Skip to content

CodeBlackwell/C.R.A.C.K.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

482 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OSCP Documentation Index

Quick Navigation

Complete web attack guides from discovery to exploitation

Windows-specific techniques and post-exploitation

Linux privilege escalation and lateral movement

Network service enumeration and exploitation

Bypassing security controls and defenses

Cheat sheets and fast lookup guides

Active Directory enumeration and attacks

Practice machine writeups and exercises


Structure Overview

OSCP/
├── web/                    # All web exploitation (15 files)
├── windows/                # Windows techniques (6 files)
├── linux/                  # Linux techniques (2 files)
├── services/               # Network services (5 files)
├── evasion/                # Defense bypasses (6 files)
├── quick-ref/              # Fast lookups (4 files)
├── active-directory/       # AD attacks (1 file)
├── lab-notes/              # Practice writeups
│   ├── exercises/
│   ├── proving-grounds/
│   ├── hackthebox/
│   └── vulnhub/
├── scans/                  # Scan outputs
├── exploits/               # Custom scripts
└── CLAUDE.md               # Project configuration

Quick Access Examples

# Web application testing
cat web/sqli-manual.md
cat web/file-upload-filemanager.md

# Windows post-exploitation
cat windows/credential-harvesting.md
cat windows/lateral-movement.md

# Service enumeration
cat services/nmap.md
cat services/smb.md

# Quick reference during engagement
cat quick-ref/reverse-shells.md
cat quick-ref/php-wrappers.md

# Evasion techniques
cat evasion/av-evasion-advanced.md

Usage Workflow

  1. Enumeration Phase: Start with services/nmap.md, then specific service guides
  2. Web Testing: Check web/ directory for specific vulnerability types
  3. Initial Access: Reference quick-ref/reverse-shells.md for payloads
  4. Post-Exploitation: Use windows/ or linux/ for privilege escalation
  5. Evasion: Check evasion/ if encountering AV/AppLocker/filters
  6. Active Directory: Use active-directory/enumeration.md for AD environments

Document Standards

Each document contains:

  • PURPOSE: What this technique accomplishes
  • COMMANDS: Full syntax with flag explanations
  • EXPECTED OUTPUT: What success looks like
  • TROUBLESHOOTING: Common issues and fixes
  • EXAM TIPS: OSCP-specific considerations

All guides are end-to-end: discovery → enumeration → exploitation → completion


Contributing

When adding new documentation:

  1. Place in appropriate attack vector directory
  2. Update this index
  3. Include complete command explanations with all flags
  4. Add practical examples from labs
  5. Include troubleshooting section
  6. Focus on OSCP exam applicability

About

C.R.A.C.K. — Comprehensive Recon & Attack Creation Kit. A modular pentesting toolkit featuring 700+ commands, 50+ attack chains, and Neo4j-powered attack path visualization. Because methodology beats memorization

Resources

Contributing

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors