Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
252 views1 page

OSCP Preparation

This document provides an overview of topics to study for penetration testing certification. It includes vulnerabilities and exploits for Windows and Linux operating systems, such as buffer overflows and privilege escalation techniques. It also covers networking, web application hacking, and the OWASP Top 10. Footprinting tools like Nmap, Nikto, Dirb, and gobuster are listed along with methods for SQL injection, deserialization attacks, and XXE.

Uploaded by

dotito9593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
252 views1 page

OSCP Preparation

This document provides an overview of topics to study for penetration testing certification. It includes vulnerabilities and exploits for Windows and Linux operating systems, such as buffer overflows and privilege escalation techniques. It also covers networking, web application hacking, and the OWASP Top 10. Footprinting tools like Nmap, Nikto, Dirb, and gobuster are listed along with methods for SQL injection, deserialization attacks, and XXE.

Uploaded by

dotito9593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

start practicing with this format

Taking Clean & beautiful SS


Reporting 
Greenshots

Stack Based Buffer Overflow  Buffer Overflow Exploittation Ports/Protocols

proxychains tool 
Proxychaining
PowerUp.ps1  Networking Burp Upstream Proxy 
WinPEAS.exe  Automated
SSH 
Port Forwarding
JAWS 
Plink.exe 

Stored Credentials 

Insecure File/Folder Permission  Socket library 


Windows
Python Read(100%) Write(10%)
Insecure Service Permission  sys library 

Development|coding OP codes
Unquoted Service PATH 

Autologon Credentials  Assembly  Registers


Vulnerabilities TO be Covered Manual
Vulnerable Software Installed  Stack

JuicyPotato.exe Token Impersonation 


Nmap 
DLL Injection/Hijacking  Privilege Escalation
UAC bypass 
OSCP Prep SMB null session & ftp anonymous 

mounting nfs and smb 


Insecure named pipe permission 
Network smb user enumeration 
linPEAS 
Automated bruteforce smb 
linENUM 
WinRM service 
Stored Credentials 
SNMP Enumration 
SUID/SGID  Linux
SQL-Injection to Shell 
$PATH privilege Escalation  Injection
RCE 
Kernel Exploit 
Vulnerabilities Must be Covered Manual JAVA 
abusing cron jobs  Deserialization
.Net 
Insecure File Folder Permission  OWASP-Top-10

XXE XXE to Shell 


mysql UDF local privilege escalation 
Footprinting
LFI/RFI LFI/RFI to Shell 
sudo -l Abusing Sudoers 
IDOR's Getting admin data with IDORS 

Modification of functions like system() to Web-App Nikto | Dirb |gobuster 


passthru()

Http-Basic Auth Bypass  get-->post
Add/Remove Proxy python urllib 
Modification In Exploits cewl tool 
Understanding Of Shells In Depth 
Subdomain find gobuster 
Understanding Python Exceptions 
Burpsuit or alternative proxy/intruder & repeater

Understanding Uncommon port services  like 2222,8888,1337 or similar

Other Finding right Exploit among all 


Nikto Rocks here
Login with SSH private Key 

You might also like