Oscp study

Notes of my Offensive Security Certified Professional (OSCP) study plan.

Last update: 2019-04-10

OSCP-like VMs on Vulnhub:

Beginner friendly:
- Kioptrix: Level 1 (#1) [ok]
- Kioptrix: Level 1.1 (#2) [ok]
- Kioptrix: Level 1.2 (#3) [ok]
- Kioptrix: Level 1.3 (#4) [ok]
- FristiLeaks: 1.3 [ok]
- Stapler: 1 [ok]
- PwnLab: init [ok]
- Pluck: 1 [ok]
- W1R3S: 1.0.1 [ok]
Intermediate:
- Kioptrix: 2014 [ok]
- Brainpan: 1 (Part 1 of BO is relevant to OSCP. egghunting is out of scope though)
- Mr-Robot: 1 [ok]
- HackLAB: Vulnix [ok]
- Not so sure (Didn't solve them yet):
- VulnOS: 2 [ok]
- SickOs: 1.2 [ok]
- /dev/random: scream
- pWnOS: 2.0
- SkyTower: 1
- IMF
- Lord of the Root 1.0.1 [ok]
- Tr0ll
- Pegasus
- SkyTower [ok]
Windows
- Metasploitable 3
- Bobby: 1 (Uses VulnInjector, need to provide you own ISO and key.)

(credits for @abatchy)

Link to download VMs: http://vulnhub.com

Hackthebox.eu (HTB)

I strongly recommend the boxes on the hackthebox.eu to study for OSCP cert. HTB has a good set of windows boxes to training: Devel, Optimum, Bastard, Grandpa, Blue, Sizzle, Reel.

My hackthebox profile: https://www.hackthebox.eu/profile/5823. Feel free to contact me there :)

PS: It's needed to solve a little "challenge" to obtain the invite.

Recommended books:

Penetration Testing: A Hands-On Introduction to Hacking (+Highly recommended for beginners)
Hacking: The Art of Exploitation, 2nd Edition
Rtfm: Red Team Field Manual
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The Hacker Playbook: Practical Guide To Penetration Testing

Stack-based buffer overflow links [must-read]:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ [Recommended]
http://www.tenouk.com/Bufferoverflowc/Bufferoverflow1.html
https://raw.githubusercontent.com/m0nad/Papers/master/buffer_overflow_iniciantes.txt [PT-BR]

My write-ups

Kioptrix level 1
Kioptrix level 1.1
Kioptrix level 1.2

Help Needed to run this.!

Hi there,

When I try to run this snippet, I get these error on Kali Linux Terminal.

764.c:643:24: error: ‘SSL2_MAX_CONNECTION_ID_LENGTH’ undeclared here (not in a function); did you mean ‘SSL_MAX_SSL_SESSION_ID_LENGTH’?
unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSL_MAX_SSL_SESSION_ID_LENGTH
764.c:651:2: error: unknown type name ‘RC4_KEY’
RC4_KEY* rc4_read_key;
^~~~~~~
764.c:652:2: error: unknown type name ‘RC4_KEY’
RC4_KEY* rc4_write_key;
^~~~~~~
764.c: In function ‘read_ssl_packet’:
764.c:844:7: error: ‘MD5_DIGEST_LENGTH’ undeclared (first use in this function); did you mean ‘SHA_DIGEST_LENGTH’?
if (MD5_DIGEST_LENGTH + padding >= rec_len) {
^~~~~~~~~~~~~~~~~
SHA_DIGEST_LENGTH
764.c:844:7: note: each undeclared identifier is reported only once for each function it appears in
764.c:845:19: error: ‘SSL2_MT_ERROR’ undeclared (first use in this function); did you mean ‘SSL_METHOD’?
if ((buf[0] == SSL2_MT_ERROR) && (rec_len == 3)) {
^~~~~~~~~~~~~
SSL_METHOD
764.c:856:3: warning: implicit declaration of function ‘RC4’ [-Wimplicit-function-declaration]
RC4(ssl->rc4_read_key, rec_len, buf, buf);
^~~
764.c: In function ‘send_ssl_packet’:
764.c:882:2: error: unknown type name ‘MD5_CTX’; did you mean ‘PEM_CTX’?
MD5_CTX ctx;
^~~~~~~
PEM_CTX
764.c:887:23: error: ‘MD5_DIGEST_LENGTH’ undeclared (first use in this function); did you mean ‘SHA_DIGEST_LENGTH’?
tot_len = rec_len + MD5_DIGEST_LENGTH; /* RC4 needs no padding /
^~~~~~~~~~~~~~~~~
SHA_DIGEST_LENGTH
764.c:905:3: warning: implicit declaration of function ‘MD5_Init’; did you mean ‘HMAC_Init’? [-Wimplicit-function-declaration]
MD5_Init(&ctx);
^~~~~~~~
HMAC_Init
764.c:906:3: warning: implicit declaration of function ‘MD5_Update’; did you mean ‘HMAC_Update’? [-Wimplicit-function-declaration]
MD5_Update(&ctx, ssl->write_key, RC4_KEY_LENGTH);
^~~~~~~~~~
HMAC_Update
764.c:909:3: warning: implicit declaration of function ‘MD5_Final’; did you mean ‘HMAC_Final’? [-Wimplicit-function-declaration]
MD5_Final(p, &ctx);
^~~~~~~~~
HMAC_Final
764.c: In function ‘get_server_hello’:
764.c:977:16: error: ‘SSL2_MT_SERVER_HELLO’ undeclared (first use in this function); did you mean ‘SSL3_MT_SERVER_HELLO’?
if ((p++) != SSL2_MT_SERVER_HELLO) {
^~~~~~~~~~~~~~~~~~~~
SSL3_MT_SERVER_HELLO
764.c:1009:26: warning: passing argument 2 of ‘d2i_X509’ from incompatible pointer type [-Wincompatible-pointer-types]
ssl->x509=d2i_X509(NULL,&p,(long)cert_length);
^
In file included from /usr/include/openssl/objects.h:916:0,
from /usr/include/openssl/evp.h:27,
from /usr/include/openssl/x509.h:23,
from /usr/include/openssl/ssl.h:50,
from 764.c:20:
/usr/include/openssl/x509.h:540:1: note: expected ‘const unsigned char *’ but argument is of type ‘unsigned char ’
DECLARE_ASN1_FUNCTIONS(X509)
^
764.c: In function ‘send_client_master_key’:
764.c:1069:10: error: dereferencing pointer to incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
if (pkey->type != EVP_PKEY_RSA) {
^~
764.c: In function ‘generate_key_material’:
764.c:1106:2: error: unknown type name ‘MD5_CTX’; did you mean ‘PEM_CTX’?
MD5_CTX ctx;
^~~~~~~
PEM_CTX
764.c:1111:42: error: ‘MD5_DIGEST_LENGTH’ undeclared (first use in this function); did you mean ‘SHA_DIGEST_LENGTH’?
for (i=0; i<RC4_KEY_MATERIAL_LENGTH; i+=MD5_DIGEST_LENGTH) {
^~~~~~~~~~~~~~~~~
SHA_DIGEST_LENGTH
764.c: In function ‘generate_session_keys’:
764.c:1127:23: error: ‘RC4_KEY’ undeclared (first use in this function); did you mean ‘EC_KEY’?
ssl->rc4_read_key = (RC4_KEY) malloc(sizeof(RC4_KEY));
^~~~~~~
EC_KEY
764.c:1127:31: error: expected expression before ‘)’ token
ssl->rc4_read_key = (RC4_KEY) malloc(sizeof(RC4_KEY));
^
764.c:1128:2: warning: implicit declaration of function ‘RC4_set_key’; did you mean ‘RSA_set0_key’? [-Wimplicit-function-declaration]
RC4_set_key(ssl->rc4_read_key, RC4_KEY_LENGTH, ssl->read_key);
^~~~~~~~~~~
RSA_set0_key
764.c:1131:32: error: expected expression before ‘)’ token
ssl->rc4_write_key = (RC4_KEY) malloc(sizeof(RC4_KEY));
^
764.c: In function ‘get_server_verify’:
764.c:1146:16: error: ‘SSL2_MT_SERVER_VERIFY’ undeclared (first use in this function); did you mean ‘SSL3_MT_SERVER_HELLO’?
if (buf[0] != SSL2_MT_SERVER_VERIFY) {
^~~~~~~~~~~~~~~~~~~~~
SSL3_MT_SERVER_HELLO
764.c: In function ‘send_client_finished’:
764.c:1158:11: error: ‘SSL2_MT_CLIENT_FINISHED’ undeclared (first use in this function); did you mean ‘SSL3_MT_FINISHED’?
buf[0] = SSL2_MT_CLIENT_FINISHED;
^~~~~~~~~~~~~~~~~~~~~~~
SSL3_MT_FINISHED
764.c: In function ‘get_server_finished’:
764.c:1171:16: error: ‘SSL2_MT_SERVER_FINISHED’ undeclared (first use in this function); did you mean ‘SSL3_MT_SERVER_DONE’?
if (buf[0] != SSL2_MT_SERVER_FINISHED) {
^~~~~~~~~~~~~~~~~~~~~~~
SSL3_MT_SERVER_DONE

ferreirasc / oscp Goto Github PK

oscp's Introduction

Oscp study

OSCP-like VMs on Vulnhub:

Hackthebox.eu (HTB)

Recommended books:

Stack-based buffer overflow links [must-read]:

Other interesting links:

My write-ups

oscp's People

Contributors

Stargazers

Watchers

Forkers

oscp's Issues

Help Needed to run this.!

I am getting 405 with drupal script?

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent