🐇
Mike's OSCP Guide
  • Mike's OSCP Guide
  • Methodology
    • OSCP Methodology
    • OSCP Last Minute Tips
Powered by GitBook
On this page
  1. Initial Foothold

Methodology

Introduction

It is always the 3 things for OSCP:

  1. Vulnerable Versions

  2. Misconfigurations

  3. Sensitive Information

1. Vulnerable Versions -> Exploits

  • Check version -> Google / Searchsploit

2. Misconfigurations -> Exploits / Bypass

  • Default credentials / Anonymous Login / Weak Passwords

  • SQL injection -> Auth Bypass / File Read / Command Execution

  • File Upload -> RCE / Overwrite Login Files / Client side attacks

  • File Read -> Credential Files / Config Files / Process & Logs

  • Path Traversal / File Inclusion -> File Read / RCE

  • Mass Assignment -> Auth Bypass

3. Sensitive Information -> Logins

  • Credential Pairs -> Login

  • Usernames -> Find passwords / Brute force Login / Username as Password

  • Passwords -> Password Spraying

  • Hints to other services

Vulnerable Versions

Misconfigurations

Sensitive Information

Last updated 6 months ago