Guide for OSCP:

.
Many have asked me about the OSCP certification which is your beginning with the field of
penetration testing. The content of the certificate, whether the book or the videos are essential, does
not cover everything you need to solve the labs. They just give you the tip of the thread and the
beginning of the road, and you should search and learn from a variety of sources.
.
The important thing is, with this post I will give you a plan that I hope will be good and appropriate
for you before you intend to register in the laboratory and take the exam.
.
Article for the certificate contains 18 training units. For this reason, I would like to provide you with
some resources that may be useful for you to prepare for the certificate and the units in it before
reviewing its content.
.
The first unit talks about how to deal with Kali Linux in addition to bash scripting and to prepare for
this unit, we advise you to check out the following sources:
1- Linux Basics Course:
https://www.youtube.com/playlist…
2- Programming course using bash scripting:
https://www.youtube.com/playlist…
.
The second grandmother tells about some of the main and important tools that any penetration
laboratory needs to know how to deal with and to prepare for its unity with your advice, see the
following topics:
1- Dealing with the netcat:
https://www.win.tue.nl/~aeb/linux/hh/netcat_tutorial.pdf
https://www.binarytides.com/netcat-tutorial-for-beginners/
2- Dealing with the wireshark:
https://www.howtogeek.com/…/how-to-use-wireshark-to-captur…/
https://www.youtube.com/watch?v=r0l_54thSYU
https://www.youtube.com/playlist…
3- Dealing with tcpdump:
https://www.giac.org/…/…/3489/beginners-guide-tcpdump/105700
.
The third unit talks about how to collect information, but passive through the sites and services on
the Internet, and to prepare it for your advice, see the following sources:
https://www.youtube.com/watch…
.
The fourth unit talks about gathering information in an active way, and the sources help you to
prepare:
1- The network scanning unit of the ethical hacker course:
https://www.youtube.com/watch…
2- Summary of nmap options:
http://cs.lewisu.edu/~klump…/camssem2015/nmapcheatsheet1.pdf
3- Dealing with the enum4linux tool:
https://labs.portcullis.co.uk/tools/enum4linux/
4- Collection of information through the SMTP protocol:
https://pentestlab.blog/2012/11/20/smtp-user-enumeration/
5- Collection of information through SNMP:
https://resources.infosecinstitute.com/snmp-pentesting/
.
The fifth unit tells how to check and detect the vulnerabilities, and you can see the following videos:
https://www.youtube.com/watch…
.
Units 6, 7 and 8 tell about buffer overflow vulnerabilities, so you can get to know and understand
them by advising you. See the following videos and resources:
https://www.youtube.com/watch?v=1S0aBV-Waeo
https://www.youtube.com/watch?v=1TNecxUBD1w
https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/
https://www.exploit-db.com/…/28475-linux-stack-based-buffer…
https://www.hackingtutorials.org/…/buffer-overflow-explain…/
https://0xrick.github.io/binary-exploitation/bof1/
https://medium.com/…/a-simple-buffer-overflow-using-vulnser…
.
For buffer overflow, you need a little bit of programming knowledge to check out this course on
Python programming:
https://www.youtube.com/playlist…
.
Module 9 talks about how to find exploits for vulnerabilities and the sources you can use. To know
how to work with searchsploit and how to find and use vulnerabilities from exploit-db, you must
know. Take a look at this links for more information:
https://www.exploit-db.com/searchsploit
https://www.exploit-db.com/
https://packetstormsecurity.com/files/tags/exploit/
.
Unit 10 tells how to transfer files between the hacker’s device and the victim’s machine. Take a look
at some of the ways through the following links:
https://awakened1712.github.io/oscp/oscp-transfer-files/
https://blog.ropnop.com/transferring-files-from-kali-to-wi…/
https://www.tecmint.com/python-simplehttpserver-to-create-…/
.
Unit No. 11 is one of the most difficult units and it talks about how it is possible to raise the powers
after you enter the victim's apparatus so that your powers become administrative powers. Meaning
if the machine is Linux, how can root user and Windows become the spectrum of administrator or
system user. There are many many useful resources:
https://www.trustwave.com/…/my-5-top-ways-to-escalate-priv…/
https://blog.netwrix.com/…/09/05/what-is-privilege-escalat…/
https://blog.g0tmi1k.com/…/basic-linux-privilege-escalation/
https://payatu.com/guide-linux-privilege-escalation
https://github.com/…/…/Linux%20-%20Privilege%20Escalation.md
https://medium.com/…/windows-privilege-escalation-scripts-t…
https://medium.com/…/windows-privilege-escalation-scripts-t…
https://www.fuzzysecurity.com/tutorials/16.html
https://sec-consult.com/…/windows-privilege-escalation-an-…/
https://github.com/…/Windows%20-%20Privilege%20Escalation.md
.
Module 12 tells about client-side attacks, which is how it is possible to penetrate victims' devices
through vulnerabilities in programs or programs such as Java. You can take a look through the
following links:
https://www.offensive-security.com/met…/client-side-attacks/
https://technical.nttsecurity.com/…/what-are-client-side-at…
https://kentosec.com/…/oscp-prep-episode-11-client-side-at…/
https://rafalharazinski.gitbook.io/…/unt…/client-side-attack
.
Module 13 talks about the most popular web application vulnerabilities. This unit covers everything
about web vulnerabilities, it only covers vulnerabilities such as SQLi, XSS, L / RFI. Until you practice
these vulnerabilities and learn to discover them, you can see the following resources:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
https://www.owasp.org/index.php/SQL_Injection
http://pentestmonkey.net/category/cheat-sheet/sql-injection
https://www.offensive-security.com/…/file-inclusion-vulner…/
https://www.youtube.com/playlist…
.
Module 14 talks about password attacks, and these are useful sources for you:
https://alexandreborgesbrazil.files.wordpress.com/…/introdu…
https://www.offensive-security.com/metasploit-…/john-ripper/
https://digi.ninja/projects/cewl.php
https://tools.kali.org/password-attacks/crunch
https://medium.com/…/pwning-wordpress-passwords-2caf12216956
https://www.youtube.com/playlist…
.
Unit 15 tells about tunneling and until you understand what is meant by the term and how you can
use this technology, you can see the following links:
https://www.abatchy.com/…/port-forwarding-practical-hands-o…
https://chamibuddhika.wordpress.com/…/ssh-tunnelling-expla…/
http://woshub.com/port-forwarding-in-windows/
https://www.offensive-security.com/metasploit…/proxytunnels/
.
Module 16 tells about the Metasploit and how it can be used correctly and professionally (but with
the test you are only limited to using it once at most). Here are the sources that tell you how to deal
with it:
https://www.offensive-security.com/metasploit-unleashed/
https://netsec.ws/?p=331
https://github.com/…/metasploit-fr…/wiki/How-to-use-msfvenom
https://www.youtube.com/playlist…
.
Module No. 17 talks about how anti-virus programs have been bypassed. And you are advised to
review this link:
https://github.com/Veil-Framework/Veil
.
The last module tells how you can apply everything you learned in the course to pentesting and
prepare a report on the things you discovered. For your advice, please review the following report
templates:
https://www.offensive-security.com/…/sample-penetration-tes…
https://www.radicallyopensecurity.com/report_otf_fdroid.pdf
https://underdefense.com/…/Anonymised-BlackBox-Penetration-…
https://github.com/juliocesarfort/public-pentesting-reports
.
Here we have learned the resources you can use to learn the course content. Negi is now for practical
matters, which we mean is that how can everything that I have learned be applied to infected devices
and gaps.
.
On this topic, we recommend the following two sites:
https://hackthebox.eu
https://www.vulnhun.com
.
These two sites have hundreds of vulnerabilities that range in difficulty. To advise you, you should
try at least the following devices before registering for the course and labels for the OSCP course:
Vulnhub machines:
https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
https://www.vulnhub.com/entry/kioptrix-2014-5,62/
https://www.vulnhub.com/entry/kioptrix-level-13-4,25/
https://www.vulnhub.com/entry/kioptrix-level-12-3,24/
https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
https://www.vulnhub.com/entry/stapler-1,150/
https://www.vulnhub.com/entry/sickos-12,144/
https://www.vulnhub.com/entry/vulnos-2,147/
https://www.vulnhub.com/entry/brainpan-1,51/
https://www.vulnhub.com/entry/hacklab-vulnix,48/
https://www.vulnhub.com/entry/pwnos-20-pre-release,34/
https://www.vulnhub.com/entry/zico2-1,210/
https://www.vulnhub.com/entry/dc-8,367/
https://www.vulnhub.com/entry/dc-7,356/
https://www.vulnhub.com/entry/dc-6,315/
https://www.vulnhub.com/entry/dc-5,314/
https://www.vulnhub.com/entry/dc-3,312/
https://www.vulnhub.com/entry/dc-2,311/
https://www.vulnhub.com/entry/dc-1,292/
.
hackthebox machines:
Lame
Shocker
bashed
nibbles
beep
cronos
october
sense
nineveh
node
poison
sunday
Legacy
Blue
Devel
Optimum
bastard
grany
grandpa
jerry
bounty
Arctic
jeeves
bart
active
jail
dev0ps
.
Also follow these links to know how to solve the previous tasks:
https://www.youtube.com/playlist…
https://www.youtube.com/playlist…
https://hackingresources.com/category/ctf-writeups/
.
It is true and before I forget. In two free courses, you give good information about the content of the
certificate:
https://www.cybrary.it/course/oscp/
https://www.youtube.com/playlist…

https://www.facebook.com/groups/OffSec/permalink/815010812302851/

pages link