OSCP – Notes – Part 1

OSCP(Offensive Security Certified Professional) is one of the most popular certification meant for only Penetration Testers. The fees for this certification starts from USD 800 which includes hands-on material + 30 day training class.

An OSCP, by definition, is able to identify existing vulnerabilities and execute organized attacks in a controlled and focused manner, write simple Bash or Python scripts, modify existing exploit code to their advantage, perform network pivoting and data ex-filtration, and compromise poorly written PHP web applications.

The 24 hour examination also demonstrates that OSCPs have a certain degree of persistence and determination.

Here we’re compiling a list of quick notes for you guys.

Prequisties:

  1. A Kali Linux 2017.2 (Latest Version).
  2. You should be comfortable with Linux and Windows command line syntax.
  3. Knowledge of Nmap, MSF, DNS, FTP, SMB, TCP/UDP, HTTP, MYSQL, SMTP, SNMP and SSH.
  4. You should be comfortable with scripting – Perl/Python/Bash
  5. You should be familiar with Assembly and a debugger.

Let’s start with some basic Kali Linux commands which you really need to know.

Base64 Encoding with Kali Linux – To encode any string/character with Base64, the command is:

echo -n “yeahhub.com” | base64

Base64 Decoding with Kali Linux – To decode any base64 encoded string, either you can use -d or –decode attribute as per below screenshot.

echo -n “eWVhaGh1Yi5jb20=” | base64 -d
echo -n “eWVhaGh1Yi5jb20=” | base64 –decode

If you want to decode an Hexadecimal string, then you can type:

echo -n “79 65 61 68 68 75 62” | xxd -r -ps

[#} With the help of xxd, you can easily create a hexdump from any binary string or vice-versa.

For String manipulation tasks, like if you want to count the number of lines in a file, then the command is:

wc file.html

To Extract a particular string from a file with the help of grep, the command is:

grep “href=” file.html

To print first part of file using Head, the command is:

head file.html
head -n 15 file.html

To print end part of file using Tail, the command is:

tail file.html
tail -n 15 file.html

[#] head/tail, by default, prints only 10 lines of each FILE to standard output. To print more number of lines, you can use -n attribute following the file name at the end.

To Verify any service whether it is in running or listening state, the command is:

netstat -antp | grep apache

[#} Where, apache is the name of the service which we are checking and if you simply want to check active internet connections, then the command will be “netstat -lntp“.

To start/stop any service in Kali Linux, you can either use “systemctl” or “service” command.

Like if you want to start SSH Service then you can use it by two ways:

[#] service ssh start
[#] systemctl start ssh

To unzip any .gz or .tar.gz file, you can either use gunzip or tar command depending upon the file which you want to extract.

To extract .gz file, the command is:

To extract .tar.gz file, the command is:

To download any webpage in Kali Linux, you can use “wget” and to open any webpage command line, you can use “curl” command as shown below:

To search any command with a specific text, the command is:

history | grep tar

Stay tuned for next part….

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts