2 min to read
OSCP Cheatsheet
General
Important Locations
Windows
WindowsLinux
``` powershell /etc/passwd /etc/shadow /etc/aliases /etc/anacrontab /etc/apache2/apache2.conf /etc/apache2/httpd.conf /etc/apache2/sites~|-|enabled/000~|-|default.conf /etc/at.allow /etc/at.deny /etc/bashrc /etc/bootptab /etc/chrootUsers /etc/chttp.conf /etc/cron.allow /etc/cron.deny /etc/crontab /etc/cups/cupsd.conf /etc/exports /etc/fstab /etc/ftpaccess /etc/ftpchroot /etc/ftphosts /etc/groups /etc/grub.conf /etc/hosts /etc/hosts.allow /etc/hosts.deny /etc/httpd/access.conf /etc/httpd/conf/httpd.conf /etc/httpd/httpd.conf /etc/httpd/logs/access_log /etc/httpd/logs/access.log /etc/httpd/logs/error_log /etc/httpd/logs/error.log /etc/httpd/php.ini /etc/httpd/srm.conf /etc/inetd.conf /etc/inittab /etc/issue /etc/knockd.conf /etc/lighttpd.conf /etc/lilo.conf /etc/logrotate.d/ftp /etc/logrotate.d/proftpd /etc/logrotate.d/vsftpd.log /etc/lsb~|-|release /etc/motd /etc/modules.conf /etc/motd /etc/mtab /etc/my.cnf /etc/my.conf /etc/mysql/my.cnf /etc/network/interfaces /etc/networks /etc/npasswd /etc/passwd /etc/php4.4/fcgi/php.ini /etc/php4/apache2/php.ini /etc/php4/apache/php.ini /etc/php4/cgi/php.ini /etc/php4/apache2/php.ini /etc/php5/apache2/php.ini /etc/php5/apache/php.ini /etc/php/apache2/php.ini /etc/php/apache/php.ini /etc/php/cgi/php.ini /etc/php.ini /etc/php/php4/php.ini /etc/php/php.ini /etc/printcap /etc/profile /etc/proftp.conf /etc/proftpd/proftpd.conf /etc/pure~|-|ftpd.conf /etc/pureftpd.passwd /etc/pureftpd.pdb /etc/pure~|-|ftpd/pure~|-|ftpd.conf /etc/pure~|-|ftpd/pure~|-|ftpd.pdb /etc/pure~|-|ftpd/putreftpd.pdb /etc/redhat~|-|release /etc/resolv.conf /etc/samba/smb.conf /etc/snmpd.conf /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub /etc/sysconfig/network /etc/syslog.conf /etc/termcap /etc/vhcs2/proftpd/proftpd.conf /etc/vsftpd.chroot_list /etc/vsftpd.conf /etc/vsftpd/vsftpd.conf /etc/wu~|-|ftpd/ftpaccess /etc/wu~|-|ftpd/ftphosts /etc/wu~|-|ftpd/ftpusers /logs/pure~|-|ftpd.log /logs/security_debug_log /logs/security_log /opt/lampp/etc/httpd.conf /opt/xampp/etc/php.ini /proc/cmdline /proc/cpuinfo /proc/filesystems /proc/interrupts /proc/ioports /proc/meminfo /proc/modules /proc/mounts /proc/net/arp /proc/net/tcp /proc/net/udp /proc/~|<|PID>/cmdline /proc/~|<|PID>/maps /proc/sched_debug /proc/self/cwd/app.py /proc/self/environ /proc/self/net/arp /proc/stat /proc/swaps /proc/version /root/anaconda~|-|ks.cfg /usr/etc/pure~|-|ftpd.conf /usr/lib/php.ini /usr/lib/php/php.ini /usr/local/apache/conf/modsec.conf /usr/local/apache/conf/php.ini /usr/local/apache/log /usr/local/apache/logs /usr/local/apache/logs/access_log /usr/local/apache/logs/access.log /usr/local/apache/audit_log /usr/local/apache/error_log /usr/local/apache/error.log /usr/local/cpanel/logs /usr/local/cpanel/logs/access_log /usr/local/cpanel/logs/error_log /usr/local/cpanel/logs/license_log /usr/local/cpanel/logs/login_log /usr/local/cpanel/logs/stats_log /usr/local/etc/httpd/logs/access_log /usr/local/etc/httpd/logs/error_log /usr/local/etc/php.ini /usr/local/etc/pure~|-|ftpd.conf /usr/local/etc/pureftpd.pdb /usr/local/lib/php.ini /usr/local/php4/httpd.conf /usr/local/php4/httpd.conf.php /usr/local/php4/lib/php.ini /usr/local/php5/httpd.conf /usr/local/php5/httpd.conf.php /usr/local/php5/lib/php.ini /usr/local/php/httpd.conf /usr/local/php/httpd.conf.ini /usr/local/php/lib/php.ini /usr/local/pureftpd/etc/pure~|-|ftpd.conf /usr/local/pureftpd/etc/pureftpd.pdn /usr/local/pureftpd/sbin/pure~|-|config.pl /usr/local/www/logs/httpd_log /usr/local/Zend/etc/php.ini /usr/sbin/pure~|-|config.pl /var/adm/log/xferlog /var/apache2/config.inc /var/apache/logs/access_log /var/apache/logs/error_log /var/cpanel/cpanel.config /var/lib/mysql/my.cnf /var/lib/mysql/mysql/user.MYD /var/local/www/conf/php.ini /var/log/apache2/access_log /var/log/apache2/access.log /var/log/apache2/error_log /var/log/apache2/error.log /var/log/apache/access_log /var/log/apache/access.log /var/log/apache/error_log /var/log/apache/error.log /var/log/apache~|-|ssl/access.log /var/log/apache~|-|ssl/error.log /var/log/auth.log /var/log/boot /var/htmp /var/log/chttp.log /var/log/cups/error.log /var/log/daemon.log /var/log/debug /var/log/dmesg /var/log/dpkg.log /var/log/exim_mainlog /var/log/exim/mainlog /var/log/exim_paniclog /var/log/exim.paniclog /var/log/exim_rejectlog /var/log/exim/rejectlog /var/log/faillog /var/log/ftplog /var/log/ftp~|-|proxy /var/log/ftp~|-|proxy/ftp~|-|proxy.log /var/log/httpd~|-|access.log /var/log/httpd/access_log /var/log/httpd/access.log /var/log/httpd/error_log /var/log/httpd/error.log /var/log/httpsd/ssl.access_log /var/log/httpsd/ssl_log /var/log/kern.log /var/log/lastlog /var/log/lighttpd/access.log /var/log/lighttpd/error.log /var/log/lighttpd/lighttpd.access.log /var/log/lighttpd/lighttpd.error.log /var/log/mail.info /var/log/mail.log /var/log/maillog /var/log/mail.warn /var/log/message /var/log/messages /var/log/mysqlderror.log /var/log/mysql.log /var/log/mysql/mysql~|-|bin.log /var/log/mysql/mysql.log /var/log/mysql/mysql~|-|slow.log /var/log/proftpd /var/log/pureftpd.log /var/log/pure~|-|ftpd/pure~|-|ftpd.log /var/log/secure /var/log/vsftpd.log /var/log/wtmp /var/log/xferlog /var/log/yum.log /var/mysql.log /var/run/utmp /var/spool/cron/crontabs/root /var/webmin/miniserv.log /var/www/html~|<|VHOST>/\_\_init\_\_.py /var/www/html/db_connect.php /var/www/html/utils.php /var/www/log/access_log /var/www/log/error_log /var/www/logs/access_log /var/www/logs/error_log /var/www/logs/access.log /var/www/logs/error.log \~/.atfp_history \~/.bash_history \~/.bash_logout \~/.bash_profile \~/.bashrc \~/.gtkrc \~/.login \~/.logout \~/.mysql_history \~/.nano_history \~/.php_history \~/.profile \~/.ssh/authorized_keys ~|#|id_rsa, id_ecdsa, id_ecdsa_sk, id_ed25519, id_ed25519_sk, and id_dsa \~/.ssh/id_dsa \~/.ssh/id_dsa.pub \~/.ssh/id_rsa \~/.ssh/id_edcsa \~/.ssh/id_rsa.pub \~/.ssh/identity \~/.ssh/identity.pub \~/.viminfo \~/.wm_style \~/.Xdefaults \~/.xinitrc \~/.Xresources \~/.xsession ```GitHub recon
- You need to find traces of the
.gitfiles on the target machine. - Now navigate to the directory where the file is located, a potential repository.
Reconnaissance
Port Scanning:
- NMAP
- Rustscan (Def faster than NMAP)
Finding Subdomains and Directory Bruteforcing:
- subdir
- ffuf (Good for directory brueforcing and subdomain finding)
- dirbuster
If you are given an IP address but you find a DNS name, then you can modify your /etc/hosts files to point to the DNS name. If there is a subdomain found, add another entry in /etc/hosts file so that you can access it via your browser.
Comments