OSCP Cheat Sheet

InfoSec Communities

• Offensive Security Official Discord — https://discord.gg/offsec

• Vulnhub Official Discord — https://discord.gg/yNndh7R

• InfoSec Prep Discord — https://discord.gg/infosecprep

• Hack The Box Official Discord — https://discord.gg/hackthebox

• Try Hack Me Official Discord — https://discord.gg/tryhackme

• Unofficial Virtual Hacking Labs Discord — https://discord.gg/bQfGnVQ

• Server: irc.freenode.org | channel: #offsec

Reporting Frameworks

• Dradis — https://dradisframework.com/academy/industry/compliance/oscp/

• Serpico — https://github.com/SerpicoProject/Serpico

Report Template

• Created by whoisflynn — https://github.com/whosiflynn/OSCP-Exam-Report-Template

• Created by Noraj — https://github.com/noraj/OSCP-Exam-Report-Template-Markdown

Enumeration

• AutoRecon — https://github.com/Tib3rius/AutoRecon

• nmapAutomator — https://github.com/21y4d/nmapAutomator

• Reconbot — https://github.com/Apathly/Reconbot

• Raccoon — https://github.com/evyatarmeged/Raccoon

• RustScan — https://github.com/RustScan/RustScan

• BashScan — https://github.com/astryzia/BashScan

Web Related

• Dirsearch — https://github.com/maurosoria/dirsearch

• GoBuster — https://github.com/OJ/gobuster

• Recursive GoBuster — https://github.com/epi052/recursive-gobuster

• wfuzz — https://github.com/xmendez/wfuzz

• goWAPT — https://github.com/dzonerzy/goWAPT

• ffuf — https://github.com/ffuf/ffuf

• Nikto — https://github.com/sullo/nikto

• dirb — https://tools.kali.org/web-applications/dirb

• dirbuster — https://tools.kali.org/web-applications/dirbuster

• feroxbuster — https://github.com/epi052/feroxbuster

• FinalRecon — https://github.com/thewhiteh4t/FinalRecon

Network Tools

• Impacket (SMB, psexec, etc) — https://github.com/SecureAuthCorp/impacket

Wordlists / Dictionaries

• SecLists — https://github.com/danielmiessler/SecLists

Payload Generators

• Reverse Shell Generator — https://github.com/cwinfosec/revshellgen

• Windows Reverse Shell Generator — https://github.com/thosearetheguise/rev

• MSFVenom Payload Creator — https://github.com/g0tmi1k/msfpc

PHP Reverse Shells

• Windows PHP Reverse Shell — https://github.com/Dhayalanb/windows-php-reverse-shell

• PenTestMonkey Unix PHP Reverse Shell — http://pentestmonkey.net/tools/web-shells/php-reverse-shell

Exploits

• Exploit-DB — https://www.exploit-db.com/

• Windows Kernel Exploits — https://github.com/SecWiki/windows-kernel-exploits

• AutoNSE — https://github.com/m4ll0k/AutoNSE

• Linux Kernel Exploits — https://github.com/lucyoa/kernel-exploits

• Payload all the Things: https://github.com/swisskyrepo/PayloadsAllTheThings

Post-Exploitation / Privilege Escalation

• LinEnum — https://github.com/rebootuser/LinEnum

• linprivchecker —https://www.securitysift.com/download/linuxprivchecker.py

• Powerless — https://github.com/M4ximuss/Powerless

• PowerUp — https://github.com/HarmJ0y/PowerUp

• Linux Exploit Suggester — https://github.com/mzet-/linux-exploit-suggester

• Windows Exploit Suggester — https://github.com/bitsadmin/wesng

• Windows Privilege Escalation Awesome Scripts (WinPEAS) — https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS

• CHECK THE VERSION NUMBER!!! Linux Privilege Escalation Awesome Script (LinPEAS) — https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS Remove the code detailed in this blog post: https://www.offensive-security.com/offsec/understanding-pentest-tools-scripts/

• GTFOBins (Bypass local restrictions) — https://gtfobins.github.io/

• Get GTFOBins — https://github.com/CristinaSolana/ggtfobins

• sudo_killer — https://github.com/TH3xACE/SUDO_KILLER

• WADComs — https://wadcoms.github.io/

• LOLBAS — https://lolbas-project.github.io/

Practice:

Buffer Overflow Practice

• Vulnserver for Windows — https://github.com/stephenbradshaw/vulnserver

• Vulnserver for Linux — https://github.com/ins1gn1a/VulnServer-Linux

• Tib3rius TryHackMe BOF — https://tryhackme.com/jr/bufferoverflowprep

Privilege Escalation Practice

• Local Privilege Escalation Workshop — https://github.com/sagishahar/lpeworkshop

• Linux Privilege Escalation — https://www.udemy.com/course/linux-privilege-escalation/

• Windows Privilege Escalation — https://www.udemy.com/course/windows-privilege-escalation/

Extra Practice

• HTB/Vulnhub like OSCP machines (Curated by OffSec Community Manager TJNull)— https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1839402159

• Offensive Security: Proving Grounds — https://https://www.offensive-security.com/labs/individual/

• Virtual Hacking Labs — https://www.virtualhackinglabs.com/

• HackTheBox (Requires VIP for Retired machines) — https://www.hackthebox.eu/

• Vulnhub — https://www.vulnhub.com/

• Root-Me — https://www.root-me.org/

• Try Hack Me — https://tryhackme.com

• OverTheWire — https://overthewire.org (Linux basics)