OSCP Resources

Backdoors/Web Shells

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/
http://pentestmonkey.net/tools/web-shells/php-reverse-shell
http://pentestmonkey.net/tools/web-shells/perl-reverse-shell
https://github.com/bartblaze/PHP-backdoors
https://github.com/BlackArch/webshells
https://github.com/tennc/webshell/tree/master/php/b374k
https://github.com/tennc/webshell/tree/master/php/PHPshell/c99shell
http://www.acunetix.com/blog/articles/web-shells-101-using-php-introduction-web-shells-part-2/
http://securityweekly.com/2011/10/23/python-one-line-shell-code/

Buffer Overflows

http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/
http://proactivedefender.blogspot.ca/2013/05/understanding-buffer-overflows.html
http://justpentest.blogspot.ca/2015/07/minishare1.4.1-bufferoverflow.html
https://samsclass.info/127/proj/vuln-server.htm
http://www.bulbsecurity.com/finding-bad-characters-with-immunity-debugger-and-mona-py/

Information Gathering/Reconnaissance

LeeBaird Discover Script
https://github.com/leebaird/discover

The Basics Of Penetration Testing
https://www.hackcave.net/2015/11/the-basics-of-penetration-testing.html

Penetration Testing Framework
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

Cross-Compilation

https://arrayfire.com/cross-compile-to-windows-from-linux/

Local File Inclusion/Remote File Inclusion (LFI/RFI)

http://www.grobinson.me/single-line-php-script-to-gain-shell/
https://webshell.co/
https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf
https://osandamalith.com/2015/03/29/lfi-freak/
https://wiki.apache.org/httpd/DistrosDefaultLayout#Debian.2C_Ubuntu_.28Apache_httpd_2.x.29
https://roguecod3r.wordpress.com/2014/03/17/lfi-to-shell-exploiting-apache-access-log/
https://attackerkb.com/Windows/blind_files
https://digi.ninja/blog/when_all_you_can_do_is_read.php
https://updatedlinux.wordpress.com/2011/05/12/list-of-important-files-and-directories-in-linux-redhatcentosfedora/
https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
https://github.com/tennc/fuzzdb/blob/master/dict/BURP-PayLoad/LFI/LFI_InterestingFiles-NullByteAdded.txt
http://www.r00tsec.com/2014/04/useful-list-file-for-local-file.html
https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows/
https://github.com/tennc/fuzzdb/blob/master/dict/BURP-PayLoad/LFI/LFI-FD-check.txt

File Transfer

https://insekurity.wordpress.com/2012/05/15/file-transfer/
https://www.cheatography.com/fred/cheat-sheets/file-transfers/
https://blog.ropnop.com/transferring-files-from-kali-to-windows/
https://linux.die.net/man/1/scp
https://www.freebsd.org/cgi/man.cgi?fetch(1)
https://curl.haxx.se/docs/manpage.html
https://linux.die.net/man/1/wget

**SCP, WGET, FTP, TFTP, CURL, NC, FETCH Fuzzing Payloads

https://github.com/fuzzdb-project/fuzzdb
https://github.com/danielmiessler/SecLists

General Notes

https://bitvijays.github.io/LFC-VulnerableMachines.html
http://blog.knapsy.com/blog/2014/10/07/basic-shellshock-exploitation/
http://www.studfiles.ru/preview/2083097/page:7/
http://126kr.com/article/3vbt0k8fxwh
http://meyerweb.com/eric/tools/dencoder/
https://www.darkoperator.com/powershellbasics
https://wooly6bear.files.wordpress.com/2016/01/bwapp-tutorial.pdf
http://alexflor.es/security-blog/post/egress-ports/
https://www.exploit-db.com/papers/13017/
https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
http://explainshell.com/
https://pentestlab.blog/2012/11/29/bypassing-file-upload-restrictions/
https://github.com/g0tmi1k/mpc
https://www.reddit.com/r/netsecstudents/comments/5fwc1z/failed_the_oscp_any_tips_for_the_next_attempt/danovo5/
https://security.stackexchange.com/questions/110673/how-to-find-windows-version-from-the-file-on-a-remote-system
https://www.veil-framework.com/veil-tutorial/ (AV Evasion)
https://blog.propriacausa.de/wp-content/uploads/2016/07/oscp_notes.html
https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/
gnore SSL in python scripts : http://stackoverflow.com/questions/19268548/python-ignore-certicate-validation-urllib2

Jailed Shell Escape

http://netsec.ws/?p=337
https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells
https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells
http://airnesstheman.blogspot.ca/2011/05/breaking-out-of-jail-restricted-shell.html
http://securebean.blogspot.ca/2014/05/escaping-restricted-shell_3.html

Linux Post-Exploitation

https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
https://github.com/huntergregal/mimipenguin
https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List

Linux Privilege Escalation

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://www.kernel-exploits.com/
https://github.com/rebootuser/LinEnum
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://www.securitysift.com/download/linuxprivchecker.py
http://pentestmonkey.net/tools/audit/unix-privesc-check
https://github.com/mzet-/linux-exploit-suggester
http://www.darknet.org.uk/2015/06/unix-privesc-check-unixlinux-user-privilege-escalation-scanner/
https://www.youtube.com/watch?v=dk2wsyFiosg
http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/#gref
https://www.rebootuser.com/?p=1758

Metasploit

https://www.offensive-security.com/metasploit-unleashed/
http://www.securitytube.net/groups?operation=view&groupId=8

MSFVenom Payloads

http://netsec.ws/?p=331
https://www.offensive-security.com/metasploit-unleashed/msfvenom/
http://www.blackhillsinfosec.com/?p=4935

Port Scanning

https://highon.coffee/blog/nmap-cheat-sheet/
https://nmap.org/nsedoc/
https://github.com/superkojiman/onetwopunch
http://kalilinuxtutorials.com/unicornscan/

Password Cracking

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/
https://hashkiller.co.uk/
https://linuxconfig.org/password-cracking-with-john-the-ripper-on-linux
http://www.rarpasswordcracker.com/

Pivoting

https://www.offensive-security.com/metasploit-unleashed/portfwd/
https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
https://github.com/rofl0r/proxychains-ng
https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117
https://pentest.blog/explore-hidden-networks-with-double-pivoting/
https://blog.techorganic.com/2012/10/10/introduction-to-pivoting-part-2-proxychains/
https://www.cobaltstrike.com/help-socks-proxy-pivoting
https://sathisharthars.com/2014/07/07/evade-windows-firewall-by-ssh-tunneling-using-metasploit/
https://artkond.com/2017/03/23/pivoting-guide/

Remote Desktop Protocol (RDP)

https://serverfault.com/questions/148731/enabling-remote-desktop-with-command-prompt
https://serverfault.com/questions/200417/ideal-settings-for-rdesktop

Samba (SMB)

https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
http://www.blackhillsinfosec.com/?p=4645

TTY Shell Spawning

http://netsec.ws/?p=337
https://github.com/infodox/python-pty-shells
https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/

SQL Injection

http://www.sqlinjection.net/category/attacks/
http://sechow.com/bricks/docs/login-1.html
https://www.exploit-db.com/papers/12975/
https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
https://github.com/cr0hn/nosqlinjection_wordlists
https://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/
https://websec.ca/kb/sql_injection#MSSQL_Default_Databases

Vulnhub VMs

Kioptrix: Level 1 (#1)
Kioptrix: Level 1.1 (#2)
Kioptrix: Level 1.2 (#3)
Kioptrix: Level 1.3 (#4)
FristiLeaks: 1.3
Stapler: 1
PwnLab: init
Tr0ll: 1
Tr0ll: 2
Kioptrix: 2014
Lord Of The Root: 1.0.1
Stapler: 1
Mr-Robot: 1
HackLAB: Vulnix
VulnOS: 2
SickOs: 1.2
pWnOS: 2.0

HackTheBox (HTB) and TryHackMe (THM)

HTB is a penetration testing platform with many machines that feel like they belong in the OSCP labs. All you have to do is pass the registration challenge and only then, you will have your VPN access provided. I suggest doing a few as it is free and an excellent way to prepare for the exam without downloading a vulnerable VM.

Web Exploitation

http://www.studfiles.ru/preview/2083097/page:7/
http://126kr.com/article/3vbt0k8fxwh
http://meyerweb.com/eric/tools/dencoder/

Windows Post-Exploitation

https://github.com/gentilkiwi/mimikatz/releases/
https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa
http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf
https://github.com/PowerShellMafia/PowerSploit
https://github.com/gentilkiwi/mimikatz/releases
http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf
https://github.com/mubix/post-exploitation/wiki/windows

Windows Privilege Escalation

http://www.fuzzysecurity.com/tutorials/16.html
https://toshellandback.com/2015/11/24/ms-priv-esc/
https://github.com/pentestmonkey/windows-privesc-check
https://blog.gdssecurity.com/labs/2014/7/11/introducing-windows-exploit-suggester.html
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
https://github.com/foxglovesec/RottenPotato
http://www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet/
https://www.youtube.com/watch?v=PC_iMqiuIRQ
https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be
https://github.com/PowerShellMafia/PowerSploit
http://www.blackhillsinfosec.com/?p=5824
https://www.commonexploits.com/unquoted-service-paths/
https://github.com/abatchy17/WindowsExploits

PreviousWrite-Ups NextResources

Last updated 3 years ago