Tag Archives: OSCP

Learning OSCP

Gonna be fun. I think the first step is to do everything in the PWK Syllabus. Then take the course.  https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

1. – Getting Comfortable with Kali Linux
1.1 – Finding Your Way Around Kali
1.1.1 – Booting Up Kali Linux

1.1.2 – The Kali Menu


1.1.3 – Find, Locate, and Which


1.2 – Managing Kali Linux Services
1.2.1 – Default root Password
It’s toor…change it!

1.2.2 – SSH Service
1.2.3 – HTTP Service
1.3 – The Bash Environment
1.4 – Intro to Bash Scripting

2. – The Essential Tools
2.1 – Netcat
2.1.1 – Connecting to a TCP/UDP Port
2.1.2 – Listening on a TCP/UDP Port
2.1.3 – Transferring Files with Netcat
2.1.4 – Remote Administration with Netcat
2.2 – Ncat
2.3 – Wireshark
2.3.1 – Wireshark Basics
2.3.2 – Making Sense of Network Dumps
2.3.3 – Capture and Display Filters
2.3.4 – Following TCP Streams
2.4 – Tcpdump
2.4.1 – Filtering Traffic
2.4.2 – Advanced Header Filtering

3. – Passive Information Gathering
3.1 – Open Web Information Gathering
3.1.1 – Google
3.1.2 – Google Hacking
3.2 – Email Harvesting
3.3 – Additional Resources
3.3.1 – Netcraft
3.3.2 – Whois Enumeration
3.4 – Recon-ng

4. – Active Information Gathering
4.1 – DNS Enumeration
4.1.1 – Interacting with a DNS Server
4.1.2 – Automating Lookups
4.1.3 – Forward Lookup Brute Force
4.1.4 – Reverse Lookup Brute Force
4.1.5 – DNS Zone Transfers
4.1.6 – Relevant Tools in Kali Linux
4.2 – Port Scanning
4.2.1 – TCP CONNECT / SYN Scanning
4.2.2 – UDP Scanning
4.2.3 – Common Port Scanning Pitfalls
4.2.4 – Port Scanning with Nmap
4.2.5 – OS Fingerprinting
4.2.6 – Banner Grabbing/Service Enumeration
4.2.7 – Nmap Scripting Engine (NSE)
4.3 – SMB Enumeration
4.3.1 – Scanning for the NetBIOS Service
4.3.2 – Null Session Enumeration
4.3.3 – Nmap SMB NSE Scripts
4.4 – SMTP Enumeration
4.5 – SNMP Enumeration
4.5.1 – MIB Tree
4.5.2 – Scanning for SNMP
4.5.3 – Windows SNMP Enumeration Example

5. – Vulnerability Scanning
5.1 – Vulnerability Scanning with Nmap
5.2 – The OpenVAS Vulnerability Scanner
5.2.1 – OpenVAS Initial Setup

6. – Buffer Overflows
6.1 – Fuzzing
6.1.1 – Vulnerability History
6.1.2 – A Word About DEP and ASLR
6.1.3 – Interacting with the POP3 Protocol

7. – Win32 Buffer Overflow Exploitation
7.1 – Replicating the Crash
7.2 – Controlling EIP
7.2.1 – Binary Tree Analysis
7.2.2 – Sending a Unique String
7.3 – Locating Space for Your Shellcode
7.4 – Checking for Bad Characters
7.5 – Redirecting the Execution Flow
7.5.1 – Finding a Return Address
7.6 – Generating Shellcode with Metasploit
7.7 – Getting a Shell
7.8 – Improving the Exploit

8. – Linux Buffer Overflow Exploitation
8.1 – Setting Up the Environment
8.2 – Crashing Crossfire
8.3 – Controlling EIP
8.4 – Finding Space for Our Shellcode
8.5 – Improving Exploit Reliability
8.6 – Discovering Bad Characters
8.7 – Finding a Return Address
8.8 – Getting a Shell

9. – Working with Exploits
9.1 – Searching for Exploits
9.1.1 – Finding Exploits in Kali Linux
9.1.2 – Finding Exploits on the Web
9.2 – Customizing and Fixing Exploits
9.2.1 – Setting Up a Development Environment
9.2.2 – Dealing with Various Exploit Code Languages

10. – File Transfers
10.1 – A Word About Anti Virus Software
10.2 – File Transfer Methods
10.2.1 – The Non-Interactive Shell
10.2.2 – Uploading Files

11. – Privilege Escalation
11.1 – Privilege Escalation Exploits
11.1.1 – Local Privilege Escalation Exploit in Linux Example
11.1.2 – Local Privilege Escalation Exploit in Windows Example
11.2 – Configuration Issues
11.2.1 – Incorrect File and Service Permissions
11.2.2 – Think Like a Network Administrator

12. – Client Side Attacks
12.1 – Know Your Target
12.1.1 – Passive Client Information Gathering
12.1.2 – Active Client Information Gathering
12.1.3 – Social Engineering and Client Side Attacks
12.2 – MS12-037- Internet Explorer 8 Fixed Col Span ID
12.2.1 – Setting up the Client Side Exploit
12.2.2 – Swapping Out the Shellcode
12.3 – Java Signed Applet Attack

13. – Web Application Attacks
13.1 – Essential Iceweasel Add-ons
13.2 – Cross Site Scripting (XSS)
13.2.1 – Browser Redirection and IFRAME Injection
13.2.2 – Stealing Cookies and Session Information
13.3 – File Inclusion Vulnerabilities
13.3.1 – Local File Inclusion
13.3.2 – Remote File Inclusion
13.4 – MySQL SQL Injection
13.4.1 – Authentication Bypass
13.4.2 – Enumerating the Database
13.4.3 – Column Number Enumeration
13.4.4 – Understanding the Layout of the Output
13.4.5 – Extracting Data from the Database
13.4.6 – Leveraging SQL Injection for Code Execution
13.5 – Web Application Proxies
13.6 – Automated SQL Injection Tools

14. – Password Attacks
14.1 – Preparing for Brute Force
14.1.1 – Dictionary Files
14.1.2 – Key-space Brute Force
14.1.3 – Pwdump and Fgdump
14.1.4 – Windows Credential Editor (WCE)
14.1.6 – Password Profiling
14.1.7 – Password Mutating
14.2 – Online Password Attacks
14.2.1 – Hydra, Medusa, and Ncrack
14.2.2 – Choosing the Right Protocol: Speed vs. Reward
14.3 – Password Hash Attacks
14.3.1 – Password Hashes
14.3.2 – Password Cracking
14.3.3 – John the Ripper
14.3.4 – Rainbow Tables
14.3.5 – Passing the Hash in Windows

15. – Port Redirection and Tunneling
15.1 – Port Forwarding/Redirection
15.2 – SSH Tunneling
15.2.1 – Local Port Forwarding
15.2.2 – Remote Port Forwarding
15.2.3 – Dynamic Port Forwarding
15.3 – Proxychains
15.4 – HTTP Tunneling
15.5 – Traffic Encapsulation

16. – The Metasploit Framework
16.1 – Metasploit User Interfaces
16.2 – Setting up Metasploit Framework on Kali
16.3 – Exploring the Metasploit Framework
16.4 – Auxiliary Modules
16.4.1 – Getting Familiar with MSF Syntax
16.4.2 – Metasploit Database Access
16.5 – Exploit Modules
16.6 – Metasploit Payloads
16.6.1 – Staged vs. Non-Staged Payloads
16.6.2 – Meterpreter Payloads
16.6.3 – Experimenting with Meterpreter
16.6.4 – Executable Payloads
16.6.5 – Reverse HTTPS Meterpreter
16.6.6 – Metasploit Exploit Multi Handler
16.6.7 – Revisiting Client Side Attacks
16.7 – Building Your Own MSF Module
16.8 – Post Exploitation with Metasploit
16.8.1 – Meterpreter Post Exploitation Features
16.8.2 – Post Exploitation Modules

17. – Bypassing Antivirus Software
17.1 – Encoding Payloads with Metasploit
17.2 – Crypting Known Malware with Software Protectors
17.3 – Using Custom/Uncommon Tools and Payloads

68 total views, no views today