Skip to content

Latest commit

 

History

History
127 lines (121 loc) · 5.11 KB

syllabus.md

File metadata and controls

127 lines (121 loc) · 5.11 KB

oswe_preparation

Advanced Web Attacks & Exploitation

All efforts for the AWAE course and preparation for the Offensive Security Web Expert (OSWE) exam.

Study Strategy

Course Completion

Taken from publicly-available syllabus.

  • 1. Introduction
    • Videos
    • Read/Notes
  • 2. Tools & Methodologies
    • Videos
    • Read/Notes
    • 2.1.5 Exercise - Web Inspection
    • 2.2.1 Exercise - Python Requests
    • 2.3.3 Exercise - Decompilation
  • 3. Atmail Mail Server Appliance: from XSS to RCE
    • Videos
    • Read/Notes
    • 3.3.1 Exercise - Vuln Discovery
    • 3.4.1 Exercise - Session Hijack
    • 3.5.4 Exercise - Session Riding
    • 3.5.5 Extra Mile - Session Riding
    • 3.6.5 Exercise - globalsaveAction Vuln Analysis
    • 3.6.7 Exercise - Make it fully automagical
    • 3.6.8 Extra Mile
    • 3.6.8 Extra Mile - Also see if you can background it completely
  • 4. ATutor Auth Bypass and RCE
    • Videos
    • Read/Notes
    • 4.3.1 Exercise - Vuln Discovery
    • 4.6.3 Exercise - Data Exfil
    • 4.6.4 Extra Mile - Data Exfil
    • 4.7.1 Exercise - ATutor Auth
    • 4.7.2 Extra Mile - ATutor Auth
    • 4.8.1 Exercise - ATutor Auth
    • 4.8.2 Extra Mile - ATutor Auth
    • 4.9.1 Exercise - File Upload
    • 4.10.5 Exercise - RCE
    • 4.10.6 Extra Mile - RCE
  • 5. ATutor LMS Type Juggling Vuln
    • Videos
    • Read/Notes
    • 5.4.1 Exercise - String Conversion
    • 5.6.3 Exercise - Loose Comparison
    • 5.6.4 Extra Mile - Loose Comparison
  • 6. ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE
    • Videos
    • Read/Notes
    • 6.3.6 Exercise - Vuln Discovery
    • 6.5.1 Exercise - Blind Bats
    • 6.6.1 Exercise - Access FS
    • 6.6.3 Exercise - VBS file [!! Need to do the batch! Got the reverse shell... !!]
    • 6.6.4 Extra Mile - Shell via JSP
    • 6.7.4 Exercise - PostgreSQL Extensions
    • 6.8.1 Exercise - UDF Reverse Shell
    • 6.9.3 Exercise - Moar Shells
    • 6.9.4 Extra Mile - Moar Shells
  • 7. Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability
    • Videos
    • Read/Notes
    • 7.6.1 Exercise - RevShell
    • 7.6.2 Extra Mile - RevShell
  • 8. DotNetNuke Deserialization RCE
    • Videos
    • Read/Notes
    • 8.4.3 Exercise - Serialization Basics
    • 8.4.5 Exercise - Serialization Basics
    • 8.4.7 Exercise - Serialization Basics
    • 8.5.3 Exercise - DNN Vuln Analysis
    • 8.6.4 Exercise - Payload Options
    • 8.6.7 Exercise - Payload Options
    • 8.7.1 Exercise - Payload Options
    • 8.8.1 Extra Mile - Y SO SERIAL? .NET
    • 8.8.2 Extra Mile - Y SO SERIAL? Java
  • 9. ERPNext Authentication Bypass and Server Side Template Injection
    • Videos
    • Read/Notes
    • 9.1.1.1 Exercise - Configure Kali SMTPd server
    • 9.1.2.1 Exercise - Configure remote debugging
    • 9.1.3.1 Exercise - Configure MariaDB logging
    • 9.2.3.2 Exercise - Find whitelisted functions
    • 9.3.1.2 Exercises - SQLi
    • 9.4.2.1 Exercises - Access the admin acct
    • 9.5.2.1 Exercise - Find the SSTI
    • 9.5.2.2 Extra Mile - Find another instance of SSTI
    • 9.5.3.1 Exercise - Recreate the __class__ rendering
    • 9.5.3.2 Extra Mile - Alternative filter bypass
    • 9.6.1.1 Exercises - Recreate the filter bypass and exploit and find other classes to own
    • 9.6.2.1 Exercises - Recreate RCE and get shell
    • 9.6.2.2 Extra Mile - Get output to display
  • 10. openCRX Authentication Bypass and Remote Code Execution
    • Videos
    • Read/Notes
    • 10.2.1.1 Exercise - Recreate the Rando and SecureRando
    • 10.2.4.1 Exercise - Generate a token list
    • 10.2.4.2 Extra Mile - Update token program to take start/stop
    • 10.2.5.2 Exercises - Reset password
    • 10.2.5.3 Extra Mile - Automate the attack chain
    • 10.3.6.2 Exercises - Recreate the XXE attack
    • 10.3.6.3 Extra Mile - Script to parse XXE results
    • 10.3.8.1 Exercise - Implement the "wrapper" payload
    • 10.3.9.2 Exercise - Connect to HSQLDB
    • 10.4.1.1 Exercises - Write file and confirm
    • 10.4.2.1 Exercise - Find dir with JSP files
    • 10.4.3.1 Exercises - Get. That. Shell.
  • 11. openITCOCKPITXSSandOSCommandInjection - Blackbox
    • Videos
    • Read/Notes
    • 11.5.1 Exercise - Recreate the XSS
    • 11.6.2.1 Exercises - DOM rewrite
    • 11.6.2.2 Extra Mile - Prevent new page load
    • 11.6.3.1 Exercises - Finish the script and initialize the DB
    • 11.6.4.1 Exercises - Finish the API script and get a fake login page with the XSS
    • 11.6.4.2 Extra Mile - Add cookie functionality
    • 11.6.5.1 Exercises - Exploit the XSS
    • 11.6.5.2 Extra Miles - Beef up dat XSS
    • 11.6.6.1 Exercise - Dump the SQLite DB
    • 11.7.4.1 Exercise - Fuzz and find cmds
    • 11.7.5.1 Exercise - Test cmd injection
    • 11.7.6.1 Exercise - Get a meterpreter shell
    • 10.7.7 Extra Mile - Get RCE via administrator session