Giter VIP home page Giter VIP logo

oscp's Introduction

oscp

Reconscan.py

This script is based on the script by Mike Czumak. But it is heavily rewritten, some things have been added, other stuff has been removed. The script is written as a preparation for the OSCP exam. It was never meant to be a general script. So if you want to use it you have to make sure to fix all the hardcoded paths. The script is multithreaded and can be run against several hosts at once.

The script is invoked like this:

python reconscan.py 192.168.1.101 192.168.1.102 192.168.1.103

One important thing to note is that I removed the scan for all ports. Because it would sometimes just take to long to run. So make sure you either add that scan or run it afterwards. So you don't miss any ports.

Please note that the script includes dirb and nikto-scans that are very invasive. The script also includes several nmap-scripts that check for vulnerabilities. So yeah, this script would be pretty illegal and bad to run against a machine you don't have permission to attack.

Templates

I created two templates that I used as a guide for every machine I attacked. One template is for Linux machines and the other for windows. There are some differences between them. The templates became kind of my checklists. They are divided into three sections: recon, privilege escalation and loot.

The templates are written in markdown. But I never actually rendered them, so I don't really know how they look like rendered. They are probably pretty messy. I also used them together with markdown syntax-highlightning in my editor, so it became easy to navigate the files.

The templates have a few keywords in the, like INSERTIPADDRESS. These are hooks that are read by reconscan.py, and it insert the target machine IP-address automatically. Some other stuff are also inserted automatically, like the a basic nmap-scan. And nikto-scan.

Wherever there are references to a book. This is the book: https://bobloblaw.gitbooks.io/security/content/

oscp's People

Contributors

rawtables avatar xapax avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

mello92 suds7 wesleyleach rootedsecurity vortexau prakashkamalakannan appurajv bruhman5thflo xcalibur1005 willc saleem144 depasonico sam0x90 mrpentest mgcfish lduros dmalowiecki2 lobos250 bhasbor securux gpicchiarelli h121h mdhasan2 jamesmilazzo tunnytraffic chrismich ibr2 surlybot buglessdr latterdaylegion dipsec zsschulze totoroha rclaborde tardummy01 d00mfist askshri melvinvarkey dothackaway riccardoancarani i0n0n infinitedevelopment aaronott act1on3 0x00-0x00 m00zh33 ch4p34un0ir kidbomb hrushikeshk virgilcj raimundojimenez indrajithan yipingshen2018 vexs1991 jjegg alexb70 sheimo asionsuis corey-robinson omkar-ukirde kmille mrtaheramine trecaus russweir kasparslicis attacker34 icon0clast lolici123 smileronin daveym eremiel harmeet-1337 haxonicofficial piyushroshan 6ix6ix6 haimo918 rawtables lalalland bravery9 stefanbulof romerosergio d0nu75 gitradar farseer285 yuhisern7 etem cryptohackz subonzyx cc8461 19anand90 drediske jsmit260 northbr1dge mmg1 blumblumshub anorrybot qu3stbaby subfission craziant3k star-bob

oscp's Issues

mappin-linux.md

replace: Can't create/write to file '/root/oscp/exam/192.168.41.53/mapping-linux.md' (Errcode: 2 "No such file or directory")

how i can fix it?

Various Bugs

Fix 1
To Fix:

Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "./reconscan.py", line 128, in httpEnum
print bcolors.HEADER + CURLSCAN + bcolors.END
AttributeError: class bcolors has no attribute 'END'

Line 128

print bcolors.HEADER + CURLSCAN + bcolors.END

should change to

print bcolors.HEADER + CURLSCAN + bcolors.ENDC

Fix 2

Line 186

smbNmap = "nmap --script=smb-enum-shares.nse,smb-ls.nse,smb-enum-users.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-security-mode.nse,smbv2-enabled.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse,smbv2-enabled.nse %s -oN /root/oscp/exam/%s/smb_%s.nmap" % (ip_address, ip_address, ip_address)

should change to

smbNmap = "nmap --script=smb-enum-shares.nse,smb-ls.nse,smb-enum-users.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-security-mode.nse,smb-protocols.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse %s -oN /root/oscp/exam/%s/smb_%s.nmap" % (ip_address, ip_address, ip_address)

Removed the duplicate smbv2-enabled.nse. Changed the remaining smbv2-enable.nse to smb-protocols.nse due to smbv2-enable.nse being deprecated. smb-protocols.nse is smbv2-enable.nse's successor as reported by Nmap, "This script (smb-protocols.nse) is the successor to the (removed) smbv2-enabled script."

Fix 3
To Fix:

Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "./reconscan.py", line 165, in mssqlEnum
MSSQLSCAN = "nmap -sV -Pn -p %s --script=ms-sql-info,ms-sql-config,ms-sql-dump-hashes --script-args=mssql.instance-port=1433,smsql.username-sa,mssql.password-sa -oN /root/oscp/exam/%s/mssql_%s.nmap %s" % (port, ip_address, ip_address)
TypeError: not enough arguments for format string

Line 165

MSSQLSCAN = "nmap -sV -Pn -p %s --script=ms-sql-info,ms-sql-config,ms-sql-dump-hashes --script-args=mssql.instance-port=1433,smsql.username-sa,mssql.password-sa -oN /root/oscp/exam/%s/mssql_%s.nmap %s" % (port, ip_address, ip_address)

Should change to

MSSQLSCAN = "nmap -sV -Pn -p %s --script=ms-sql-info,ms-sql-config,ms-sql-dump-hashes --script-args=mssql.instance-port=1433,smsql.username-sa,mssql.password-sa -oN /root/oscp/exam/%s/mssql_%s.nmap %s" % (port, ip_address, ip_address, ip_address)

Dirbuster argument List to long error

When trying to write dirt results to file you get argument list to long. Fix it with below code

Old Code

subprocess.check_output("replace INSERTDIRBSCAN \"" + data + "\" -- " + path, shell=True)

Fixed Code
subprocess.check_output("replace INSERTDIRBSCAN \"" + "%s".format(data) + "\" -- " + path, shell=True)

Bug

how do i fix the following error?
Process Process-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "./reconscan.py", line 244, in nmapScan
write_to_file(ip_address, "portscan", results)
File "./reconscan.py", line 78, in write_to_file
subprocess.check_output("replace INSERTTCPSCAN "" + data + "" -- " + path, shell=True)
File "/usr/lib/python2.7/subprocess.py", line 219, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command 'replace INSERTTCPSCAN "

Thanks in Advance :)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.