Guest User

Untitled

a guest
Mar 5th, 2020
945
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Many have asked me about the OSCP certification which is your beginning with the field of penetration testing. The content of the certificate, whether the book or the videos are essential, does not cover everything you need to solve the labs. They just give you the tip of the thread and the beginning of the road, and you should search and learn from a variety of sources.
  2.  
  3. The important thing is, with this post I will give you a plan that I hope will be good and appropriate for you before you intend to register in the laboratory and take the exam.
  4.  
  5. Article for the certificate contains 18 training units. For this reason, I would like to provide you with some resources that may be useful for you to prepare for the certificate and the units in it before reviewing its content.
  6.  
  7. The first unit talks about how to deal with Kali Linux in addition to bash scripting and to prepare for this unit, we advise you to check out the following sources:
  8. 1- Linux Basics Course:
  9. https://www.youtube.com/playlist?list=PLs6emGC4vqRK0buaLWzZkxdNX6-WW0eh7
  10. 2- Programming course using bash scripting:
  11. https://www.youtube.com/playlist?list=PLEOFNTP51Gtedb0auUdfYqTJc0ZkETp7s
  12.  
  13. The second grandmother tells about some of the main and important tools that any penetration laboratory needs to know how to deal with and to prepare for its unity with your advice, see the following topics:
  14. 1- Dealing with the netcat:
  15. https://www.win.tue.nl/~aeb/linux/hh/netcat_tutorial.pdf
  16. https://www.binarytides.com/netcat-tutorial-for-beginners/
  17. 2- Dealing with the wireshark:
  18. https://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/
  19. https://www.youtube.com/watch?v=r0l_54thSYU
  20. https://www.youtube.com/playlist?list=PLMYF6NkLrdN_RQWQRUSX-15MFb8uwfkpE
  21. 3- Dealing with tcpdump:
  22. https://www.giac.org/paper/gsec/3489/beginners-guide-tcpdump/105700
  23.  
  24. The third unit talks about how to collect information, but passive through the sites and services on the Internet, and to prepare it for your advice, see the following sources:
  25. https://www.youtube.com/watch?v=U5ps0nj89ic&list=PLs6emGC4vqRJYHKMLfi6zoLoLR4kuEnpJ
  26.  
  27. The fourth unit talks about gathering information in an active way, and the sources help you to prepare:
  28. 1- The network scanning unit of the ethical hacker course:
  29. https://www.youtube.com/watch?v=uWukBZboGW0&list=PLs6emGC4vqRJz-GgzSXNxh1poZibnr3-i
  30. 2- Summary of nmap options:
  31. http://cs.lewisu.edu/~klumpra/camssem2015/nmapcheatsheet1.pdf
  32. 3- Dealing with the enum4linux tool:
  33. https://labs.portcullis.co.uk/tools/enum4linux/
  34. 4- Collection of information through the SMTP protocol:
  35. https://pentestlab.blog/2012/11/20/smtp-user-enumeration/
  36. 5- Collection of information through SNMP:
  37. https://resources.infosecinstitute.com/snmp-pentesting/
  38.  
  39. The fifth unit tells how to check and detect the vulnerabilities, and you can see the following videos:
  40. https://www.youtube.com/watch?v=U0XWM4-NQTY&list=PLs6emGC4vqRJz-GgzSXNxh1poZibnr3-i&index=10
  41.  
  42. Units 6, 7 and 8 tell about buffer overflow vulnerabilities, so you can get to know and understand them by advising you. See the following videos and resources:
  43. https://www.youtube.com/watch?v=1S0aBV-Waeo
  44. https://www.youtube.com/watch?v=1TNecxUBD1w
  45. https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/
  46. https://www.exploit-db.com/docs/english/28475-linux-stack-based-buffer-overflows.pdf
  47. https://www.hackingtutorials.org/exploit-tutorials/buffer-overflow-explained-basics/
  48. https://0xrick.github.io/binary-exploitation/bof1/
  49. https://medium.com/@Z3R0th/a-simple-buffer-overflow-using-vulnserver-86b011eb673b
  50.  
  51. For buffer overflow, you need a little bit of programming knowledge to check out this course on Python programming:
  52. https://www.youtube.com/playlist?list=PLs6emGC4vqRKqI9i-JbHjnBC7lx8206v7
  53.  
  54. Module 9 talks about how to find exploits for vulnerabilities and the sources you can use. To know how to work with searchsploit and how to find and use vulnerabilities from exploit-db, you must know. Take a look at this links for more information:
  55. https://www.exploit-db.com/searchsploit
  56. https://www.exploit-db.com/
  57. https://packetstormsecurity.com/files/tags/exploit/
  58.  
  59. Unit 10 tells how to transfer files between the hacker’s device and the victim’s machine. Take a look at some of the ways through the following links:
  60. https://awakened1712.github.io/oscp/oscp-transfer-files/
  61. https://blog.ropnop.com/transferring-files-from-kali-to-windows/
  62. https://www.tecmint.com/python-simplehttpserver-to-create-webserver-or-serve-files-instantly/
  63.  
  64. Unit No. 11 is one of the most difficult units and it talks about how it is possible to raise the powers after you enter the victim’s apparatus so that your powers become administrative powers. Meaning if the machine is Linux, how can root user and Windows become the spectrum of administrator or system user. There are many many useful resources:
  65. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/my-5-top-ways-to-escalate-privileges/
  66. https://blog.netwrix.com/2018/09/05/what-is-privilege-escalation/
  67. https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
  68. https://payatu.com/guide-linux-privilege-escalation
  69. https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
  70. https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194
  71. https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194
  72. https://www.fuzzysecurity.com/tutorials/16.html
  73. https://sec-consult.com/en/blog/2019/04/windows-privilege-escalation-an-approach-for-penetration-testers/
  74. https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
  75.  
  76. Module 12 tells about client-side attacks, which is how it is possible to penetrate victims' devices through vulnerabilities in programs or programs such as Java. You can take a look through the following links:
  77. https://www.offensive-security.com/metasploit-unleashed/client-side-attacks/
  78. https://technical.nttsecurity.com/post/102ej16/what-are-client-side-attacks
  79. https://kentosec.com/2018/09/02/oscp-prep-episode-11-client-side-attacks/
  80. https://rafalharazinski.gitbook.io/security/oscp/untitled-1/client-side-attack
  81.  
  82. Module 13 talks about the most popular web application vulnerabilities. This unit covers everything about web vulnerabilities, it only covers vulnerabilities such as SQLi, XSS, L / RFI. Until you practice these vulnerabilities and learn to discover them, you can see the following resources:
  83. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
  84. https://www.owasp.org/index.php/SQL_Injection
  85. http://pentestmonkey.net/category/cheat-sheet/sql-injection
  86. https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/
  87. https://www.youtube.com/playlist?list=PLs6emGC4vqRL3emHZrdJ_LVt-CO726kmd
  88.  
  89. Module 14 talks about password attacks, and these are useful sources for you:
  90. https://alexandreborgesbrazil.files.wordpress.com/2013/08/introduction_to_password_cracking_part_1.pdf
  91. https://www.offensive-security.com/metasploit-unleashed/john-ripper/
  92. https://digi.ninja/projects/cewl.php
  93. https://tools.kali.org/password-attacks/crunch
  94. https://medium.com/bugbountywriteup/pwning-wordpress-passwords-2caf12216956
  95. https://www.youtube.com/playlist?list=PLBf0hzazHTGPT7i4CTePJGaImPiiS60sR
  96.  
  97. Unit 15 tells about tunneling and until you understand what is meant by the term and how you can use this technology, you can see the following links:
  98. https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide
  99. https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/
  100. http://woshub.com/port-forwarding-in-windows/
  101. https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
  102.  
  103. Module 16 tells about the Metasploit and how it can be used correctly and professionally (but with the test you are only limited to using it once at most). Here are the sources that tell you how to deal with it:
  104. https://www.offensive-security.com/metasploit-unleashed/
  105. https://netsec.ws/?p=331
  106. https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom
  107. https://www.youtube.com/playlist?list=PLBf0hzazHTGN31ZPTzBbk70bohTYT7HSm
  108.  
  109. Module No. 17 talks about how anti-virus programs have been bypassed. And you are advised to review this link:
  110. https://github.com/Veil-Framework/Veil
  111.  
  112. The last module tells how you can apply everything you learned in the course to pentesting and prepare a report on the things you discovered. For your advice, please review the following report templates:
  113. https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
  114. https://www.radicallyopensecurity.com/report_otf_fdroid.pdf
  115. https://underdefense.com/wp-content/uploads/2018/07/Anonymised-BlackBox-Penetration-Testing-Report.pdf
  116. https://github.com/juliocesarfort/public-pentesting-reports
  117.  
  118. Here we have learned the resources you can use to learn the course content. Negi is now for practical matters, which we mean is that how can everything that I have learned be applied to infected devices and gaps.
  119.  
  120. On this topic, we recommend the following two sites:
  121. https://hackthebox.eu
  122. https://www.vulnhun.com
  123.  
  124. These two sites have hundreds of vulnerabilities that range in difficulty. To advise you, you should try at least the following devices before registering for the course and labels for the OSCP course:
  125. Vulnhub machines:
  126. https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
  127. https://www.vulnhub.com/entry/kioptrix-2014-5,62/
  128. https://www.vulnhub.com/entry/kioptrix-level-13-4,25/
  129. https://www.vulnhub.com/entry/kioptrix-level-12-3,24/
  130. https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
  131. https://www.vulnhub.com/entry/stapler-1,150/
  132. https://www.vulnhub.com/entry/sickos-12,144/
  133. https://www.vulnhub.com/entry/vulnos-2,147/
  134. https://www.vulnhub.com/entry/brainpan-1,51/
  135. https://www.vulnhub.com/entry/hacklab-vulnix,48/
  136. https://www.vulnhub.com/entry/pwnos-20-pre-release,34/
  137. https://www.vulnhub.com/entry/zico2-1,210/
  138. https://www.vulnhub.com/entry/dc-8,367/
  139. https://www.vulnhub.com/entry/dc-7,356/
  140. https://www.vulnhub.com/entry/dc-6,315/
  141. https://www.vulnhub.com/entry/dc-5,314/
  142. https://www.vulnhub.com/entry/dc-3,312/
  143. https://www.vulnhub.com/entry/dc-2,311/
  144. https://www.vulnhub.com/entry/dc-1,292/
  145.  
  146. hackthebox machines:
  147. Lame
  148. Shocker
  149. bashed
  150. nibbles
  151. beep
  152. cronos
  153. october
  154. sense
  155. nineveh
  156. node
  157. poison
  158. sunday
  159. Legacy
  160. Blue
  161. Devel
  162. Optimum
  163. bastard
  164. grany
  165. grandpa
  166. jerry
  167. bounty
  168. Arctic
  169. jeeves
  170. bart
  171. active
  172. jail
  173. dev0ps
  174.  
  175. Also follow these links to know how to solve the previous tasks:
  176. https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf
  177. https://www.youtube.com/playlist?list=PLs6emGC4vqRJVM5FUSi2oY4rANy2f201O
  178. https://hackingresources.com/category/ctf-writeups/
  179.  
  180. It is true and before I forget. In two free courses, you give good information about the content of the certificate:
  181. https://www.cybrary.it/course/oscp/
  182. https://www.youtube.com/playlist?list=PLtr9ezc61PUb3iQMlvnicIC3BIra2BZId
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×