Pentesting Quick Reference OSCP and Beyond
  • Basic Tools & Techniques
  • Linux Basics
  • Windows Basics
  • Shells
  • Uploading Shells/ Transferring Files
  • FootPrinting
  • Host Discovery
  • Scanning
  • Vulnerability assessment
  • Metasploit and Meterpreter
    • Payloads
  • Brute Forcing/ Password Cracking
    • Attacking LSASS Passwords
    • Credentials Hunting Windows
    • Credential Hunting in Linux
    • Passwd, Shadow & Opasswd
    • Pass the Hash (PtH)
    • Protected Files
    • Protected Archives
    • Password Policies
    • Password Managers
    • Breached Credentials
  • Linux Remote Management Protocols
  • Windows Remote Management Protocols
  • Port 20/21 - FTP Pentesting
  • Port 23 Telnet
  • Port 25 - SMTP
  • IMAP/ POP3
  • Port 53 DNS
  • Port 445 - SMB
  • Port 111 -RPC Bind
  • Port 135 - RPC
  • Port 137 NetBios
  • Port 161 SNMP
  • Port 1433 - MSSQL
  • Port 1521 Oracle TNS
  • Port 1833 - MQTT
  • Port 2049 - NFS
  • Port 3306 MySQL
  • Port 3389 - RDP
  • Port 5985 - Winrm
  • Port 632 (UDP) IPMI
  • Redis (6379)
  • Port 10000 Webmin
  • Privilege Escalation
    • Windows Priv esc
    • Linux Priv esc
  • Active Directory
    • AD Basics
      • AD Management Basics
    • Initial Enumeration of AD
      • Enumerating AD Users
    • Password Spraying
      • Enumerating & Retrieving Password Policies
      • Password Spraying - Making a Target User List
      • Internal Password Spraying - from Linux
      • Internal Password Spraying - from Windows
      • Enumerating Security Controls
    • LLMNR Poisoning
    • SMB/ NTLM Relay Attacks
    • Pass the Ticket
      • Pass the Ticket (PtT) from Windows
      • Pass the Ticket (PtT) from Linux
    • AD Shell
    • AD Enumeration
      • Credentialed Enumeration - from Linux
      • Credentialed Enumeration - from Windows
      • Living off the Land
    • AS-REP roasting
    • Kerberosting
      • Kerberos "Double Hop" Problem
    • Access Control List (ACL) Abuse Primer
      • ACL Enumeration
      • ACL Abuse Tactics
      • DCSync
        • DCSync Example Forest HTB
    • BloodHound
    • Bloodhound CE
    • Privilege Escaltion
    • Bleeding Edge Vulnerabilities
    • Miscellaneous Misconfigurations
    • Attacking Active Directory & NTDS.dit 1
    • Domain Trusts
      • Attacking Domain Trusts - Child -> Parent Trusts - from Windows
      • Attacking Domain Trusts - Child -> Parent Trusts - from Linux
      • Attacking Domain Trusts - Cross-Forest Trust Abuse - from Windows
      • Attacking Domain Trusts - Cross-Forest Trust Abuse - from Linux
    • Hardening Active Directory
    • Additional AD Auditing Techniques
    • HTB AD Enumeration & Attacks - Skills Assessment Part I
  • Web Pentesting
    • Subdomains, directories and Vhost listing
    • Command Injection
    • XSS
    • SQL Injection
    • Authentication Bypass
  • Cryptography
  • More Resources
  • Forensics
  • IoT Security
  • API Security
  • Binary Exploitation
    • Assembly Cheatsheat for Hackers
    • Malware Analysis
      • Basic Static Malware Analysis
  • Boxes/ Machines
    • Try Hack Me
      • Vulnversity
      • Basic Pentesting
      • Kenobi
      • Steel Mountain
    • Vulnhub
      • Tiki
    • HTB
      • Beep
      • Active
      • Forest
      • Devel
    • Metasploitable 2
    • PWN.COLLEGE Talking Web
    • PWN COLLGE Web Hacking
  • Private Challenges
    • Pwn
    • Forensics
  • Misc tools
    • NetExec
  • SOC Analyst Resources
  • OSCP Tips and Misc
  • Mobile Hacking
  • Buffer Overflow
  • Wordpress
  • Web3 and Blockchain Security
  • WIFI Hacking
    • WPS Hacking
    • Misc Tools
Powered by GitBook
On this page
  • Best Resources
  • Getting Manual Help
  • Encoding Decoding
  • Simple encryption
  • Other Tools List
  • Check reputation of a file
  • SSH error
  • Recommended Courses to get started in practical pentesting and hacking
  • Best Hacking Books

Basic Tools & Techniques

NextLinux Basics

Last updated 1 month ago

Best Resources

Getting Manual Help

  • man - opens manual eg: man telnet

  • tlds - short commands eg: tlds redis-cls

  • --help

  • -h

  • apropas - short description

Encoding Decoding

Simple encryption

Other Tools List

  1. FTP ftp

  2. redis-cli

  3. smbclient

Check reputation of a file

SSH error

ssh [email protected] -oHostKeyAlgorithms=+ssh-rsa

Machine

Platform

Topic

Fawn(v.easy)

HTB

FTP anonymous user

Blue(easy)

THM

Eternal Blue, MSF exploit suggester

Flaws.cloud

Flaws.cloud

Cloud pentesting, s3 , IAM,EC2

Dancing(v.easy)

HTB

Smb unauthenticated

smbclient

Redeemer(v.easy)

HTB

unauthenticated Redis

Lame

HTB

SMB, usermap metasploit, exploit/multi/samba/usermap_script

Devel

HTB

Anonymous FTP, upload reverse shell aspx,Priviledge escaltatiion by MS10-015

Optimum

HTB

HFS, msf, exploit suggester

Source

THM

Webmin / msf

Eavesdropper(easy)

THM

Linux priv escalation with sudo hijacking

Takeover(easy)

THM

Subdomain enumeration

Simple CTF (easy)

THM

simple CMS CVE-2019-9053, priv escalation through vim

Ambassador

HTB

Vulnversity(easy)

THM

php reverse shell by checking allowed extension through burp, priv escalation SUID systemctl

Basic Pentesting (easy)

THM

SSH brute forcing, priv escalation from private key in the .ssh folder. Break its encryption with john

Kenobi(easy)

THM

smb shares enumeration, proftpd 1.3.5 exploit for copying files. Priv escalation with SUID binary path exploit

Steel Mountain(easy)

THM

HFS exploitation msf and manual exploitation. Priv escalation with unquoted path

Tiki (v easy)

Vulnhub

Tiki CMS, dir busting, sudo -i priv esc

Beep(easy)

HTB

elastix LFI, RCE, shell shock, nmap priv esc

Forest(Med)

HTB

Active directory, dcsync, kerberosting, impacket

Active(easy)

HTB

Active directory, kerberosting,smbmap detail,groups.xml cracking

Recommended Courses to get started in practical pentesting and hacking

Best Hacking Books

(to search for reputation of a file)

Ghafran manual exploitation. priv escalation with

Hacktrics
Pentesting Book
Rana Khalil OSCP
https://notes.programmersecurity.com/
Cyber chef
dcode.fr
cryptii
https://labs.inquest.net/
1. Practical Hacking and Pentesting Course for Beginners
2. Complete Windows password hacking course
3. Cracking office files passwords(excel,PowerPoint,word)
4. CEHV12 Practical certification preparation course with hands on labs
5. IoT Hands-on Hacking and Pentesting course for beginners
6. Practical Malware Analysis for Beginners
Hacking: The Art of Exploitation, 2nd Edition
OSINT Techniques: Resources for Uncovering Online Information
Hacking APIs: Breaking Web Application Programming Interfaces
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
https://github.com/GatoGamer1155/Hashicorp-Consul-RCE-via-API
Lainkusanagi OSCP Like