This repository contains the knowledge required to obtain the OSCP certification.
The knowledge has been organized in a structured way into the following modules.
Other material that I developed regarding OSCP
Support my work
For the web module the following 13 topics have been covered.
- Introduction to Web Exploitation
- Getting used to burpsuite
- SQL Injection
- Directory Traversal
- File Inclusion
- File Upload Vulnerabilities
- Command Injection
- Cross-Site Scripting
- Web Enumeration – Files and Directories
- Web Enumeration – Virtual Hosts
- Web Enumeration – HTTP Parameters
- Brute Force Attacks
- DNS Zone Transfer Attacks
Below you can find the playlist and the full video combining all the episodes.
For the linux module the following 14 topics have been covered.
- Introduction to the Linux Shell
- File System Permissions
- PATH Hijacking
- SUID Exploitation
- SUDO Exploitation
- Wildcard Expansion Exploitation
- Reverse Shells in Linux
- Unshadow Attack
- System Enumeration
- Cronjob Enumeration
- Capabilities Enumeration
- Local Service Exploitation
- Linux Binary Exploitation
- Linux Kernel Exploitation
Below you can find the playlist and the full video combining all the episodes.
For the windows module the following 19 topics have been covered.
- Introduction to the Windows Shells
- Windows Permissions
- Windows Reverse Shells
- SeImpersonatePrivilege
- Cross Compilation
- Windows Services
- Weak Service Permissions
- Unquoted Service Path
- DLL Hijacking
- UAC Bypass
- Always Installed Elevated
- Files with Sensitive Data
- Windows Hashes
- Stored Credentials
- Scheduled Tasks
- Critical Registry Paths
- Useful Tools
- AMSI Bypass
- Cheatsheet and Methodology
Below you can find the playlist and the full video combining all the episodes.
For the active directory module the following topics have been covered.
- Enumeration
- Main tools
- Kerberoasting
- AS-REP roasting
- DCsync attack
- Mimikatz
- NTLM authentication
- Kerberos authentication
In the ./report you will find a folder ready to be used for the
final exam. The idea is simple: you write your exam findings in a
report using either the markdown or org markup languages, and then
you can use the generate.sh script to generate a final PDF. Two
sample reports report.md and report.org are presented. You can
take inspiration from those and customize it to your own need.
To actually generate the report, make sure you have pandoc installed
with the latex theme eisvogel. If you do not have such file I
suggest to download it from github.
wget https://raw.githubusercontent.com/Wandmalfarbe/pandoc-latex-template/master/eisvogel.tex
Then, edit the script ./report/generate.sh in order to insert your own OSID
value. So for example assuming my OSID was 99999999 then I would
write on top of the file
OSID=99999999
Finally, just execute ./generate.sh, and you should see the
following
[leo@archlinux report]$ ./generate.sh
[INFO]: Checking requirements
[INFO]: All good, we're ready to generate!
[INFO]: Generated succesfully, creating 7z archive!
[INFO]: MD5 of archive (e9b9424d742bf230748665cd614ba240)
After the script has succesfully executed, you will see two new files:
OSCP-OS-99999999-Exam-Report.pdf, which contains the generated pdf for previewingOSCP-OS-99999999-Exam-Report.7z, which contains the final artifat you can use to submit your record.
Notice how at the end the MD5 of the artifact is computed. This can be
used during OffSec upload procedure to make sure you uploaded the
correct file. Finally, if you want to change the input filename to
export, just give an argument to the generate.sh script as
follows. Just remember that the scripts only supports markdown and
org syntaxes.
./generate.sh report.md
./generate.sh report.org
For the others module the following topics have been covered.
-
Port Forwarding and Pivoting
- Local Port Forwarding
- Dynamic Port Forwarding
- Remote Port Forwarding
- Remote Dynamic Port Forwarding
-
Using Existing Exploits
- Metasploit
- exploit-db
- CVE-2021-41773
-
Client-side Attacks
- Cross-Site Scripting
- Microsoft Word Macros
- Windows Library Files