0x01: The Beginning from the end
So, Hello everyone!
I'm Spirited wolf as you already know. So this is my very first article on my journey for "OSCP"
From today i am gonna start blogging on my journey to "Try Hard".
So, As most of you all already know that now a days OSCP is in trend. So, i just asked my dad if i can do this. Firstly he said "NO" then after him i started convincing him and finally in last he Agreed.
So from today i will post everything that i will be learning in the upcoming 1-2 months. So i am studying with two of my good brothers/ more than friends.
2. Kishan sharma
Also one of my brother{again} Code_Ninja is also preparing for the same but he will register next year.
We all are studying together and learning new stuffs everyday when ever we get time. OSCP is all about pushing your limits to the highest level. Of course it's gonna give us a huge pain in our asss. But we are ready for that pain.
I had read 2 things :-
1.
"We Must embrace pain
and Burn it as fuel,
For our Journey."
These words were said by Kenji
2.
Of course we are not gonna do gym :P but yeah these lines are so true.
So about 2-3 months ago. I heard about HTB "HackTheBox". From their i learned many stuffs, i also took help ofcourse. But on HTB i met may new pentester from different countries. I made a new friend who's call himself:- PeaceMaker (He is an amazing guy and now he became my very very good friend with whom i can share anything. He had done OSCP, OSWP and "THE OSCE ^_^")
and he give me some advice about (Offensive Security Certifications) that i should do the OSCP.
Then after it Me, Hex Ninja, KishanSharma started preparing for OSCP. Still we are preparing.
Now a days we are working on Buffer overflows. We have done Windows based BOF (Vanilla, SEH and only Egghunter ) so far. But for OSCP we just need the basic knowledge of Winodws/Linu based Vanilla BOF's.
Apart from this i am gonna provide all the links from where we are learning. My friend Code_Ninja is also solving many vulnhub machines and writing writeup's also so you can check it out from
here:- www.futureoscp.blogspot.com
-----------------------------------------------------------
This is the Syllabus of PWK:-
1. - Getting Comfortable with Kali Linux
2. - The Essential Tools
3. - Passive Information Gathering
4. - Active Information Gathering
5. - Vulnerability Scanning
6. - Buffer Overflows- windows/linux based
7.- Working with Exploits
8.-File Transfers
9.- Client Side Attacks
10.-Web Application Attacks
11.-Password Attacks
12.-- Port Redirection and Tunneling
And then the most toughest thing (For me at-least);
12. - Privilege Escalation
--------------------------------------------------------------
Actually getting into the machine is easy(Intermediate) But the most toughest thing is to escalating the privileges of machines.
For Linux i'm following Gotmilk guide's. It's one of the best guide on priv. esclation.
Whenever i get into the machine by exploiting. I firstly check if the Kernel is vulnerable or not, then i check the suids , then the cronjobs and then i check for the different service's that are running on the machine.
For getting better in escalations we just need three things
Brain+Google+Exploit-db=R00t ^_^
----------------------------------------------------------------------------
Most of you must be thinking that how we are gonna prepare? Right?
-Then let me tell you we are gonna complete the
1.Buffer-overflow part first{More_practice},
then we will be doing practice on
2.Web application based vulnerablities- like:-
-------------------------------------------------------------------------------------------------------------
1. Injections:-
-SQL Injection
For SQL Injection you can follow these tutorials,
Challenges we are gonna do:-
A. http://leettime.net/sqlninja.com/
B. BWAPP SQLI Challenges
C. DVWA SQLI Challenges
D. And some from Dhakkan's Lab
-Code Injection |&| Arbitrary Code executions
For Code Injection you can follow these tutorials,
a)
Challenges we are gonna do:-
2. File Inclusion
-RFI
-LFI,
Have a look on this article also:-
Challenges we are gonna do:-
3. Cross site scripting
Basic Way:-
C. XSS Game
5. Unrestricted file upload
a)
b)
c)
Challenges we are gonna do:-
--------------------------------------------------------------------------------------------------
Then we will be learning more about Enumerations. Because pentesting is all about enumeration. The more you enumerate the more vulnerabilities you will be able to see.
Enumeration
Let me clear one more thing Enumeration=Information gathering. That is why i said "The more you enumerate the more vulnerabilities you will be able to see." Hope you understand.
And if some of you might don't know then let me tell you that Enumeration are of two types:-
1.Active
2.Passive
So we are just gonna give our time to learn about active enumeration only as passive enumeration we have already done.
So in Active Information Gathering we are gonna learn about different enumerations some of them are:-
1.DNS
Just read this:- https://www.exploit-db.com/docs/12389.pdf
2.SMB
Their are a lot of ways ofcourse for enumerating the SMB service. We can use the NMAP NSE script, enum4linux and many more. I will make tutorial on it very soon.
3.SNMP
For this i will say read this and then google to know more about it.
4.SMTP
For this you can use smtp-user-enum tool.
Also read this article once.
4.Portscanning
So here comes the most important part "THE PORT SCANNING"
Without it you are "0x00" || "\x00" haha...
For port forwarding as we all already know that NMAP is the best of the best for it.
So just start googling now ;)
Some Resources on Enumerations:-
To know everything in detail about enumeration? Then just go on the below link ;)
This is my very first article so i will not write much. But i can promise that the next few months will not be easy for me and it will be amazing for all of you. If you are going to come back here :P to read my fucking article that is written in very-very bad english :'( .
Thanks for reading,
