Online Course Link: https://kali.training/lessons/introduction/​
Hands on challenge to get comfortable with Linux:
Overthewire Bandit: https://overthewire.org/wargames/bandit/​
Root me https://www.root-me.org/?lang=en​
Cmdchallenge.com: https://cmdchallenge.com/​
HackerRank Linux Shell: https://www.hackerrank.com/domains/shell​
​https://guide.bash.academy/ ​
Service Enumeration
Now move to vulnerable machines. There are two main websites for practice on vulnerable machines. Hackthebox machines and Vulnhub Machines. There are multiples infosec guys who has written blogs related to these machines for community. First thing you need to do, read blogs for 5 machine and try to understand the approach for start on these machines.
​https://www.vulnhub.com/​
TjNull has shared a list which has OSCP related boxes.
Below is the google sheet for vulnhub and hackthebox boxes: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8​
Most of the time in OSCP you will need to use a public exploit on your target to see if you can obtain a shell on it. With that exploit you may need to modify shellcode or even parts of the exploit to match with your system to obtain a connection from your target.
Exploit-DB - https://www.exploit-db.com/​
SearchSploit - Offline kali Database - https://www.exploit-db.com/searchsploit​
Packetstorm - https://packetstormsecurity.com/files/tags/exploit/​
There are multiple ways to transfer the files from attacker system to target system.
Windows
VBS Script
SMB Server
HTTP Server
FTP Server
TFTP Server
Powershell
Debug.exe
Certutil
Linux
Python Server
Curl
Wget
Netcat
FTP
PHP
SCP - SSH
For Practice on Local Machine:
SQL Injection - http://pentestmonkey.net/category/cheat-sheet/sql-injection​
Remote File Inclusion - https://sushant747.gitbooks.io/total-oscp-guide/remote_file_inclusion.html​
Local File Inclusion - https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/​
Bypass File upload - https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf​
Vulnerable Application for Practice
OWASP Juice Shop: https://www.owasp.org/index.php/OWASP_Juice_Shop_Project​
Metasploitable 2
BWAPP
Multidae
DVWA - http://www.dvwa.co.uk/​
Exploiting Simple Buffer Overflow on Win 32 https://www.pentesteracademy.com/course?id=13​
Buffer Overflow for Dummies - https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481​
For Practice:-
Windows Binaries (Recommend that you run these on Windows 7/XP 32 bit):
Brain Pan Machine - https://www.vulnhub.com/entry/brainpan-1,51/​
Vulnserver: https://samsclass.info/127/proj/vuln-server.htm​
Minishare 1.4.1: https://www.exploit-db.com/exploits/636​
Savant Web Server 3.1: https://www.exploit-db.com/exploits/10434​
Freefloat FTP Server 1.0: https://www.exploit-db.com/exploits/40673​
Core FTP Server 1.2: https://www.exploit-db.com/exploits/39480​
Linux Binaries:
Linux Buffer Overflow: https://samsclass.info/127/proj/lbuf1.htm​
Abatchy’s Port Forwarding Guide: https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide​
Windows Port Forwarding: http://woshub.com/port-forwarding-in-windows/​
SSH Tunneling Explained: https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/​
Understanding Proxy Tunnels: https://www.offensive-security.com/metasploit-unleashed/proxytunnels/​
Explore Hidden Networks with Double Pivoting: https://pentest.blog/explore-hidden-networks-with-double-pivoting/​
0xdf hacks stuff. Pivoting and Tunneling: https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html​
Tools:
SSHuttle: https://github.com/sshuttle/sshuttle​
Proxychains: https://github.com/haad/proxychains​
​
​
IPPSEC TJ_NULL OSCP LIST -https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf​
​
HTB Boxes to Prepare for OSCP (Youtube Playlist): https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf
Web Recon
Dirsearch: https://github.com/maurosoria/dirsearch​
Dirbuster: https://tools.kali.org/web-applications/dirbuster​
Gobuster: https://github.com/OJ/gobuster​
Wfuzz: https://github.com/xmendez/wfuzz​
SQL
NoSQLMap: https://github.com/codingo/NoSQLMap​
SQLNinja: http://sqlninja.sourceforge.net/​
Windows Privilege Escalation
Winpeas
Window exploit suggester - https://github.com/GDSSecurity/Windows-Exploit-Suggester​
Powerup
Sharpup
Seatbelt
Sherlock - https://github.com/rasta-mouse/Sherlock​
Windows Priv checker
Linux Privilege Escalation
Linux smart enumeration
Pspy64
Linenum - https://github.com/rebootuser/LinEnum​
Linpeas
Lpe
Linux Exploit Suggester
Beroot
Bashark
Linux priv checker
Password Cracking
John The Ripper - https://www.openwall.com/john/​
Hashcat: https://hashcat.net/hashcat/​
Online Tools for Password Cracking:
THC Hydra: https://github.com/vanhauser-thc/thc-hydra​
Medusa: http://h.foofus.net/?page_id=51​
Wordlist generators:
Cewl: https://digi.ninja/projects/cewl.php​
Wordlists:
In Kali: /usr/share/wordlists
Seclists: apt-get install seclists You can find all of his password lists here: https://github.com/danielmiessler/SecLists/tree/master/Passwords​
Online Password Crackers:
​https://www.cmd5.org/​
​https://gpuhash.me/​
I got some content from these below OSCP guides.
Other Links:
​