# OSCP-CPTS NOTES ## OSCP-CPTS NOTES - [oscp-cpts-notes](https://notes.dollarboysushil.com/readme.md) - [Pivoting & Tunneling](https://notes.dollarboysushil.com/pivoting-and-tunneling.md) - [Local Port Forwarding](https://notes.dollarboysushil.com/pivoting-and-tunneling/local-port-forwarding.md) - [Remote Port Forwarding](https://notes.dollarboysushil.com/pivoting-and-tunneling/remote-port-forwarding.md) - [Dynamic Port Forwarding](https://notes.dollarboysushil.com/pivoting-and-tunneling/dynamic-port-forwarding.md) - [Ligolo-ng](https://notes.dollarboysushil.com/pivoting-and-tunneling/ligolo-ng.md) - [Linux Privilege Escalation](https://notes.dollarboysushil.com/linux-privilege-escalation.md): We assume that we now have a shell on the remote system. However, depending on how access was obtained, we may not yet have 'root' privileges. The following techniques can be used to elevate privilege - [Gathering Information of the System](https://notes.dollarboysushil.com/linux-privilege-escalation/gathering-information-of-the-system.md) - [Capabilities](https://notes.dollarboysushil.com/linux-privilege-escalation/capabilities.md) - [Group Based](https://notes.dollarboysushil.com/linux-privilege-escalation/group-based.md) - [SUID Privilege Escalation](https://notes.dollarboysushil.com/linux-privilege-escalation/suid-privilege-escalation.md) - [Cron Job](https://notes.dollarboysushil.com/linux-privilege-escalation/cron-job.md) - [Exploiting NFS weak Permission](https://notes.dollarboysushil.com/linux-privilege-escalation/exploiting-nfs-weak-permission.md) - [Sudo + LD\_PRELOAD (Shared Libraries)](https://notes.dollarboysushil.com/linux-privilege-escalation/sudo-+-ld_preload-shared-libraries.md) - [Shared Object Manipulation](https://notes.dollarboysushil.com/linux-privilege-escalation/shared-object-manipulation.md) - [Python Library Hijacking](https://notes.dollarboysushil.com/linux-privilege-escalation/python-library-hijacking.md) - [Windows Privilege Escalation](https://notes.dollarboysushil.com/windows-privilege-escalation.md) - [Gathering Information of the System](https://notes.dollarboysushil.com/windows-privilege-escalation/gathering-information-of-the-system.md) - [User Privileges](https://notes.dollarboysushil.com/windows-privilege-escalation/user-privileges.md) - [SeImpersonatePrivilege and SeAssignPrimaryToken](https://notes.dollarboysushil.com/windows-privilege-escalation/user-privileges/seimpersonateprivilege-and-seassignprimarytoken.md) - [SeDebugPrivilege](https://notes.dollarboysushil.com/windows-privilege-escalation/user-privileges/sedebugprivilege.md) - [SeTakeOwnershipPrivilege](https://notes.dollarboysushil.com/windows-privilege-escalation/user-privileges/setakeownershipprivilege.md) - [Group Privileges](https://notes.dollarboysushil.com/windows-privilege-escalation/group-privileges.md) - [Backup Operators](https://notes.dollarboysushil.com/windows-privilege-escalation/group-privileges/backup-operators.md) - [DnsAdmins](https://notes.dollarboysushil.com/windows-privilege-escalation/group-privileges/dnsadmins.md) - [Server Operators](https://notes.dollarboysushil.com/windows-privilege-escalation/group-privileges/server-operators.md) - [Always Install Elevated](https://notes.dollarboysushil.com/windows-privilege-escalation/group-privileges/always-install-elevated.md) - [Print Operators](https://notes.dollarboysushil.com/windows-privilege-escalation/group-privileges/print-operators.md) - [Event Log Readers](https://notes.dollarboysushil.com/windows-privilege-escalation/group-privileges/event-log-readers.md) - [Hyper-V Administrators](https://notes.dollarboysushil.com/windows-privilege-escalation/group-privileges/hyper-v-administrators.md) - [Credential Theft](https://notes.dollarboysushil.com/windows-privilege-escalation/credential-theft.md) - [Active Directory Attacks](https://notes.dollarboysushil.com/active-directory-attacks.md) - [Enumeration](https://notes.dollarboysushil.com/active-directory-attacks/enumeration.md) - [Initial Foothold](https://notes.dollarboysushil.com/active-directory-attacks/initial-foothold.md) - [Gathering Users & Password Policies](https://notes.dollarboysushil.com/active-directory-attacks/gathering-users-and-password-policies.md) - [Password Spraying](https://notes.dollarboysushil.com/active-directory-attacks/password-spraying.md) - [Credentialed Enumeration From Linux](https://notes.dollarboysushil.com/active-directory-attacks/credentialed-enumeration-from-linux.md) - [Credentialed Enumeration From Windows](https://notes.dollarboysushil.com/active-directory-attacks/credentialed-enumeration-from-windows.md) - [Kerberoasting - From Linux](https://notes.dollarboysushil.com/active-directory-attacks/kerberoasting-from-linux.md) - [Kerberoasting - From Windows](https://notes.dollarboysushil.com/active-directory-attacks/kerberoasting-from-windows.md) - [RED TEAMING](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming.md): Contains Notes from TryHackMe Read Team Path. - [Windows Local Persistence](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming/windows-local-persistence.md) - [Tampering With Unprivileged Accounts](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming/windows-local-persistence/tampering-with-unprivileged-accounts.md) - [Backdooring Files](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming/windows-local-persistence/backdooring-files.md) - [Abusing Services](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming/windows-local-persistence/abusing-services.md) - [Abusing Scheduled Tasks](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming/windows-local-persistence/abusing-scheduled-tasks.md) - [Logon Triggered Persistence](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming/windows-local-persistence/logon-triggered-persistence.md) - [Backdooring the Login Screen / RDP](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming/windows-local-persistence/backdooring-the-login-screen-rdp.md) - [Persisting Through Existing Services](https://notes.dollarboysushil.com/beyond-oscp-cpts/red-teaming/windows-local-persistence/persisting-through-existing-services.md) - [BugForge](https://notes.dollarboysushil.com/web-app/bugforge.md): Contains writeup for various BugForge labs. - [SQL Injection (SQLi)](https://notes.dollarboysushil.com/web-app/bugforge/sql-injection-sqli.md) - [Cheesy Does It](https://notes.dollarboysushil.com/web-app/bugforge/sql-injection-sqli/cheesy-does-it.md) - [Ottergram](https://notes.dollarboysushil.com/web-app/bugforge/sql-injection-sqli/ottergram.md) - [CopyPasta](https://notes.dollarboysushil.com/web-app/bugforge/sql-injection-sqli/copypasta.md) - [Business Logic Flaw](https://notes.dollarboysushil.com/web-app/bugforge/business-logic-flaw.md) - [Cheesy Does It](https://notes.dollarboysushil.com/web-app/bugforge/business-logic-flaw/cheesy-does-it.md) - [Cafe Club](https://notes.dollarboysushil.com/web-app/bugforge/business-logic-flaw/cafe-club.md) - [Cheesy Does It](https://notes.dollarboysushil.com/web-app/bugforge/business-logic-flaw/cheesy-does-it-1.md) - [Sokudo](https://notes.dollarboysushil.com/web-app/bugforge/business-logic-flaw/sokudo.md) - [Cheesy Does It (forgot\_password flaw)](https://notes.dollarboysushil.com/web-app/bugforge/business-logic-flaw/cheesy-does-it-forgot_password-flaw.md) - [IDOR - Insecure Direct Object Reference](https://notes.dollarboysushil.com/web-app/bugforge/idor-insecure-direct-object-reference.md) - [Tanuki](https://notes.dollarboysushil.com/web-app/bugforge/idor-insecure-direct-object-reference/tanuki.md) - [Tanuki - 2](https://notes.dollarboysushil.com/web-app/bugforge/idor-insecure-direct-object-reference/tanuki-2.md) - [CopyPasta](https://notes.dollarboysushil.com/web-app/bugforge/idor-insecure-direct-object-reference/copypasta.md) - [Broken Access Control](https://notes.dollarboysushil.com/web-app/bugforge/broken-access-control.md) - [Tanuki](https://notes.dollarboysushil.com/web-app/bugforge/broken-access-control/tanuki.md) - [Cheesy Does It](https://notes.dollarboysushil.com/web-app/bugforge/broken-access-control/cheesy-does-it.md) - [CopyPasta](https://notes.dollarboysushil.com/web-app/bugforge/broken-access-control/copypasta.md) - [Ottergram](https://notes.dollarboysushil.com/web-app/bugforge/broken-access-control/ottergram.md) - [Local File Inclusion (LFI)](https://notes.dollarboysushil.com/web-app/bugforge/local-file-inclusion-lfi.md) - [Cafe Club](https://notes.dollarboysushil.com/web-app/bugforge/local-file-inclusion-lfi/cafe-club.md) - [SSRF (Server-Side Request Forgery)](https://notes.dollarboysushil.com/web-app/bugforge/ssrf-server-side-request-forgery.md) - [Tanuki](https://notes.dollarboysushil.com/web-app/bugforge/ssrf-server-side-request-forgery/tanuki.md) - [JWT None Algorithm Attack](https://notes.dollarboysushil.com/web-app/bugforge/jwt-none-algorithm-attack.md) - [Shady Oaks Financial](https://notes.dollarboysushil.com/web-app/bugforge/jwt-none-algorithm-attack/shady-oaks-financial.md) - [Tanuki](https://notes.dollarboysushil.com/web-app/bugforge/jwt-none-algorithm-attack/tanuki.md) - [Mass Assignment](https://notes.dollarboysushil.com/web-app/bugforge/mass-assignment.md) - [Tanuki](https://notes.dollarboysushil.com/web-app/bugforge/mass-assignment/tanuki.md) - [GraphQL IDOR](https://notes.dollarboysushil.com/web-app/bugforge/graphql-idor.md) - [Ottergram](https://notes.dollarboysushil.com/web-app/bugforge/graphql-idor/ottergram.md) - [XXE](https://notes.dollarboysushil.com/web-app/bugforge/xxe.md) - [Tanuki](https://notes.dollarboysushil.com/web-app/bugforge/xxe/tanuki.md) - [Race Condition](https://notes.dollarboysushil.com/web-app/bugforge/race-condition.md) - [Shady Oaks Financial](https://notes.dollarboysushil.com/web-app/bugforge/race-condition/shady-oaks-financial.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://notes.dollarboysushil.com/readme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.