I initially created this cheatsheet for the OSCP exam, but it is no longer comprehensive since the exam was drastically changed in early 2022. However, it may still be useful for pentesting, CTFs, or just as a great example of exam cheatsheets.
This cheatsheet has quick guides and useful commands to enumerate and exploit low-hanging fruits and common services.
I recommend beginners look at the references. These courses and videos helped me gain fundamental knowledge for the OSCP exam and pentesting in general.
Also, I added links to original repositories and/or authors of the utilities I use. I compiled/downloaded
utilities and put them into my private repo (pentesting-tools). I cannot share them for legal reasons, so you
have to compile/download them yourself.
Github-md-toc-generator is used to generate Tables of Contents.
─────█─▄▀█──█▀▄─█─────
────▐▌──────────▐▌────
────█▌▀▄──▄▄──▄▀▐█────
───▐██──▀▀──▀▀──██▌───
──▄████▄──▐▌──▄████▄──
- Kali Virtual Machine Configuration
- Enumeration and Exploitation of Services
- Buffer Overflow Attack
- Linux Privilege Escalation
- Windows Privilege Escalation
- Utilities
- winPEAS
- linPEAS
- Linux Smart Enumeration
- Linux Exploit Suggester
- mkpsrevshell
- SharpUp
- AccessChk
- PowerView
- Seatbelt
- Rubeus
- Mimikatz
- SharpHound
- Procmon
- creddump7
- Plink
- HotPotato
- RoguePotato
- PrintSpoofer
- JuicyPotato
- incognito
- SharpWeb
- pspy
- mongodb2hashcat
- Probable-Wordlists
- Payloadbox
- PayloadAllTheThings