OSEP Checklist

Byaghanim

Last Updated on December 15, 2023 by aghanim

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub

Web Application:

  • Unrestricted File upload (ASPX)
  • SQL Injection
  • Server Side Template Injection
  • RFI
  • LFI
  • Web Service
  • BruteForce
  • CVE
  • Phishing
  • Code Exec
  • BAD PDF

MSSQL:

  • Linked Servers
  • Priv Esc
  • Enable Shell
  • Code Exec
  • Relay netv2 hash

Privilege Escalation:

Windows

  • PowerUP
  • LinPeas
  • Creds in Config Files
  • SEimpersonation (PrintSpoofer,Spooler,etc)
  • ShadowCopy
  • Hivenightmare
  • Mimikatz
  • UAC
  • MSSQL
  • Listening Services
  • Kernel

Linux

  • Shared Library
  • Sudo
  • Groups
  • Listening Services
  • Ansible (Unix)
  • lse / Linpeas
  • JFROG

Lateral Movement:

  • LAPS
  • Unconstrained Delegation
  • Constrained Delegation
  • Resource Based Constrained Delegation
  • MSSQL Linked Servers
  • Pass the Ticket
  • Tickets in /tmp
  • Pass The Hash
  • Relay The Hash
  • Crack the Hash
  • RDP / SharpRDP
  • Web Application
  • Fileless Lateral Movement
  • Mimikatz
  • Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)
  • Bloodhound/SharpHound[.exe/.ps1]
  • JFROG
  • KEYTAB (Kerberos)
  • SSH
  • Ansible
  • SPOOLSS
  • Reuse of passwords (.\administrator NOT domain\administrator)
  • adPeas.ps1

Similar Posts

  • THM – Network Services – FTP – Part 4

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding FTP Enumerating FTP Exploiting FTP  Understanding FTP  What is FTP? File transfer protocol is a protocol used to allow remote transfer of files over a network. It uses a client-server model to do this. It relays command and data in a very efficient way.   How does FTP work?  A typical FTP session operates using two channels:  A command channel   A data channel  The command channel is used for transmitting commands as well as replies to those commands, while the data channel is used for transferring data.  …

  • THM – What the Shell – Part 19

    Byaghanim

    Last Updated on September 5, 2022 by aghanim This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsWhat is a shell?ToolsTypes of ShellNetcatNetcat shell stabilizationSocatSocat encrypted shellsCommon shell payloadsMsfvenomMetasploit multi/handlerWebShells…

  • THM – Burp suite – Part 11

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsIntro  Proxy Target Definition TASKS  Tasks Tasks Tasks Tasks  Intro   Burp Suite is a framework of web appliccation pentesting tool. It is used to perform web app testing.   To install burp suite follow this guide. https://portswigger.net/burp/documentation/desktop/getting-started  Overview of Features  Proxy – What allows us to funnel traffic through Burp Suite for further analysis  Target – How we set the scope of our project. We can also use this to effectively create a…

  • THM – Subdomain Enumeration – Part 5

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsBriefOSINT – SSL/TLS CertificatesSSL/TLS CertificatesOSINT – Search EngineSearch EnginesDNS BruteforceOSINT – Sublist3rAutomation Using Sublist3rVirtual Hosts Brief Subdomain enumeration is the…