Skip to content

robin8614/oscp

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Oscp study

Notes of my Offensive Security Certified Professional (OSCP) study plan.

Last updated: 2018-02-18

OSCP-like VMs on Vulnhub:

  • Beginner friendly:
    • Kioptrix: Level 1 (#1) [ok]
    • Kioptrix: Level 1.1 (#2) [ok]
    • Kioptrix: Level 1.2 (#3) [ok]
    • Kioptrix: Level 1.3 (#4) [ok]
    • FristiLeaks: 1.3 [ok]
    • Stapler: 1 [ok]
    • PwnLab: init [ok]
  • Intermediate:
    • Kioptrix: 2014 [ok]
    • Brainpan: 1 (Part 1 of BO is relevant to OSCP. egghunting is out of scope though)
    • Mr-Robot: 1 [ok]
    • HackLAB: Vulnix [ok]
    • Not so sure (Didn't solve them yet):
    • VulnOS: 2
    • SickOs: 1.2
    • /dev/random: scream
    • pWnOS: 2.0
    • SkyTower: 1
    • IMF
    • Lord of the Root 1.0.1
    • Tr0ll
    • Pegasus
    • SkyTower [ok]
  • Windows
    • Metasploitable 3
    • /dev/random: Sleepy (Uses VulnInjector, need to provide you own ISO and key.)
    • Bobby: 1 (Uses VulnInjector, need to provide you own ISO and key.)

(credits for @abatchy)

Link to download VMs: http://vulnhub.com

Hackthebox.eu (HTB)

I strongly recommend the boxes on the hackthebox.eu to study for OSCP cert. HTB have a good set of windows boxes to training: Devel, Optimum, Bastard, Grandpa and Blue.

PS: It's necessary solve a little "challenge" to obtain the invite.

Recommended books:

Penetration Testing: A Hands-On Introduction to Hacking (+Highly recommended for beginners)
Hacking: The Art of Exploitation, 2nd Edition
Rtfm: Red Team Field Manual
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The Hacker Playbook: Practical Guide To Penetration Testing

Stack-based buffer overflow links [must-read]:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ [Recommended]
http://www.tenouk.com/Bufferoverflowc/Bufferoverflow1.html
https://raw.githubusercontent.com/m0nad/Papers/master/buffer_overflow_iniciantes.txt [PT-BR]

Other interesting links:

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ [Linux privilege escalation]
http://www.fuzzysecurity.com/tutorials/16.html [Windows privilege escalation]
http://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html
https://www.securitysift.com/offsec-pwb-oscp/ [+Scripts]
http://hackingandsecurity.blogspot.com.br/2016/04/oscp-related-notes.html
http://rtfm-ctf.org/2017/PWN-PATH-TO-OSCP
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html [RECOMMENDED reading]
https://tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/

My write-ups

Kioptrix level 1
Kioptrix level 1.1
Kioptrix level 1.2

Releases

No releases published

Packages

No packages published

Languages

  • C 49.5%
  • Python 23.8%
  • Perl 23.0%
  • Shell 1.5%
  • Classic ASP 1.2%
  • ColdFusion 1.0%