¿Estás buscando utilidades, metodología e información sobre el oscp u otra certificación? , este filtro que he creado, contiene todas las utilidades y trucos del oscp. He mirado decenas de reviews, y estas utilidades están sacadas de las 4 reviews más importantes, más conocidas y más completas que he visto.
Espero que os pueda ayudar. Ahora haré lo mismo para el ewtpx, que es realmente la próxima certificación a la que me presento, espero que pronto 1 o 2 semanas XD.
Si crees que falta algo, si quieres colaborar con información o tu experiencia, por favor hazmelo saber por discord de s4vitar o xerosec. Soy jose luis a.k.a. Riskoo.
| Tool | Description | Download | Cheat sheet url | Video | Tags | Certification |
|---|---|---|---|---|---|---|
| Nmap | scanner | Download | Cheat sheet | scan, ports, vulenrabilities | oscp, ecppt, ecpptx | |
| Nikto | Nikto is a web server assessment tool. | Download | Cheat sheet | vulnerabilities, web | oscp, ecppt, ecpptx, ewptx, ecppt | |
| ffuf | Fuzzing | Download | Cheat sheet | fuzzing | oscp, ecppt, ecpptx | |
| Sublist3r | Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. | Download | Cheat sheet | fuzzing, python, osint | oscp, ecppt, ecptx, ewptx, ewpt | |
| Puerto 21 | Puerto 21 (FTP) ¿Puedo iniciar sesión de forma anónima y descargar algunos archivos? ¿Puedo iniciar sesión de forma anónima y cargar algunos archivos? — aquí estaría buscando algún tipo de divulgación de información u oportunidad para una carga de shell inversa. | Cheat sheet | ftp, port 21 | oscp, ecppt, ecptx | ||
| Puerto 22 | SSH ¿Puedo forzar las credenciales e iniciar sesión en el host? ¿Pude encontrar tokens rsa, nombres de usuario, hash o contraseñas durante mi proceso de enumeración que pudieran ayudarme? ¿Qué versión de servicio encontré asociada con este puerto? ¿Es vulnerable? | Cheat sheet | ssh, port 22 | oscp, ecppt, ecptx | ||
| Puerto 5985 , 5986 | (Administración remota): Ah, esto debe ser un entorno de Windows, veamos si puedo enumerar algunas credenciales y usar una herramienta como EvilWinRM para obtener más acceso. | Cheat sheet | winrm, port 5985, port 5986 | oscp, ecppt, ecptx | ||
| EvilWinrm | This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff. It is based mainly in the WinRM Ruby library which changed its way to work since its version 2.0. Now instead of using WinRM protocol, it is using PSRP (Powershell Remoting Protocol) for initializing runspace pools as well as creating and processing pipelines. | Download | Cheat sheet | winrm, port 5985, port 5986, kerberos | oscp, ecppt, ecptx | |
| Crackmapexec | CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions. CME makes heavy use of the Impacket library for working with network protocols and performing a variety of post-exploitation techniques. Although meant to be used primarily for offensive purposes (e.g. red teams, internal pentest), CME can be used by blue teams as well to assess account privileges, find possible misconfigurations and simulate attack scenarios. | Download | Cheat sheet | crackmapexec, post-exploitation | oscp, ecppt, ecptx | |
| Broken Access Control | ¿Hay alguna oportunidad para el control de acceso roto ? ¿Puedo manipular la URL para darme acceso a una cuenta/directorio que no debería tener? | Cheat sheet | video | web, broken access | oscp, ecppt, ecpptx, ewptx | |
| Código fuente | ¿Alguna información valiosa en el código fuente (Ctrl+U)? Te sorprenderias. | video | web, codigo fuente | oscp, ecppt, ecptx, ewptx | ||
| xss | ¿Hay alguna oportunidad para Cross Site Scripting (XSS)? | Cheat sheet | video | web, xss | oscp, ecppt, ecptx, ewptx | |
| sql injection | ¿Hay alguna oportunidad para la inyección ? | Cheat sheet | video | web, sql injection | oscp, ecppt, ecptx, ewptx | |
| Reporte | Reporte para entregar | Cheat sheet | oscp, ecppt, ecptx, ewptx | |||
| oscp notes | oscp notes | Cheat sheet | oscp | |||
| check list privilege escalation | Check list for use after use winpeas | Cheat sheet | privilege escalation, winpeas, windows | oscp, ecppt, ecptx | ||
| winpeas | WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. | Cheat sheet | privilege escalation, winpeas, windows | oscp, ecppt, ecptx | ||
| Linpeas | LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts | Cheat sheet | privilege escalation, winpeas, linux | oscp, ecppt, ecptx | ||
| explotation poc | list of poc exploitation in github | Cheat sheet | explotation | oscp, ecppt, ecptx | ||
| explotation exploits | exploits for windows | Cheat sheet | explotation, exploits, windows | oscp, ecppt, ecptx | ||
| windows local privilege escalation | List windows local privilege escalation hacktricks | Cheat sheet | privilege escalation, windows | oscp, ecppt, ecptx | ||
| Mimikatz | Windows x32/x64 program to extract passwords, hash, PINs, and Kerberos tickets from memory | Cheat sheet | video | privilege escalation, windows, kerberos, hash, paswords, tikets | oscp, ecppt, ecptx | |
| Practical ethical hacking | Learn how to hack like a pro by a pro. 25 hours of up to date practical hacking techniques with absolutely no filler. create active directory environment. | Cheat sheet | courses, active directory | oscp, ecptx | ||
| Offensive Security Path | Courses and machines THM | Cheat sheet | courses, machines | oscp, ecppt, ecptx | ||
| bloodhound | muestra una imagen del entorno de AD | Download | active directory, windows | oscp, ecptx | ||
| impacket | excelente para abusar de los protocolos de red de Windows | Download | windows, network | oscp, ecptx | ||
| powerview | permite la enumeración de un entorno AD active directory | Download | windows, active directory | oscp, ecptx | ||
| powerup | muestra los vectores Priv Esc de Windows en función de las configuraciones incorrectas del sistema . DO NOT use the auto-exploit modules | Download | windows, privilege escalation | oscp, ecppt, ecptx | ||
| chisel | pivoting | Download | pivoting, windows, linux | oscp, ecppt, ecptx | ||
| sshuttle | Download | pivoting, linux | oscp, ecppt, ecptx | |||
| Active directory cheat sheet | Download | active directory, windows | oscp, ecptx | |||
| Red team cheat sheet privielege escalation | privilege escalation windows | Download | privilege escalation, windows | oscp, ecppt, ecptx | ||
| Ferobuxter | A simple, fast, recursive content discovery tool written in Rust | Download | linux, gathering, fuzzing | oscp, ecppt, ecptx | ||
| Seclist | Dictionary for attack | Download | fuzzing, dictionary | oscp, ecppt, ecptx | ||
| ftp client | cliente de ftp de kali | Download | ftp, linux | oscp, ecppt, ecptx | ||
| empire | Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent | Download | < |