Abstract

Here you can find my notes, which I made during the preparation for the OSCP exam. This is a really incomplete list of commands and tricks. It just represents the stuff, which I needed to write down in order to copy and paste them.

Information Gathering

Reconnaissance

The Harvester

Get any information, which is publicly available for a specific company

Shodan

A nice network scan of 0.0.0.0
https://www.shodan.io

DNS

Google Dorks

The “-” character inverts the command

Service Enumeration

SMB service enumeration

SNMP

Penetration

SQLi

PHP

Got most of this from https://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/

Generating Shells

Depending on the specific case it could be useful to also add “PrependMigrate=true”.
As most of those generated files will be detected by an antivirus software, it might be useful to also experiment with the Veil Framework.

Custom Shells

Compiling

To compile static applications use the “-static” parameter additionally!

Privilege Escalation

Maintaining Access

Network Shells

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

File Transfer

TFTP

Windows wget alternative

VBS

Powershell

Pivoting

Metasploit

SSH

Misc

Useful Commands And Notes

Windows

Tasks / Services

Base64 encoding / decoding

Dump passwords

Security settings

Variables

Location of files

MySQL

General

File access