OSEP Checklist

Byaghanim

Last Updated on December 15, 2023 by aghanim

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub

Web Application:

  • Unrestricted File upload (ASPX)
  • SQL Injection
  • Server Side Template Injection
  • RFI
  • LFI
  • Web Service
  • BruteForce
  • CVE
  • Phishing
  • Code Exec
  • BAD PDF

MSSQL:

  • Linked Servers
  • Priv Esc
  • Enable Shell
  • Code Exec
  • Relay netv2 hash

Privilege Escalation:

Windows

  • PowerUP
  • LinPeas
  • Creds in Config Files
  • SEimpersonation (PrintSpoofer,Spooler,etc)
  • ShadowCopy
  • Hivenightmare
  • Mimikatz
  • UAC
  • MSSQL
  • Listening Services
  • Kernel

Linux

  • Shared Library
  • Sudo
  • Groups
  • Listening Services
  • Ansible (Unix)
  • lse / Linpeas
  • JFROG

Lateral Movement:

  • LAPS
  • Unconstrained Delegation
  • Constrained Delegation
  • Resource Based Constrained Delegation
  • MSSQL Linked Servers
  • Pass the Ticket
  • Tickets in /tmp
  • Pass The Hash
  • Relay The Hash
  • Crack the Hash
  • RDP / SharpRDP
  • Web Application
  • Fileless Lateral Movement
  • Mimikatz
  • Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)
  • Bloodhound/SharpHound[.exe/.ps1]
  • JFROG
  • KEYTAB (Kerberos)
  • SSH
  • Ansible
  • SPOOLSS
  • Reuse of passwords (.\administrator NOT domain\administrator)
  • adPeas.ps1

Similar Posts

  • THM – Network Services – SMB – Part 3

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding SMB Enumerating SMB Exploiting SMB  Understanding SMB  SMB – Server Message Block Protocol – is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.   Servers make file systems and other resources available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers.   The SMB protocol is known as a…

  • THM – Encryption – Part 16

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsKey TermsWhy is Encryption importantRSA – Rivest Shamir AdlemanDigital signatures and CertificatesSSH AuthenticationExplaining…

  • THM – Network Services – Telnet – Part 5

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding telnet Enumerating Telnet Exploiting telnet  Understanding telnet  What is telnet?  Telnet is an application protocol which allows you, with the use of telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server.   The telnet client will establish a connection with the server. The client will then…

  • THM – Subdomain Enumeration – Part 5

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsBriefOSINT – SSL/TLS CertificatesSSL/TLS CertificatesOSINT – Search EngineSearch EnginesDNS BruteforceOSINT – Sublist3rAutomation Using Sublist3rVirtual Hosts Brief Subdomain enumeration is the…

  • Pivoting and port forwarding guide

    Byaghanim

    Last Updated on June 1, 2023 by aghanim This is notes taken from the THM room ‘Wreath’, which is a great room for learning Active Directory and pivoting. https://www.tryhackme.com/room/wreath And from other sources. Table Of ContentsSummaryWhat is pivoting?High level overviewEnumerationProxychains & FoxyProxyProxychainsFoxyProxySSH Tunnelig / Port ForwardingForward ConnectionsNMAP with SSH proxyReverse ConnectionsSSH Remote Port Forwarding (From…