Scribd
Upload
2K views7 pages

OSCP Exam Hits and Preparation

Uploaded by

gehtuwfg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2K views7 pages

OSCP Exam Hits and Preparation

Uploaded by

gehtuwfg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

1 Overview OSCP

1.1 Offsensive Security Certified Professional


1.2 In the Lab, has total 4 networks and 50 systems
1.3 Course Prerequisites
1.3.1 Should be comfortable with scripting
1.3.2 Should be comfortable with Linux and Windows command Linux
syntax
1.3.3 Should be familiar with Assembly and a debugger
1.3.4 Minimal Skill Required
1.3.4.1 Networking
1.3.4.2 Scripting (Python, bash, perl, powershell)
1.3.4.3 Command Line Interactive (Windows and Linux)
1.3.4.4 Assembly (x86) / Debuggers
1.3.4.5 C/C++
1.3.4.6 Javascript, SQL, PHP, ASP
1.3.4.7 Meterprefer / Msfvenom
1.4 Cost
1.4.1 PWK + 30 Days LAB + CERT US800
1.4.2 PWK + 60 Days LAB +CERT US1000
1.4.3 PWK + 90 Days LAB +CERT US1150
1.5 Course Registration
1.5.1 Require a non-free address
1.6 Exam Details
1.6.1 24hr Certification Exam and other 24hr for reporting
1.6.2 5 machine vulnerable for compromise
1.6.3 Need 70 out of 100 points to pass
1.6.4 Exam Restrictions
1.6.4.1 Can't use any of following on exam
1.6.4.1.1 Spoofing (IP,ARP,DNS,NBNS, etc.)
1.6.4.1.2 Commercial tools or services (db_autopwn,
browser_autopwn, SQLmap, SQL ninja etc.)
1.6.4.1.3 Mass vulnerability Scanners (Nessus, NeXpose,
OpenVAS, Canvas, Core Impact, SAINT, etc.)
1.6.4.1.4 Features in other tools that utilize either forbidden or
restricted exam limitations
1.6.5 Metasploit
1.6.5.1 You can use Metasploit auxiliary, Exploit and Post modules
against one target machine of your choice
1.6.6 You can use the following against all of the target machines:
1.6.6.1 Multi handler (AKA exploit/multi/handler)
1.6.6.2 Meterpreter
1.6.6.3 Msfpayload & msfencode
1.6.6.4 Msfvenom
1.6.7 Exam Proofs: Windows
1.6.7.1 You must have a shell to receive full points
1.6.7.2 Provide the proof files in a shell (Web, bind, reverse, or RDP) by
type command
1.6.7.3 Obtaining the contents of the proof files in any other way will
result in zero points for the target machine
1.6.8 Exam Proofs: Linux
1.6.8.1 Same as Windows
1.6.9 More details go here
1.6.9.1 https://support.offensive-security.com/#!oscp-exam-guide.md
2 Documentation
2.1 Tool Suggestion
2.1.1 OneNote (Cloud)
2.1.2 Evernote (Cloud)
2.1.3 KeepNote (Old, but reliable)
2.1.4 Cherrytre (To have a look)
2.1.5 Latex (Awesome for reporting later)
2.1.6 Markdown (no idea)
2.2 Capture all the things
2.2.1 Notes
2.2.2 Screenshots
2.2.3 Files you capture/use
2.2.4 Reports
2.3 Example Formatting
2.3.1 Notes (whatever you done)
2.3.2 Enumeration
2.3.2.1 *Port
2.3.2.1.1 *<Tool Name> Output
2.3.3 Exploit
2.3.3.1 * port/url
2.3.3.2 * source coe/script etc
2.3.4 Post Exploit Low
2.3.4.1 */etc/password
2.3.4.2 Systeminfo
2.3.5 Privilege Escation
2.3.5.1 Source code / script
2.3.6 Post Exploit High
2.3.6.1 *hashes / shadow
3 Exam Pre-Preparation
3.1 High Speed Internet
3.2 Script my enumeration
3.3 Script my privilege escalation checks
3.3.1 http://pentestmonkey.net/tools/windows-privesc-check
3.3.2 http://pentestmonkey.net/tools/audit/unix-privesc-check
3.3.3 http://it-ovid.blogspot.de/2012/02/windows-privilege-escalation.html
3.3.4 https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
4 Exam Hits
4.1 General Hits
4.1.1 Time Management
4.1.2 Avoiding rabbit holes
4.1.3 Make a battle plan which you will stick to during the full length of
exam
4.1.4 Suggest not work longer than 12 hours on the exam without sleep
4.1.5 Take frequent breaks during the exam
4.1.6 Use the last 15-30 mins of the exam to check before VPN dies
4.1.7 "out site the box" and "Try Harder"
4.1.8 Demonstrate creative problem solving and lateral thinking
4.2 Penetration Testing process and techniques:
4.2.1 Information Gathering and enumeration
4.2.2 Discovering security holes and vulnerabilities
4.2.3 Exploiting vulnerabilities
4.2.4 Privilege escalation and maintain access
4.3 5 point for LAB report and 5 point for exercises Report
4.4 Enjoy the experience
5 OSCP Review
5.1 Mike Czumak
5.1.1 https://www.securitysift.com/offsec-pwb-oscp/
5.2 Manich Koomsusi
5.2.1 https://www.slideshare.net/manichkoomsusi/oscp-preparation
5.3 Localhost Exposed
5.3.1 https://localhost.exposed/path-to-oscp/
5.4 Hacking Tutorials
5.4.1 http://www.hackingtutorials.org/hacking-courses/offensive-security-
certified-professional-oscp/
5.5 Ryan Hanson
5.5.1 https://royaljay.com/security/how-i-became-an-offensive-security-
certified-professional/
5.6 KaiZen_404
5.6.1 https://kaizensecurity.wordpress.com/2016/05/07/oscp-blog-post/
5.7 Flylife
5.7.1 http://www.pentesting.nz/2017/03/01/offensive-securitys-pwb-and-
oscp-my-experience/
5.8 Laceratus
5.8.1 http://hacoder.com/featured/2016/02/04/oscp-review/
5.9 Lucas Bader
5.9.1 https://n3ko1.github.io/certification/2015/05/27/oscp---offensive-
security-certified-professional/
5.10 Peleus
5.10.1 http://netsec.ws/?p=398
5.11 Knapsy's brain Dump
5.11.1 http://blog.knapsy.com/blog/2015/03/29/oscp-thoughts-and-
tips/
5.12 Jason Bernier
5.12.1 http://www.jasonbernier.com/oscp-review/
5.13 En-lightn
5.13.1 http://www.en-lightn.com/?p=941
6 Website Recommended
6.1 OSCP Cheat Sheet
6.1.1 https://pastebin.com/WWJGgDm5
6.1.2 https://github.com/Hack-with-Github/Awesome-Hacking
6.1.3 https://github.com/enaqx/awesome-pentest
6.1.4 https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/
6.1.5 http://pwnwiki.io/#!index.md
6.2 Training Target
6.2.1 https://www.vulnhub.com/resources/
6.3 Kali Tools
6.3.1 http://tools.kali.org/tools-listing
6.4 Essential Tools
6.4.1 http://tools.kali.org/password-attacks/patator
6.4.2 http://tools.kali.org/web-applications/dirb
6.4.3 http://tools.kali.org/web-applications/dirbuster
6.4.4 http://tools.kali.org/web-applications/gobuster
6.4.5 http://tools.kali.org/web-applications/wpscan
6.4.6 http://tools.kali.org/web-applications/joomscan
6.4.7 http://tools.kali.org/vulnerability-analysis/sqlmap
6.4.8 http://tools.kali.org/exploitation-tools/commix
6.4.9 http://tools.kali.org/maintaining-access/weevely
6.4.10 http://tools.kali.org/password-attacks/ncrack
6.4.11 http://tools.kali.org/password-attacks/cewl
6.4.12 http://tools.kali.org/information-gathering/dotdotpwn
6.4.13 http://tools.kali.org/exploitation-tools/shellnoob
6.5 Windows
6.5.1 Windows Privilege Escalation Fundamentals
6.5.1.1 http://www.fuzzysecurity.com/tutorials/16.html
6.5.1.2 http://pentestmonkey.net/tools/audit/windows-privesc-check
6.5.1.3 https://github.com/GDSSecurity/Windows-Exploit-Suggester
6.5.1.4 http://it-ovid.blogspot.de/2012/02/windows-privilege-
escalation.html
6.5.1.5 https://toshellandback.com/2015/11/24/ms-priv-esc/
6.5.2 Windows Post Exploitation
6.5.2.1 http://www.handgrep.se/repository/cheatsheets/
postexploitation/WindowsPost-Exploitation.pdf
6.5.2.2 https://docs.google.com/document/d/
1U10isynOpQtrIK6ChuReu-K1WHTJm4fgG3joiuz43rw/edit?
hl=en_US
6.6 Linux
6.6.1 Linux Privilege Escalation Fundamentals
6.6.1.1 https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-
escalation/
6.6.1.2 https://github.com/PenturaLabs/Linux_Exploit_Suggester
6.6.2 Linux Post Exploitation
6.6.2.1 https://n0where.net/linux-post-exploitation/
6.7 Unix
6.7.1 Unix Privilege Escalation Fundamentals
6.7.1.1 http://pentestmonkey.net/tools/audit/unix-privesc-check
6.7.2 Unix Post Exploitation
6.7.2.1 https://docs.google.com/document/d/
1ObQB6hmVvRPCgPTRZM5NMH034VDM-1N-EWPRz2770K4/
edit?hl=en_US#
6.8 Pre-Complied Exploits
6.8.1 https://github.com/offensive-security/exploit-database-bin-sploits
6.8.2 https://www.kernel-exploits.com/
6.9 Metasploit Unleashed
6.9.1 https://www.offensive-security.com/metasploit-unleashed/
6.9.2 http://www.securitytube.net/groups?operation=view&groupId=8
6.9.3 https://docs.google.com/document/d/
1ZrDJMQkrp_YbU_9Ni9wMNF2m3nIPEA_kekqqqA2Ywto/edit
6.10 MSFVenom
6.10.1 http://netsec.ws/?p=331
6.10.2 http://www.securityunlocked.com/2016/01/02/network-
security-pentesting/most-useful-msfvenom-payloads/
6.11 Shell
6.11.1 Shell Code
6.11.1.1 http://www.primalsecurity.net/0x0-shellcoding-tutorial-
introduction-to-asm/
6.11.1.2 https://paraschetal.in/writing-your-own-shellcode
6.11.1.3 https://www.exploit-db.com/docs/17065.pdf
6.11.2 Web Shell
6.11.2.1 http://tools.kali.org/maintaining-access/webshells
6.11.2.2 http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-
cheat-sheet
6.11.2.3 https://github.com/commixproject/commix/wiki/Upload-
shells
6.11.2.4 https://highon.coffee/blog/reverse-shell-cheat-sheet/
6.11.2.5 https://github.com/JohnTroony/php-webshells
6.11.3 Spawning a TTY Shell
6.11.3.1 http://netsec.ws/?p=337
6.11.4
6.12 Explore hidden network in Enterprise
6.12.1 https://pentest.blog/explore-hidden-networks-with-double-
pivoting/
6.13 Book Recommended
6.13.1 Penetration Testing
6.13.1.1 https://www.nostarch.com/pentesting
6.13.2 Hacking, 2nd Edition
6.13.2.1 https://www.nostarch.com/hacking2.htm
6.13.3 The Web Application Hacker's Handbook: Finding and Exploiting
Security Flaws, 2nd Edition
6.13.3.1 http://www.wiley.com/WileyCDA/WileyTitle/productCd-
1118026470.html
6.14 Wordlist
6.14.1 http://tools.kali.org/password-attacks/wordlists
6.14.2 https://github.com/danielmiessler/SecLists
6.14.3 https://github.com/govolution/betterdefaultpasslist
6.15 Unsort
6.15.1 Fuzzy Security
6.15.1.1 http://www.fuzzysecurity.com/index.html
6.15.2 Corelan Team
6.15.2.1 https://www.corelan.be/

You might also like