OSCP(Offensive Security Certified Professional) is one of the most popular certification meant for only Penetration Testers. The fees for this certification starts from USD 800 which includes hands-on material + 30 day training class.
An OSCP, by definition, is able to identify existing vulnerabilities and execute organized attacks in a controlled and focused manner, write simple Bash or Python scripts, modify existing exploit code to their advantage, perform network pivoting and data ex-filtration, and compromise poorly written PHP web applications.
The 24 hour examination also demonstrates that OSCPs have a certain degree of persistence and determination.
Here we’re compiling a list of quick notes for you guys.
- A Kali Linux 2017.2 (Latest Version).
- You should be comfortable with Linux and Windows command line syntax.
- Knowledge of Nmap, MSF, DNS, FTP, SMB, TCP/UDP, HTTP, MYSQL, SMTP, SNMP and SSH.
- You should be comfortable with scripting – Perl/Python/Bash
- You should be familiar with Assembly and a debugger.
Let’s start with some basic Kali Linux commands which you really need to know.
Base64 Encoding with Kali Linux – To encode any string/character with Base64, the command is:
echo -n “yeahhub.com” | base64
Base64 Decoding with Kali Linux – To decode any base64 encoded string, either you can use -d or –decode attribute as per below screenshot.
echo -n “eWVhaGh1Yi5jb20=” | base64 -d
echo -n “eWVhaGh1Yi5jb20=” | base64 –decode
If you want to decode an Hexadecimal string, then you can type:
echo -n “79 65 61 68 68 75 62” | xxd -r -ps
[#} With the help of xxd, you can easily create a hexdump from any binary string or vice-versa.
For String manipulation tasks, like if you want to count the number of lines in a file, then the command is:
To Extract a particular string from a file with the help of grep, the command is:
grep “href=” file.html
To print first part of file using Head, the command is:
head -n 15 file.html
To print end part of file using Tail, the command is:
tail -n 15 file.html
[#] head/tail, by default, prints only 10 lines of each FILE to standard output. To print more number of lines, you can use -n attribute following the file name at the end.
To Verify any service whether it is in running or listening state, the command is:
netstat -antp | grep apache
[#} Where, apache is the name of the service which we are checking and if you simply want to check active internet connections, then the command will be “netstat -lntp“.
To start/stop any service in Kali Linux, you can either use “systemctl” or “service” command.
Like if you want to start SSH Service then you can use it by two ways:
[#] service ssh start
[#] systemctl start ssh
To unzip any .gz or .tar.gz file, you can either use gunzip or tar command depending upon the file which you want to extract.
To extract .gz file, the command is:
To extract .tar.gz file, the command is:
To download any webpage in Kali Linux, you can use “wget” and to open any webpage command line, you can use “curl” command as shown below:
To search any command with a specific text, the command is:
history | grep tar
Stay tuned for next part….