Occasionally, you’ll need to use a public exploit, maybe even modify the shellcode or other parts. You probably need the first part only for PWK. There are countless resources on how to get started, I’d recommend Corelan’s series. Don’t just enumerate them, understand what they’re used for and how they work. Services enumeration: SMTP, SNMP, SMB, and a lot others.I’d recommend to start by reading the man pages, understand different scanning techniques and other capabilities it has (scripts, OS detection, Service detection, …) Nmap: One of the most used tools during the course (if not the most).Understand what DNS is, how it works, how to perform forward and reverse lookup, what zone transfers are and how to perform them.Recon-ng: Make sure you check the Usage guide to know how it works.Read about the following tools/techniques, experiment as much as possible. TCPdump: Not all machines have that cute GUI, you could be stuck with a terminal.Wireshark: Network analysis tool, play with it while browsing the internet, connecting to FTP, read/write PCAP files.Ncat: Netcat’s mature brother, supports SSL.Understand what it does, what options you have, difference between a reverse shell and a bind shell.
- Netcat: Most important tool in the entire course.
- Make sure you understand what they do and how you can utilize them.
- Explainshell: Does NOT replace man pages, but breaks down commands easily for new comers.
- Each challenge gives you hints on which commands you can use, you need to research them.
- OverTheWire: Bandit: Great start for people who aren’t used to using a terminal, aren’t familiar with Bash or other *nix in general.
-
Bash for Beginners: Best Bash reference IMO.You don’t need to use Kali Linux right away, a good alternative is Ubuntu till you get comfortable with Linux. Entire preparation I did was based on it. Simply the most important reference in the list, it shows the course modules in a detailed way. Warning: Don’t expect to be spoon-fed if you’re doing OSCP, you’ll need to spend a lot of time researching, neither the admins or the other students will give you answers easily. I also didn’t like paying for the PWK lab time without using it, so I went through a number of resources till I felt ready for starting the course. Few months ago, I didn’t know what Bash is, who that root guy people were scared of, and definitely never heard of SSH tunneling.