OSCP-Exam-Report-Template
AutoRecon
OSCP-Exam-Report-Template | AutoRecon | |
---|---|---|
9 | 18 | |
913 | 4,811 | |
- | - | |
0.0 | 5.0 | |
almost 3 years ago | 3 months ago | |
Python | ||
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OSCP-Exam-Report-Template
-
Passing the OSCP in 8 hours(as a high school student)
I had never done any formal pentesting reports like this one, so I kind of learned it on the fly. The whoisflynn template came in clutch for me, since I just had to follow the instructions laid out and copy paste whatever I needed to. Don’t underestimate this part of the exam, and do some planning beforehand to make sure you’re comfortable and have enough time. There isn’t an upper limit to detail in the report, and I was sure I was very detailed in my writeups.
- 22 Hours Later
-
Really bad exam experience, don't wanna take it again?
Was easy to be honest. The way I work was to create reports for all boxes I did in the PWK, proving grounds and HTB as if they were real engagements. I used a template in Joplin I found here https://github.com/whoisflynn/OSCP-Exam-Report-Template. During my practice I would document my findings as I went through and edited out things I didn't need.
-
Passed second try, my thoughts
As for the report, I used this template, and removed most sections such as remediation, and added another section for common tools that I used that needs to leave a link to (i.e. Nishang's repo, Feroxbuster, AutoRecon, etc.)
- Une petite demande concernant les spécialistes en cybersécurité
- I passed OSCP, and here is how you should(nt) do it
-
everything i need to know :3
I used https://github.com/whoisflynn/OSCP-Exam-Report-Template for my report
- Report format for OSCP
-
OSCP report
I had the same thing, the template looks very differently from what I would've done on my own. In the end I decided to follow the template (or more specifically, this version, since it made more sense to me) as closely as possible, only diverging when I had to, for instance when there were certain vulnerabilities I had to exploit before I could do the actual exploit that I used to obtain a shell, but that didn't allow me to obtain a shell themselves directly. In those cases I put those explanations in the initial description.
AutoRecon
- Failed first attempt with 50pts
- Failed the OSCP 😞
-
Autorecon installation issue
pipx install git+https://github.com/Tib3rius/AutoRecon.git
- All round web scanning tool - add yours to the list!
-
Linux Priv Escalation Scripts
Yeah it's been out for about a year now. Same repo, just a version update. https://github.com/Tib3rius/AutoRecon
-
Update: I passed with 100 points on second attempt AMA
smbmap - I believe so as it is a part of https://github.com/Tib3rius/AutoRecon
-
Resources after nmap scan
It sounds like you’re looking for something like AutoRecon.
-
I passed with 100 points on second attempt AMA
I used AutoRecon (thanks tibs) and PEAS for both linux and windows privesc. But again, the reason I failed the first time was because I relied to heavily on these tools. I really like the disclaimer on the autorecon github:
-
Just officially passed my OSCP with (70 + 10) points
Initial Recon/Exploitation - Initial scan your target with either autorecon (https://github.com/Tib3rius/AutoRecon) or an in-depth nmap scan. Then, for each port, enumerate with commands from hacktricks (https://book.hacktricks.xyz/), (https://fareedfauzi.gitbook.io/oscp-notes/services-enumeration/http-s/enumeration-checklist) and (https://web.archive.org/web/20200309204648/http://0daysecurity.com/penetration-testing/enumeration.html) but you could honestly just get away with hacktricks. If you see any sort of service, CMS, or whatever running, searchsploit it. Sometimes, you might get lucky and find an exploit that you can use or can keep in your back pocket for PE later. If you need help with how to actually do an exploit (https://ippsec.rocks/?#) is your friend. IPPSEC is the GOAT.
-
Just submitted the Exam Report. 70 points. My Thoughts and Journey.
Credits to the creator of these resources - Tib3rius Privilege Escalation Courses (Windows & Linux) - Tib3rius AutoRecon: https://github.com/Tib3rius/AutoRecon - https://github.com/mchern1kov/pentest-everything - https://kashz.gitbook.io/kashz-jewels/ - https://book.hacktricks.xyz/
What are some alternatives?
OSCP-Exam-Report-Template-Markdown - :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
nmapAutomator - A script that you can run in the background!
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
OSCP-Priv-Esc - Mind maps / flow charts to help with privilege escalation on the OSCP.
EZEA - EZEA (EaZy Enum Automator), made for OSCP. This tool uses bash to automate most of the enumeration proces
pentest-everything - This is my penetration testing cheatsheet
SUDO_KILLER - A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
alacarte
PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)