or Post modules on multiple machines
- Using the Meterpreter payload on multiple machines
- Failure to provide the local.txt and proof.txt file contents in both the control panel and in a screenshot
The usage of Metasploit and the Meterpreter payload are restricted during the exam. You may only use Metasploit modules ( Auxiliary, Exploit, and Post ) or the Meterpreter payload against one single target machine of your choice. Once you have selected your one target machine, you cannot use Metasploit modules ( Auxiliary, Exploit, or Post ) or the Meterpreter payload against any other machines.
Metasploit/Meterpreter should not be used to test vulnerabilities on multiple machines before selecting your one target machine ( this includes the use of check ) . You may use Metasploit/Meterpreter as many times as you would like against your one target machine.
If you decide to use Metasploit or Meterpreter on a specific target and the attack fails, then you may not attempt to use it on a second target. In other words, the use of Metasploit and Meterpreter becomes locked in as soon as you decide to use either one of them.
You may use the following against all of the target machines:
1. multi handler (aka exploit/multi/handler)
2. msfvenom
3. pattern_create.rb
4. pattern_offset.rb
info taken from: https://medium.com/@falconspy/unofficial-oscp-approved-tools-b2b4e889e707
- CherryTree — https://www.giuspen.com/cherrytree/ (Template: https://411hall.github.io/assets/files/CTF_template.ctb)
- KeepNote — http://keepnote.org/
- PenTest.ws — https://pentest.ws/
- Microsoft OneNote
- GitHub Repo
- Joplin with TJNull (OffSec Community Manager) template — https://github.com/tjnull/TJ-JPT
- Obisidian Mark Down — https://obsidian.md/
- Dradis — https://dradisframework.com/academy/industry/compliance/oscp/
- Serpico — https://github.com/SerpicoProject/Serpico
- Report Template
- Created by whoisflynn — https://github.com/whosiflynn/OSCP-Exam-Report-Template
- Created by Noraj — https://github.com/noraj/OSCP-Exam-Report-Template-Markdown
- AutoRecon — https://github.com/Tib3rius/AutoRecon
- nmapAutomator — https://github.com/21y4d/nmapAutomator
- Reconbot — https://github.com/Apathly/Reconbot
- Raccoon — https://github.com/evyatarmeged/Raccoon
- Web Related
- Dirsearch — https://github.com/maurosoria/dirsearch
- GoBuster — https://github.com/OJ/gobuster
- Feroxbuster — https://github.com/epi052/feroxbuster
- wfuzz — https://github.com/xmendez/wfuzz
- goWAPT — https://github.com/dzonerzy/goWAPT
- ffuf — https://github.com/ffuf/ffuf
- Nikto — https://github.com/sullo/nikto
- dirb — https://tools.kali.org/web-applications/dirb
- dirbuster — https://tools.kali.org/web-applications/dirbuster
- GTFOBins (Bypass local restrictions) — https://gtfobins.github.io/
- Impacket (SMB, psexec, etc) — https://github.com/SecureAuthCorp/impacket
- SecLists — https://github.com/danielmiessler/SecLists
- Reverse Shell Generator — https://github.com/cwinfosec/revshellgen
- Windows Reverse Shell Generator — https://github.com/thosearetheguise/rev
- MSFVenom Payload Creator — https://github.com/g0tmi1k/msfpc
- Windows PHP Reverse Shell — https://github.com/Dhayalanb/windows-php-reverse-shell
- PenTestMonkey Unix PHP Reverse Shell — http://pentestmonkey.net/tools/web-shells/php-reverse-shell
- tmux — https://tmuxcheatsheet.com/ (cheat sheet)
- tmux-logging — https://github.com/tmux-plugins/tmux-logging
- Oh My Tmux — https://github.com/devzspy/.tmux
- screen — https://gist.github.com/jctosta/af918e1618682638aa82 (cheat sheet)
- Terminator — http://www.linuxandubuntu.com/home/terminator-a-linux-terminal-emulator-with-multiple-terminals-in-one-window
- vim-windir — https://github.com/jtpereyda/vim-windir
- Exploit-DB — https://www.exploit-db.com/
- Windows Kernel Exploits — https://github.com/SecWiki/windows-kernel-exploits
- AutoNSE — https://github.com/m4ll0k/AutoNSE
- Linux Kernel Exploits — https://github.com/lucyoa/kernel-exploits
- BruteX — https://github.com/1N3/BruteX
- Hashcat — https://hashcat.net/hashcat/
- John the Ripper — https://www.openwall.com/john/
- Post-Exploitation / Privilege Escalation
- LinEnum — https://github.com/rebootuser/LinEnum
- linprivchecker —https://www.securitysift.com/download/linuxprivchecker.py
- Powerless — https://github.com/M4ximuss/Powerless
- PowerUp — https://github.com/HarmJ0y/PowerUp
- Linux Exploit Suggester — https://github.com/mzet-/linux-exploit-suggester
- Windows Exploit Suggester — https://github.com/bitsadmin/wesng
- Windows Privilege Escalation Awesome Scripts (WinPEAS) — https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
- Linux Privilege Escalation Awesome Script (LinPEAS) — https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
- GTFOBins (Bypass local restrictions) — https://gtfobins.github.io/
- Get GTFOBins — https://github.com/CristinaSolana/ggtfobins
- sudo_killer — https://github.com/TH3xACE/SUDO_KILLER
- Local Privilege Escalation Workshop — https://github.com/sagishahar/lpeworkshop
- Linux Privilege Escalation — https://www.udemy.com/course/linux-privilege-escalation/
- Windows Privilege Escalation — https://www.udemy.com/course/windows-privilege-escalation/
- HTB/Vulnhub like OSCP machines (Curated by OffSec Community Manager TJNull)— https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1839402159
- Virtual Hacking Labs — https://www.virtualhackinglabs.com/
- HackTheBox (Requires VIP for Retired machines) — https://www.hackthebox.eu/
- Vulnhub — https://www.vulnhub.com/
- Root-Me — https://www.root-me.org/
- Try Hack Me — https://tryhackme.com
- OverTheWire — https://overthewire.org (Linux basics)