OSEP Checklist

Byaghanim

Last Updated on December 15, 2023 by aghanim

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub

Web Application:

  • Unrestricted File upload (ASPX)
  • SQL Injection
  • Server Side Template Injection
  • RFI
  • LFI
  • Web Service
  • BruteForce
  • CVE
  • Phishing
  • Code Exec
  • BAD PDF

MSSQL:

  • Linked Servers
  • Priv Esc
  • Enable Shell
  • Code Exec
  • Relay netv2 hash

Privilege Escalation:

Windows

  • PowerUP
  • LinPeas
  • Creds in Config Files
  • SEimpersonation (PrintSpoofer,Spooler,etc)
  • ShadowCopy
  • Hivenightmare
  • Mimikatz
  • UAC
  • MSSQL
  • Listening Services
  • Kernel

Linux

  • Shared Library
  • Sudo
  • Groups
  • Listening Services
  • Ansible (Unix)
  • lse / Linpeas
  • JFROG

Lateral Movement:

  • LAPS
  • Unconstrained Delegation
  • Constrained Delegation
  • Resource Based Constrained Delegation
  • MSSQL Linked Servers
  • Pass the Ticket
  • Tickets in /tmp
  • Pass The Hash
  • Relay The Hash
  • Crack the Hash
  • RDP / SharpRDP
  • Web Application
  • Fileless Lateral Movement
  • Mimikatz
  • Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)
  • Bloodhound/SharpHound[.exe/.ps1]
  • JFROG
  • KEYTAB (Kerberos)
  • SSH
  • Ansible
  • SPOOLSS
  • Reuse of passwords (.\administrator NOT domain\administrator)
  • adPeas.ps1

Similar Posts

  • THM – Network Services – MySQL – Part 8

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding MySQL Enumerating MySQL Exploit MySQL Understanding MySQL  What is MySQL?   In its simplest definition, MySQL is a relational database management system (RDBMS) based on Structured Query Language (SQL).   Database:   A database is simply a persistent, organized collection of structured data.   RDBMS:   A software or service used to create and manage databases based on…

  • THM – John The Ripper – Part 15

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsCracking Basic HashesCracking Windows authentication HashesCracking /etc/shadow HashesSingle Cracking ModeCustom RulesCracking Password Protected…

  • THM – Network Services – NFS – Part 6

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding NFS Enumerating NFS Exploiting NFS  Understanding NFS  What is NFS?   NFS stands for Network File System and allows a system to share directories and files with others over a network. By using NFS, users and programs can access files on remote systems almost as if they were local files. It does this by…

  • THM – Upload Vulnerabilities – Part 13

    Byaghanim

    Last Updated on March 24, 2022 by aghanim This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsIntroductionMethodology – EnumerationOverwriting Existing FilesRemote Code ExecutionFilteringClient-side filteringServer-side filteringExtension ValidationFile Type FilteringFile Length…

  • THM – Network Services – SMB – Part 3

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding SMB Enumerating SMB Exploiting SMB  Understanding SMB  SMB – Server Message Block Protocol – is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.   Servers make file systems and other resources available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers.   The SMB protocol is known as a…