Hakluke’s Ultimate OSCP Guide: Part 3 — Practical hacking tips and tricks
So, you’ve finally signed up, paid the money, waited for the start date, logged in to the VPN, and are suddenly hit in the face with a plethora of vulnerable boxes and you have no idea where to start.
This part of the guide will show the general process I tend to use when approaching a new target in the OSCP labs. This is by no means a replacement for reading the PWK manual and doing the exercises, it’s a brief overview of some major vulnerability types and a few tips. You can always refer back to this post later, using it as a cheat sheet for command syntax.
Nmap
First of all, we need to know what boxes exist on the network nmap run a ping scan:
nmap -sn 10.0.0.0/24
The above command will test whether all machines in the 10.0.0.0/24 subnet are alive (10.0.0.0–10.0.0.255). You may need to change this for the lab network.
Once I have chosen a host, the first thing I always do is:
nmap -A -oA nmap $targetip
This will scan the 1024 most common ports, run OS detection, run default nmap scripts, and save the results in a number of formats in the current directory.