OSEP Checklist

Byaghanim

Last Updated on December 15, 2023 by aghanim

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub

Web Application:

  • Unrestricted File upload (ASPX)
  • SQL Injection
  • Server Side Template Injection
  • RFI
  • LFI
  • Web Service
  • BruteForce
  • CVE
  • Phishing
  • Code Exec
  • BAD PDF

MSSQL:

  • Linked Servers
  • Priv Esc
  • Enable Shell
  • Code Exec
  • Relay netv2 hash

Privilege Escalation:

Windows

  • PowerUP
  • LinPeas
  • Creds in Config Files
  • SEimpersonation (PrintSpoofer,Spooler,etc)
  • ShadowCopy
  • Hivenightmare
  • Mimikatz
  • UAC
  • MSSQL
  • Listening Services
  • Kernel

Linux

  • Shared Library
  • Sudo
  • Groups
  • Listening Services
  • Ansible (Unix)
  • lse / Linpeas
  • JFROG

Lateral Movement:

  • LAPS
  • Unconstrained Delegation
  • Constrained Delegation
  • Resource Based Constrained Delegation
  • MSSQL Linked Servers
  • Pass the Ticket
  • Tickets in /tmp
  • Pass The Hash
  • Relay The Hash
  • Crack the Hash
  • RDP / SharpRDP
  • Web Application
  • Fileless Lateral Movement
  • Mimikatz
  • Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)
  • Bloodhound/SharpHound[.exe/.ps1]
  • JFROG
  • KEYTAB (Kerberos)
  • SSH
  • Ansible
  • SPOOLSS
  • Reuse of passwords (.\administrator NOT domain\administrator)
  • adPeas.ps1

Similar Posts

  • THM – Network Services – Telnet – Part 5

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding telnet Enumerating Telnet Exploiting telnet  Understanding telnet  What is telnet?  Telnet is an application protocol which allows you, with the use of telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server.   The telnet client will establish a connection with the server. The client will then…

  • THM – Upload Vulnerabilities – Part 13

    Byaghanim

    Last Updated on March 24, 2022 by aghanim This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsIntroductionMethodology – EnumerationOverwriting Existing FilesRemote Code ExecutionFilteringClient-side filteringServer-side filteringExtension ValidationFile Type FilteringFile Length…

  • THM – IDOR – Part 7

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsWhat is an IDOR?An IDOR ExampleFinding IDORs in Encoded IDsEncoded IDsFinding IDORs and Hashed IDsHashed IDsFinding IDORs in Unpredictable IDsUnpredictable IDsWhere are…

  • THM – Walking An Application – Part 3

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsIntroductionExploring The WebsiteViewing the Page SourceHow do I view the Page Source?Let’s view some Page Source!Developer Tools – InspectorDeveloper ToolsInspectorDeveloper…

  • THM – Network Services – FTP – Part 4

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding FTP Enumerating FTP Exploiting FTP  Understanding FTP  What is FTP? File transfer protocol is a protocol used to allow remote transfer of files over a network. It uses a client-server model to do this. It relays command and data in a very efficient way.   How does FTP work?  A typical FTP session operates using two channels:  A command channel   A data channel  The command channel is used for transmitting commands as well as replies to those commands, while the data channel is used for transferring data.  …