rodolfomarianocy / OSCP-Tricks

OSCP Tricks - Updated in 2026 - Welcome and good journey! --- --- Trigger Tips • Information Gathering • Web Application Attacks • Password Attacks • Client-Side Attacks • File Transfers • Linux Enumeration and Privilege Escalation • Windows Enumeration and Privilege Escalation • Shell and Some Payloads • Port Forwarding and Tunneling • Active Directory Other Tips • Checklist - Linux Privilege Escalation - HackTricks • Linux Privilege Escalation - HackTricks • Checklist Windows Local Privilege Escalation - HackTricks • Windows Local Privilege Escalation - HackTricks • Active Directory Methodology - HackTricks • Wordpress - HackTricks • Drupal - HackTricks • Joomla - HackTricks • Tomcat - HackTricks • Jenkins - HackTricks Tutorials • Information Gathering • Hack The Box Academy - Network Enumeration with Nmap • Hack The Box Academy - FootPrinting • Hack The Box Academy - Attacking Common Services • Hack The Box Academy - Information Gathering Web Edition • Try Hack Me - Walking An Application • Try Hack Me - Web Enumeration • Web Application Attacks • Hack The Box Academy - Introduction to Web Applications • Hack The Box Academy - Web Attacks • Hack The Box Academy - File Inclusion • Hack The Box Academy - Abusing HTTP Misconfigurations • Hack The Box Academy - HTTP Attacks • Hack The Box Academy - SQL Injection Fundamentals • Hack The Box Academy - Blind SQL Injection • Hack The Box Academy - Advanced SQL Injection • Hack The Box Academy - Using Web Proxies • Hack The Box Academy - Attacking Web Applications with ffuf • Hack The Box Academy - Session Security • Hack The Box Academy - Attacking Authentication Mecanism • Hack The Box Academy - Web Service & API Attacks • Hack The Box Academy - Broken Authentication • Hack The Box Academy - File Upload Attacks • Hack The Box Academy - Whitebox Pentesting 101: Command Injection • Hack The Box Academy - Command Injections • Hack The Box Academy - Cross-Site Scripting (XSS) • Hack The Box Academy - Server-Side Attacks • Hack The Box Academy - Introduction to NoSQL Injection • Hack The Box Academy - Introduction to Deserialization Attacks • Try Hack Me - SQL Injection • Try Hack Me - SQL Injection Lab • Try Hack Me - Authentication Bypass • Try Hack Me - IDOR • Try Hack Me - SSRF • Try Hack Me - File Inclusion • Try Hack Me - Cross-Site Scripting • Try Hack Me - Command Injection • Try Hack Me - Upload Vulnerabilities • Try Hack Me - Bypass Disable Functions • PortSwigger Web Security Academy - SQL Injection • PortSwigger Web Security Academy - Cross-Site Scripting • PortSwigger Web Security Academy - XML external entity (XXE) injection • PortSwigger Web Security Academy - OS command injection • PortSwigger Web Security Academy - Server-side template injection • PortSwigger Web Security Academy - Directory traversal • PortSwigger Web Security Academy - Access control vulnerabilities • PortSwigger Web Security Academy - Information Disclosure • PortSwigger Web Security Academy - File upload vulnerabilities • PortSwigger Web Security Academy - Authentication • PortSwigger Web Security Academy - JWT attacks • PortSwigger Web Security Academy - CSRF • PortSwigger Web Security Academy - SSRF • PortSwigger Web Security Academy - Business logic vulnerabilities • PentesterLab - From SQL Injection to Shell • PentesterLab - From SQL injection to Shell II • PentesterLab - From SQL injection to Shell III • PentesterLab - SQL Injection 01 • PentesterLab - SQL Injection 02 • PentesterLab - SQL Injection 03 • PentesterLab - SQL Injection 04 • PentesterLab - SQL Injection 05 • PentesterLab - SQL Injection 06 • PentesterLab - XSS and MySQL FILE • PentesterLab - RCE via argument injection - PentesterLab • PentesterLab - Server Side Template Injection 01 • PentesterLab - Server Side Template Injection 02 • PentesterLab - Express Local File Read • PentesterLab - PHP Include And Post Exploitation • PentesterLab - File Include 01 • PentesterLab - File Include 02 • PentesterLab - File Upload 01 • PentesterLab - File Upload 02 • PentesterLab - CVE-2021-33564 Argument Injection in Ruby Dragonfly • PentesterLab - CVE-2014-6271/Shellshock • Shells & Payloads • Hack The Box - Shells & Payloads • Linux Enumeration and Privilege Escalation • Try Hack Me - Linux: Local Enumeration • Try Hack Me - Enumeration • Try Hack Me - Linux PrivEsc • Try Hack Me - Linux Privilege Escalation • Hack The Box Academy - Linux Privilege Escalation • Windows Enumeration and Privilege Escalation • Hack The Box Academy - Windows Privilege Escalation • Try Hack Me - Enumeration • Try Hack Me - Windows PrivEsc • Try Hack Me - Windows PrviEsc Arena • File Transfers • Hack The Box Academy - File Transfers • Public Exploits (Localizing, Code Review, Improvements) • Try Hack Me - Vulnerabilities 101 • Try Hack Me - Exploit Vulnerabilities • Try Hack Me - Vulnerability Capstone • Try Hack Me - Intro PoC Scripting • Port Forwarding and Tunneling • Hack The Box Academy - Pivoting, Tunneling, and Port Forwarding • Try Hack Me - Wreath • Active Directory • Hack The Box Academy - Introduction to Active Directory • Hack The Box Academy - Active Directory Enumeration Attacks • Hack The Box Academy - Active Directory LDAP • Hack The Box Academy - Active Directory PowerView • Hack The Box Academy - Active Directory BloodHound • Hack The Box Academy - Kerberos Attacks • Hack The Box Academy - Using crackmapexec • Hack The Box Academy - Password Attacks • Hack The Box Academy - Attacking Enterprise Networks • Try Hack Me - Active Directory Basics • Try Hack Me - Attacktive Directory • Try Hack Me - Attacking Kerberos • Try Hack Me - Breaching Active Directory • Try Hack Me - AD Enumeration • Try Hack Me - Lateral Movement and Pivoting • Try Hack Me - Exploiting Active Directory • Try Hack Me - Post-Exploitation Basics • Try Hack Me - HoloLive • Pentest Report • Hack The Box Academy - Documentation & Reporting Machines List As you go through the list of machines, remember the changes that have occurred in t…