OSCP资源汇总--基础与学习资源
专项学习资源:
INE机构OSCP课程<;价值999美元>已翻译版:
哔哩哔哩(未翻译版)
OSCP教学部分
OSCP实验操作部分
下载地址(已翻译版) 提取码: agvm
免费在线课程
专业windows提权的国外⼤⽜
RustyShackleford221的OSCP-Prep
⾮常好的资源整理
Kali学习笔记-中⽂
这⾥也可以
⽼外某⽜⼀个很全的渗透测试wiki
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' Keepnote. Reconscan in scripts folder
Kristina⼤神
整合的OSCP-PWK-Prep-Resources
还有他的博客⾥2部分内容中的⼲货
OSCP certification notes and tools,⽐较新
LFI拿shell
综合资料,啥都有
使⽤Python的缓冲区溢出的OSCP准备指南
Notes of my Offensive Security Certified Professional (OSCP) study plan
⽐较全的过程指南,有脚本、报告、⽅法论等
⼀个充满tip和cheat sheets的⽹站
Windows Privilege Escalation Methods for Pentesters_Windows下⽐较全的提权⽅法
Metasploit Unleashed – Free Ethical Hacking Course
SQL Injection Wiki
Notes for taking the OSCP in 2097
相关参考书
My roadmap for preparing for OSCP
ncat的使⽤详细⼿册
powershell创建目录
⼀个站搞定注⼊
total-oscp-guide
pWnOS 2.0靶机玩法
Writing Shellcode to a File
oscp-useful-links
Fuzz FTP Commands
Fuzz Username / Password
LINUX PRIVILEGE ESCALATION指南
抓包了解nmap
web渗透的各种资料
挺⽜的hackthebox玩家
端⼝的滲透測試總結
hackthebox-youtube-ippsec
user-account-co(ntrol-what-penetration-testers-should-know
专题练习平台(对某⼀种类型的漏洞或技术做专项训练)Root Me(官⽹提供的资料超级好,建议多看看)
相关书籍
《Penetration Testing》
报告编写
由多家咨询公司和学术安全组织发布的公共渗透测试报告的精选清单
官⽅报告
在线实验室推荐(跟Lab环境类似)
基础学习
基础知识
⽅法与提⽰:
3. 了解⽬标之后,现在尝试出漏洞。某些⽬标可能具有不⽌⼀种⽅式
如果您发现了⼀个漏洞,请阅读该漏洞。如果不进⾏修改,许多漏洞将⽆法⼯作。因此,了解漏洞并仔细阅读漏洞利⽤。其他参考资料汇总
Enumera tio n
Shell Explo ita tio n
Utils scripts for various OSCP operations
linux-exploit-suggester
kernel-exploits
关于msf提权的视频
提权视频1
提权视频2
download/linuxprivchecker.py
Windo w s Pr ivilege Esc a la tio n
Windows提权指南
Windows提权辅助脚本
WindowsExploits
内存溢出专题博客
RottenPotato
windows-exploit-suggester
Windows_Privilege_Escalation.md
Offensive PowerShell for red team
PowerShellMafia/PowerSploit
SecWiki/windows-kernel-exploits
elevating-privileges-to-administrative-and-further
win-priv-check.bat和windows-exploit-suggester.py
windows-privilege-escalation-methods-for-pentesters
ms-priv-esc
privesc-unquoted-service-path
unquoted-service-paths
dll-hijacking-vulnerable-applications
penetration-testing-102-windows-privilege-escalation-cheatsheet
Windows Privilege Escalation Fundamentals
bypassing-uac-with-powershell
Windows Privilege Escalation Techniques and Scripts
Linux Pr ivilege Esc a la tio n
Linux Privilege Esc
Linux提权指南
unix-privesc-check
Linux Privilege Escalation Scripts
Basic Linux Privilege Escalation
A quick LKM rootkit that executes a reverse TCP netcat shell with root privileges
An example rootkit that gives a userland process root permissions
LinuxExploits
Pr ivilege esc a la tio n rec o n sc ripts
⼯具
成熟⼯具:
Automated All-in-One OS command injection and exploitation tool
快速的侦察扫描和pentest模板创建器
SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax
Reconnoitre,为OSCP实验室制作的侦察⼯具,⽤于⾃动化信息收集和服务枚举,同时创建⽬录结构以存储⽤于每个主机的结果,发现和利⽤,推荐的执⾏命令和⽤于存储战利品和标志的⽬录结构
Vanquish是⼀个基于Kali Linux的Enumeration Orchestrator,⽤Python构建。Vanquish利⽤Kali上的开源枚举⼯具执⾏多个活动信息收集阶段。每个阶段的结果都会被输⼊下⼀阶段,以识别可以⽤于远程shell的漏洞。
顾名思义,A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages
m e To
So me To o ls && Chea t Sheet && Py && Pa ylo a ds
OSCP常⽤cheatsheet(⼏乎OSCP⾥⾯常⽤的命令在这⾥都可以到)
Collection of things made during my OSCP journey
A tool for fuzzing for ports that allow outgoing connections
ROP Emporium proof of concept exploits
ROPPrimer v2 Proof of Concepts
MSDAT: Microsoft SQL Database Attacking Tool
此脚本基于Mike Czumak的脚本但它被⼤量重写,有些东西已被添加,其他东西已被删除。该脚本是作为OSCP考试的准备⽽编写的。它从来就不是⼀般的脚本。因此,如果您想使⽤它,您必须确保修复所有硬编码路径。该脚本是多线程的,可以同时对多个主机运⾏。参考书Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios
⼀些⼩⼿记
认可度最⾼的cheat sheet
少量⼀些cheat sheet
metasploit-and-meterpreter cheat cheet
SQL Injection Cheat Sheet
仍然⼀些cheat sheet
各种Cheatsheets
各种Cheat Sheets2
⼜⼀个很好的cheat sheet
Progressively enumerate an IP address while you do other things
A collection of tools to help research buffer overflow exploitation for the Offensive Security OSCP certification
Reverse_shell和port_scanner.py
⼀些smtp上110端⼝的脚本
These are my notes for OSCP preparation. Hope you'll find them useful
⼀些零散脚本,linux和win都有
1518_auto_setup.sh、waf_x-forwarded-for_cmd.sh、9623_acs_cmd.sh、39161_privesc.py

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。