OSCP

OSCP Week 1

Posted Jan 10, 2026 Updated Feb 1, 2026

By Mustafa Eltayeb

4 min read

OSCP

Linux Command Line Interface (CLI) Fundamentals

ls - List directory contents with various flags (-la, -lh, -R)
cd - Change directory (absolute vs relative paths)
pwd - Print working directory
cp - Copy files and directories
mv - Move/rename files and directories
rm - Remove files and directories (-r, -f flags)
mkdir - Create directories (-p for parent directories)
cat - Concatenate and display files
tac - Display files in reverse
head/tail - View beginning/end of files
more/less - Page through file content

File Viewing & Manipulation

grep - Pattern searching (-i, -v, -r, -E, -l)
find - Search for files (-name, -type, -size, -exec)
locate - Find files using database
which/whereis - Find command locations
man - Manual pages
apropos - Search man pages
sudo - Execute as superuser
su - Switch user

Package Management

apt - Debian/Ubuntu package management (install, update, upgrade, remove)
yum/dnf - RHEL/CentOS package management
dpkg - Debian package management

Bash Scripting

Core Concepts

Shebang (#!/bin/bash)
Variables declaration and usage
Command substitution ($(), ` `)
Passing arguments ($1, $2, $@, $#)
Reading user input (read)

Control Structures

If/else/elif statements
For loops
While loops
Until loops
Case statements
Functions definition and calling
Return values and exit codes

Advanced Scripting

String manipulation
Arithmetic operations
Arrays
File testing (-f, -d, -r, -w, -x)
Redirection (>, >>, 2>, &>, |)
Here documents (<<)

Linux File Permissions & User Management

Basic Permissions

Understanding permission notation (rwx)
Numeric permissions (octal: 755, 644, etc.)
chmod - Change file permissions
chown - Change file owner/group
chgrp - Change group ownership
umask - Default permission mask

Special Permissions

SUID (Set User ID) - chmod u+s
SGID (Set Group ID) - chmod g+s
Sticky Bit - chmod +t
Identifying and exploiting misconfigured permissions

User & Group Management

/etc/passwd structure
/etc/shadow structure
/etc/group structure
useradd/usermod/userdel
groupadd/groupmod/groupdel
passwd - Change passwords
id - Display user/group IDs

Networking Basics

Network Configuration

ip - Modern network configuration
ifconfig - Legacy interface configuration
route - View/modify routing tables
/etc/network/interfaces and /etc/resolv.conf

Netcat Mastery

Basic Operations

Connect to TCP/UDP ports: nc <host> <port>
Listen on ports: nc -lvnp <port>
File transfer (sender/receiver)
Port scanning with Netcat

Advanced Usage

Banner grabbing: echo "" | nc -nv <host> <port>
Reverse/bind shells
Proxy and relay setup
Chat server creation

Information Gathering Techniques

Domain Intelligence

whois - Domain registration information
Understanding whois record components (registrar, nameservers, dates)

Google Hacking (Dorking)

Basic operators: site:, inurl:, intitle:, filetype:
Advanced operators: intext:, cache:, link:
Combination operators for specific findings
Google hacking database (GHDB) familiarity

DNS Enumeration

dig with various record types (A, MX, TXT, NS, SOA)
Zone transfers with dig (AXFR)
dnsenum - Comprehensive DNS enumeration
dnsrecon - Advanced DNS reconnaissance
Subdomain enumeration techniques

Nmap Port Scanning

Scan Types

TCP Connect Scan (-sT)
SYN Stealth Scan (-sS)
UDP Scan (-sU)
ACK Scan (-sA)
Window Scan (-sW)
Maimon Scan (-sM)

Advanced Options

Service Version Detection (-sV)
OS Detection (-O)
Script Scanning (-sC)
Timing Templates (-T0 to -T5)
Output Formats (-oN, -oX, -oG)

Practical Scans

Full port scan: nmap -p- <target>
Top ports scan: nmap --top-ports 1000 <target>
Comprehensive scan: nmap -sC -sV -O <target>
Firewall/IDS evasion techniques
NSE (Nmap Scripting Engine) usage

Service Enumeration

SMB Enumeration

smbclient - SMB file sharing
smbmap - SMB share enumeration
enum4linux - Comprehensive SMB enumeration
Nmap SMB scripts (smb-os-discovery, smb-enum-shares)

SMTP Enumeration

Manual SMTP commands (HELO, VRFY, EXPN, RCPT TO)
smtp-user-enum - SMTP user enumeration
Nmap SMTP scripts (smtp-commands, smtp-enum-users)

SNMP Enumeration

snmpwalk - SNMP tree walking
snmp-check - SNMP enumeration tool
Common SNMP community strings
MIB (Management Information Base) concepts

Practice & Hands-On

TryHackMe Rooms

Complete “Linux Fundamentals” room
Complete “Network Services” room
Complete “Bash Scripting” room
Practice in “Nmap” room

Vulnerable VMs

Set up and scan Metasploitable 2
Practice against Kioptrix series
Use VulnHub machines for real-world practice

OffSec Labs You Can use THM OR HTB

Whois Enumeration lab
Google Hacking lab
Netcraft lab
DNS Enumeration lab
TCP/UDP Port Scanning lab
SMB/SMTP/SNMP Enumeration labs

Final Validation

Can navigate Linux filesystem without GUI
Can write basic to intermediate Bash scripts
Understand and can modify file permissions
Can perform comprehensive network enumeration
Can conduct full Nmap scans and interpret results
Can enumerate common services (SMB/SMTP/SNMP)
Have practiced on at least 3 vulnerable VMs

OSCP_WEEKS

OSCP

This post is licensed under CC BY 4.0 by the author.

OSCP

Linux Command Line Interface (CLI) Fundamentals

Basic Navigation & File Operations

File Viewing & Manipulation

Package Management

Bash Scripting

Core Concepts

Control Structures

Advanced Scripting

Linux File Permissions & User Management

Basic Permissions

Special Permissions

User & Group Management

Networking Basics

Network Configuration

Network Diagnostics

Netcat Mastery

Basic Operations

Advanced Usage

Information Gathering Techniques

Domain Intelligence

Google Hacking (Dorking)

DNS Enumeration

Nmap Port Scanning

Scan Types

Advanced Options

Practical Scans

Service Enumeration

SMB Enumeration

SMTP Enumeration

SNMP Enumeration

Practice & Hands-On

TryHackMe Rooms

Vulnerable VMs

OffSec Labs You Can use THM OR HTB

Final Validation

Trending Tags