man1pulator / oscp_tips

The repository is about the unique and cool stuff that can be used in OSCP preparation for bringing ease to your enumeration steps.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Oscp Unique and Cool Preparation Tips

1. Tmux - Settings Variables to Use across Tmux Session

Tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal. Its highly recommended to use tmux for your daily life task and keeping your work organized.

Talking about CTFs machine, we usually came across with different machines having different IP. Many feel lazy to remember the exact IP and usually writes or copy/paste the machine’s IP again and again to launch different scans.

You can set variables in tmux session that will be accessed throughout the given tmux session. Make sure to declare variables in the first pane so the child panes, created afterwards, can use declared variables. Kindly refer to the video below

Syntax

IP=10.0.2.33
tmux setenv IP $IP
export IP=$IP	

Video POC

Setting.Variables.in.Tmux.mp4


2 Analyzing Traffic with Tcpdump

Tcpdump is a valuable command line utility that allows you to capture and analyze network traffic going through your system. I am going to suggest you an approach that would help you debug and understand network protocols.

I would highly recommend to use this tcpdump command to analyze or debug the traffic. I frequently use this and avoided many stupid mistakes for e.g providing wrong port number or tool not working as expected.

tcpdump -i tun0 -nqtX host $IP and port 21 and 'tcp[13] & 8!=0'

Breakdown

-n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.

-q Quick (quiet?) output. Print less protocol information so output lines are shorter.

-t Don't print a timestamp on each dump line.

-X Print the data of each packet in hex and ASCII. This is very handy for analysing new protocols.

'tcp[13] & 8 != 0' Show all PSH Packets (Packets containing actual data)

Video POC

Analyzing.FTP.Traffic.With.Tcpdump.mp4


3. Dirsearch

Dirsearch is a mature command-line tool designed to brute force directories and files in webservers.

I highly recommend to use dirsearch for finding hidden directories and files. The key features of dirsearch includes pausing and resuming scan, providing multiple files as input and performing recursive brute forcing. Below is the command that has never let me down throughout my OSCP journey.

Syntax

wordlists='db/dicc.txt,/usr/share/dirb/wordlists/common.txt,/usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt'
python3 dirsearch.py -u $url -e php,html,htm,txt -w $wordlists --random-user-agent -b -t 20 

Note: dirsearch doesn't append extensions to every word, if you don't use the -f flag. By default, only the %EXT% keyword in the wordlist will be replaced with extensions (-e ).



4. Bruteforcing with ffuf

Since Burp suite professional isn’t allowed in OSCP exam and using hydra for brute forcing web forms usually takes a bit headache to configure. We can use ffuf raw request to brute force http web forms with minimum configurations.

Syntax

ffuf --request raw.req --request-proto http -w /tmp/user.list:W1,/tmp/password.list:W2 -c -ac -t 20

Video POC

Bruteforcing.with.ffuf.mp4

About

The repository is about the unique and cool stuff that can be used in OSCP preparation for bringing ease to your enumeration steps.