CPTS / OSCP

Wordlist

# WEB
/usr/share/wordlists/dirb/common.txt
/usr/share/dirb/wordlists/big.txt
/usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-directories-lowercase.txt
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
# Passwords
/usr/share/wordlists/rockyou.txt
# Usernames
/usr/share/wordlists/dirb/others/names.txt

# Passwords Leak
https://scatteredsecrets.com
https://weleakinfo.io
https://haveibeenpwned.com

# Hashcat rules
/usr/share/hashcat/rules/

# Precomplied binaries for Windows
/usr/share/windows-resources/

Cheat Sheet

https://github.com/0xsyr0/oscp
https://github.com/bryanqb07/oscp_notes
https://github.com/xsudoxx/OSCP
https://freedium.cfd/https://medium.com/@hunterid/recommendation-for-oscp-8477b0007154
https://github.com/intotheewild/OSCP-Checklist/
https://krovs.github.io/oscp-notes/
https://github.com/brianlam38/OSCP-2022/
https://www.linkedin.com/pulse/muhammad-nomans-oscp-journey-comprehensive-review-noman-khalid-rwmse/

# For AD
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
https://watchdogsacademy.gitbook.io/attacking-active-directory/
https://aditya-3.gitbook.io/oscp/
https://github.com/drak3hft7/Cheat-Sheet---Active-Directory

Scenarios

# File Read
/home/user/.ssh/id_rsa
/home/user/.ssh/id_ecdsa
/Users/user/.ssh/id_rsa

- Allways try the machine name as user:pass OR admin:admin OR default creds
- Try share folder name as web directory
- if page require auth try adding : Authorization: Basic YWRtaW46YWRtaW4=

Ports

# Unlikely vulnerable ports
135/tcp  open msrpc Microsoft Windows RPC
5357/tcp open http  Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) # only directory bruteforce
5040/tcp  open  unknown
7680/tcp  open  pando-pub?

Troubleshooting

# VPN issue with RDP
sudo ifconfig tun0 mtu 1250

https://help.offsec.com/hc/en-us/articles/360046293832-Common-VPN-and-Machine-VM-Issues

Ressources

https://gtfobins.github.io
https://lolbas-project.github.io
https://wadcoms.github.io
https://swisskyrepo.github.io/InternalAllTheThings
https://swisskyrepo.github.io/PayloadsAllTheThings
https://ippsec.rocks
https://www.netexec.wiki
https://book.hacktricks.wiki