メインコンテンツまでスキップ

Introduction

Penetration testing is a critical hands-on skill in the field of information security. This documentation is specifically designed for educational purposes and for those aiming to obtain certifications (such as OSCP). All techniques and tools described here must only be used in authorized environments and resources (e.g., systems you own, official training labs, or designated practice environments).

Never attempt to use these methods on unauthorized systems or third-party resources. Doing so is illegal and may result in severe consequences. Always act ethically and in compliance with all applicable laws and regulations.

Section Overview

  • Resources Comprehensive cheatsheets, official OSCP resources, exam guides, and community study links for penetration testing.

  • Port and Service Scanning Practical guide for port scanning, service enumeration, and tool usage (nmap, masscan, AutoRecon, etc.).

  • Linux Privilege Escalation Techniques, tools, and commands for privilege escalation and exploitation on Linux systems.

  • Windows Privilege Escalation Techniques, tools, and commands for privilege escalation and exploitation on Windows systems.

Tools

  • Password Wordlists & Tools Common password/username lists, cracking tools (John, Hashcat), and tips for brute-force attacks.

  • nmap Key nmap commands, options, and scripting for network discovery and auditing.

  • Shellter Dynamic shellcode injection tool for Windows executables.

  • Reverse Shell Cheatsheet Common reverse shell commands for Linux and Windows.

  • mimikatz Post-exploitation tool for extracting credentials and Kerberos tickets on Windows.

  • WPScan WordPress vulnerability scanner and usage examples.

  • PowerShell Useful PowerShell commands and execution policy bypass techniques.

  • searchsploit Command-line tool for searching Exploit-DB for public exploits and shellcode.

  • Webshell (PHP) PHP webshell examples, usage, and tips for remote command execution.

  • Metasploit Framework (msfconsole) Core commands and workflow for the Metasploit penetration testing framework.

  • msfvenom Payload generator and encoder for Metasploit, with examples for various platforms.

  • Port Forwarding Techniques for tunneling network connections and pivoting.

  • Exploit Resources Links to public exploit databases and PoC code repositories.