OSCP- One Page Repository
Hands on challenge to get comfortable with Linux:
- Service Enumeration
Now move to vulnerable machines. There are two main websites for practice on vulnerable machines. Hackthebox machines and Vulnhub Machines. There are multiples infosec guys who has written blogs related to these machines for community. First thing you need to do, read blogs for 5 machine and try to understand the approach for start on these machines.
TjNull has shared a list which has OSCP related boxes.
- Below is the google sheet for vulnhub and hackthebox boxes: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8

Vulnhub List

Hackthebox List
Most of the time in OSCP you will need to use a public exploit on your target to see if you can obtain a shell on it. With that exploit you may need to modify shellcode or even parts of the exploit to match with your system to obtain a connection from your target.
There are multiple ways to transfer the files from attacker system to target system.
- Windows
- VBS Script
- SMB Server
- HTTP Server
- FTP Server
- TFTP Server
- Powershell
- Debug.exe
- Certutil
- Linux
- Python Server
- Curl
- Wget
- Netcat
- FTP
- PHP
- SCP - SSH
- For Practice on Local Machine:
- Linux Privilege Escalation
- Local File Inclusion - https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/
- Bypass File upload - https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf
- Vulnerable Application for Practice
- Metasploitable 2
- BWAPP
- Multidae
- Buffer Overflow for Dummies - https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481
- For Practice:-
- Windows Binaries (Recommend that you run these on Windows 7/XP 32 bit):
- Linux Binaries:
- Abatchy’s Port Forwarding Guide: https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide
- Explore Hidden Networks with Double Pivoting: https://pentest.blog/explore-hidden-networks-with-double-pivoting/
- 0xdf hacks stuff. Pivoting and Tunneling: https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html
- Tools:

HTB Boxes to Prepare for OSCP (Youtube Playlist): https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf
- Web Recon
- SQL
- Windows Privilege Escalation
- Winpeas
- Powerup
- Sharpup
- Seatbelt
- Windows Priv checker
- Linux Privilege Escalation
- Linux smart enumeration
- Pspy64
- Linpeas
- Lpe
- Linux Exploit Suggester
- Beroot
- Bashark
- Linux priv checker
- Password Cracking
- Online Tools for Password Cracking:
- Wordlist generators:
- Wordlists:
- In Kali: /usr/share/wordlists
- Seclists: apt-get install seclists You can find all of his password lists here: https://github.com/danielmiessler/SecLists/tree/master/Passwords
- Online Password Crackers:
I got some content from these below OSCP guides.
- Other Links:
Last modified 2yr ago