This repository contains useful information related to the OSCP certification.
Specifically, I have organized all the knowledge you need to know in order to obtain the OSCP certification into nine different modules. For each module, you will find a specific folder containing information regarding that module. The modules are listed below.
NOTE: Currently there's not much in these modules, because I just started to work on this. In the following months you should see more content coming.
- 01 – Web
- 02 – Linux
- 03 – Windows
- 04 – Password Attacks
- 05 – Using Existing Exploits
- 06 – Port Forwarding and Pivoting
- 07 – Client-side Attacks
- 08 – Active Directory
- 09 – Report Writing
Other material that I developed regarding OSCP
If you want to support my work, feel free to donate:
For the web
module the following topics have been covered.
- Introduction to Web Exploitation
- Getting used to burpsuite
- SQL Injection
- Directory Traversal
- File Inclusion
- File Upload Vulnerabilities
- Command Injection
- Cross-Site Scripting
- Web Enumeration – Files and Directories
- Web Enumeration – Virtual Hosts
- Web Enumeration – HTTP Parameters
- Brute Force Attacks
- DNS Zone Transfer Attacks
For the linux
module the following topics have been covered.
- System shell
- PATH Hijacking
- SUID exploitation
- System enumeration
- Cronjob enumeration
- SUDO exploitation
- Wildcard expansion
For the windows
module the following topics have been covered.
- System shell
- System enumeration
- Useful system commands
- SeImpersonatePrivilege Exploitation
- Service Hijacking Exploitation
- Unquoted Service Paths Exploitation
For the password attacks
module the following topics have been covered.
- Hash cracking theory
- Hash cracking tools
- KeePass databases
- Ssh keys
- NTLM hash
- Net-NTLMv2 hash
- AS-REP hash
- Kerberoasting hash
For the using existing exploits
module the following topics have been covered.
- Metasploit
- exploit-db
- CVE-2021-41773
For the port forwarding and pivoting
module the following topics have been covered.
- Local Port Forwarding
- Dynamic Port Forwarding
- Remote Port Forwarding
- Remote Dynamic Port Forwarding
For the client-side attacks
module the following topics have been covered.
- Cross-Site Scripting
- Microsoft Word Macros
- Windows Library Files
For the active directory
module the following topics have been covered.
- Enumeration
- Main tools
- Kerberoasting
- AS-REP roasting
- DCsync attack
- Mimikatz
- NTLM authentication
- Kerberos authentication
In the ./report
you will find a folder ready to be used for the
final exam. The idea is simple: you write your exam findings in a
report using either the markdown
or org
markup languages, and then
you can use the generate.sh
script to generate a final PDF. Two
sample reports report.md
and report.org
are presented. You can
take inspiration from those and customize it to your own need.
To actually generate the report, make sure you have pandoc
installed
with the latex theme eisvogel
. If you do not have such file I
suggest to download it from github.
wget https://raw.githubusercontent.com/Wandmalfarbe/pandoc-latex-template/master/eisvogel.tex
Then, edit the script ./report/generate.sh
in order to insert your own OSID
value. So for example assuming my OSID
was 99999999
then I would
write on top of the file
OSID=99999999
Finally, just execute ./generate.sh
, and you should see the
following
[leo@archlinux report]$ ./generate.sh
[INFO]: Checking requirements
[INFO]: All good, we're ready to generate!
[INFO]: Generated succesfully, creating 7z archive!
[INFO]: MD5 of archive (e9b9424d742bf230748665cd614ba240)
After the script has succesfully executed, you will see two new files:
OSCP-OS-99999999-Exam-Report.pdf
, which contains the generated pdf for previewingOSCP-OS-99999999-Exam-Report.7z
, which contains the final artifat you can use to submit your record.
Notice how at the end the MD5 of the artifact is computed. This can be
used during OffSec upload procedure to make sure you uploaded the
correct file. Finally, if you want to change the input filename to
export, just give an argument to the generate.sh
script as
follows. Just remember that the scripts only supports markdown
and
org
syntaxes.
./generate.sh report.md
./generate.sh report.org