Pentest Everything

This cheatsheet may no longer be comprehensive since the exam was drastically changed in early 2022.

This is the penetration testing cheatsheet I created to get my OSCP certification. It has quick guides and useful commands to enumerate and exploit some low-hanging fruits and common services. I recommend absolute beginners to look at the references to fully understand what's going on here.

Also, I added links to original repositories and/or authors of the utilities I use. I compiled some utilities and put them into the private repo (pentesting-tools). I cannot share them due to legal reasons, so you have to download/compile them yourself.

Github-md-toc-generator is used to generate Tables of Contents.

─────█─▄▀█──█▀▄─█───── 
────▐▌──────────▐▌──── 
────█▌▀▄──▄▄──▄▀▐█──── 
───▐██──▀▀──▀▀──██▌─── 
──▄████▄──▐▌──▄████▄──

Contents

• Kali Virtual Machine Configuration
• Enumeration and Exploitation of Services
• Buffer Overflow Attack
• Linux Privilege Escalation
• Windows Privilege Escalation
• Utilities

Utilities

• winPEAS
• linPEAS
• Linux Smart Enumeration
• Linux Exploit Suggester
• mkpsrevshell
• SharpUp
• AccessChk
• PowerView
• Seatbelt
• Rubeus
• Mimikatz
• SharpHound
• Procmon
• creddump7
• Plink
• HotPotato
• RoguePotato
• PrintSpoofer
• JuicyPotato
• incognito
• SharpWeb
• pspy
• mongodb2hashcat
• Probable-Wordlists
• Payloadbox
• PayloadAllTheThings

References

• TryHackMe Offensive Pentesting
• PortSwigger WebSecurity Academy
• Tib3rius Linux Privilege Escalation Udemy course
• Tib3rius Windows Privilege Escalation Udemy course
• John Hammond YouTube channel
• IppSec YouTube channel