Skip to content
/ PWK-1 Public
forked from anpseftis/PWK-1

anything worth having doesn’t come easy

3 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cehkunal/PWK-1

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
payloads
payloads
 
 
priv_escalation
priv_escalation
 
 
recon_scan
recon_scan
 
 
useful_tricks
useful_tricks
 
 
webshells
webshells
 
 
wordlists
wordlists
 
 
xpl
xpl
 
 
README.md
README.md
 
 

Repository files navigation

Oscp study

Notes of my Offensive Security Certified Professional (OSCP) study plan.

Last updated: 2018-02-18

OSCP-like VMs on Vulnhub:

  • Beginner friendly:
    • Kioptrix: Level 1 (#1) [ok]
    • Kioptrix: Level 1.1 (#2) [ok]
    • Kioptrix: Level 1.2 (#3) [ok]
    • Kioptrix: Level 1.3 (#4) [ok]
    • FristiLeaks: 1.3 [ok]
    • Stapler: 1 [ok]
    • PwnLab: init [ok]
  • Intermediate:
    • Kioptrix: 2014 [ok]
    • Brainpan: 1 (Part 1 of BO is relevant to OSCP. egghunting is out of scope though)
    • Mr-Robot: 1 [ok]
    • HackLAB: Vulnix [ok]
    • Not so sure (Didn't solve them yet):
    • VulnOS: 2
    • SickOs: 1.2
    • /dev/random: scream
    • pWnOS: 2.0
    • SkyTower: 1
    • IMF
    • Lord of the Root 1.0.1
    • Tr0ll
    • Pegasus
    • SkyTower [ok]
  • Windows
    • Metasploitable 3
    • /dev/random: Sleepy (Uses VulnInjector, need to provide you own ISO and key.)
    • Bobby: 1 (Uses VulnInjector, need to provide you own ISO and key.)

(credits for @abatchy)

Link to download VMs: http://vulnhub.com

Hackthebox.eu (HTB)

I strongly recommend the boxes on the hackthebox.eu to study for OSCP cert. HTB have a good set of windows boxes to training: Devel, Optimum, Bastard, Grandpa and Blue.

PS: It's necessary solve a little "challenge" to obtain the invite.

Recommended books:

Penetration Testing: A Hands-On Introduction to Hacking (+Highly recommended for beginners)
Hacking: The Art of Exploitation, 2nd Edition
Rtfm: Red Team Field Manual
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The Hacker Playbook: Practical Guide To Penetration Testing

Stack-based buffer overflow links [must-read]:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ [Recommended]
http://www.tenouk.com/Bufferoverflowc/Bufferoverflow1.html
https://raw.githubusercontent.com/m0nad/Papers/master/buffer_overflow_iniciantes.txt [PT-BR]

Other interesting links:

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ [Linux privilege escalation]
http://www.fuzzysecurity.com/tutorials/16.html [Windows privilege escalation]
http://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html
https://www.securitysift.com/offsec-pwb-oscp/ [+Scripts]
http://hackingandsecurity.blogspot.com.br/2016/04/oscp-related-notes.html
http://rtfm-ctf.org/2017/PWN-PATH-TO-OSCP
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html [RECOMMENDED reading]
https://tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/

My write-ups

Kioptrix level 1
Kioptrix level 1.1
Kioptrix level 1.2

About

anything worth having doesn’t come easy

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages

  • C 49.5%
  • Python 23.8%
  • Perl 23.0%
  • Shell 1.5%
  • Classic ASP 1.2%
  • ColdFusion 1.0%