Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
oswe_awae [2019/10/21 11:08] M0N5T3R |
oswe_awae [2020/02/01 10:53] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 2: | Ligne 2: | ||
- | https://twitter.com/offsectraining/status/1177221658622464000?s=19 | ||
- | https://github.com/jamesbercegay/advisories/blob/master/%5BGTSA-00130%5D%20Webmin%201.920%20Remote%20Code%20Execution.txt | ||
+ | OSWE Certification Exam Guide | ||
+ | https://support.offensive-security.com/oswe-exam-guide/ | ||
- | http://essentialexploit.com/AWAE.html | + | Tips from offsec about OSWE : |
+ | https://twitter.com/offsectraining/status/1177221658622464000?s=19 | ||
- | https://github.com/M507/AWAE-Preparation | + | **Reviews** |
+ | |||
+ | review | ||
+ | http://essentialexploit.com/AWAE.html | ||
review | review | ||
Ligne 20: | Ligne 24: | ||
Video review | Video review | ||
https://m.youtube.com/watch?v=AqNBtINEChw | https://m.youtube.com/watch?v=AqNBtINEChw | ||
+ | |||
+ | review and tips | ||
+ | https://www.vesiluoma.com/offensive-security-web-expert-oswe-advanced-web-attacks-and-exploitation/ | ||
+ | |||
+ | **OSWE Preperation** | ||
+ | |||
+ | |||
+ | AWAE-Preparation - This post contains all trainings and tutorials that could be useful for offensive security’s OSWE certification. I will be updating the post during my lab and preparation for the exam. https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/ | ||
+ | |||
+ | This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE https://github.com/ramihub/AWAE-PREP | ||
+ | |||
+ | my learning case to prepare OSWE exam https://github.com/sailay1996/offsec_WE | ||
Preparation for coming AWAE Training. https://github.com/w4fz5uck5/OSWE | Preparation for coming AWAE Training. https://github.com/w4fz5uck5/OSWE | ||
Ligne 25: | Ligne 41: | ||
- | OSCP-Prep | + | This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE. |
- | https://github.com/ManhNho/AWAE-OSWE | + | https://github.com/M507/AWAE-Preparation |
+ | |||
Video OSWE Preperation | Video OSWE Preperation | ||
Ligne 44: | Ligne 62: | ||
Video OSWE prep | Video OSWE prep | ||
https://www.youtube.com/watch?v=t-zVC-CxYjw&list=PLL5n_4gj5JCw1aRrlVbdMCAugNz-ia3Wh | https://www.youtube.com/watch?v=t-zVC-CxYjw&list=PLL5n_4gj5JCw1aRrlVbdMCAugNz-ia3Wh | ||
+ | |||
+ | OSWE PREP | ||
+ | https://github.com/rinku191/OSWE-prepration/wiki/PHP-Dangerous-function | ||
+ | |||
Preparation for coming AWAE Training. Work in progress... | Preparation for coming AWAE Training. Work in progress... | ||
Ligne 53: | Ligne 75: | ||
This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses. | This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses. | ||
https://github.com/wetw0rk/AWAE-PREP | https://github.com/wetw0rk/AWAE-PREP | ||
+ | |||
+ | AWAE/OSWE PREP | ||
+ | https://medium.com/@mucomplex/oswe-awae-exam-experience-and-tips-fbd55bbdffb8 | ||
AWAE/OSWE PREP (Code analysis to gaining rce and automating everything with Python) | AWAE/OSWE PREP (Code analysis to gaining rce and automating everything with Python) | ||
Ligne 62: | Ligne 87: | ||
+ | Deep Dive into .NET ViewState deserialization and its exploitation https://medium.com/@swapneildash/deep-dive-into-net-viewstate-deserialization-and-its-exploitation-54bf5b788817 | ||
- | OSWE Certification Exam Guide | + | **Atmail Mail Server Appliance: from XSS to RCE (6.4) CVE-2012-2593** |
- | https://support.offensive-security.com/oswe-exam-guide/ | + | |
+ | https://www.exploit-db.com/exploits/20009 | ||
+ | https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py | ||
+ | Atmail Webmail => 7.5 - Multiple Vulnerabilities https://cxsecurity.com/issue/WLB-2015020027 | ||
+ | http://progdave.wikidot.com/basic-xss-attack | ||
+ | http://progdave.wikidot.com/basic-csrf-attack | ||
+ | |||
+ | |||
+ | **ATutor Authentication Bypass and RCE (2.2.1) CVE-2016-2555** | ||
- | **Atmail Mail Server Appliance: from XSS to RCE (6.4) CVE-2012-2593** | ||
- | https://www.exploit-db.com/exploits/20009 | ||
- | https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py | ||
- | ATutor Authentication Bypass and RCE (2.2.1) CVE-2016-2555 | ||
**Install:** https://sourceforge.net/projects/atutor/files/atutor_2_2_1/ | **Install:** https://sourceforge.net/projects/atutor/files/atutor_2_2_1/ | ||
+ | |||
https://www.exploit-db.com/exploits/39514 | https://www.exploit-db.com/exploits/39514 | ||
+ | |||
https://srcincite.io/advisories/src-2016-0009/ | https://srcincite.io/advisories/src-2016-0009/ | ||
+ | |||
https://www.exploit-db.com/exploits/39639 | https://www.exploit-db.com/exploits/39639 | ||
+ | |||
https://github.com/atutor/ATutor/commit/d74f1177cfa92ed8e49aa65f724f308b4a3ac5b9 | https://github.com/atutor/ATutor/commit/d74f1177cfa92ed8e49aa65f724f308b4a3ac5b9 | ||
+ | |||
**ATutor LMS Type Juggling Vulnerability (<=2.2.1) CVE-?** | **ATutor LMS Type Juggling Vulnerability (<=2.2.1) CVE-?** | ||
+ | |||
**Install:** https://sourceforge.net/projects/atutor/files/atutor_2_2_1/ | **Install:** https://sourceforge.net/projects/atutor/files/atutor_2_2_1/ | ||
+ | |||
https://srcincite.io/advisories/src-2016-0012/ | https://srcincite.io/advisories/src-2016-0012/ | ||
+ | |||
https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py | https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py | ||
+ | |||
https://github.com/atutor/ATutor/commit/2eed42a74454355eddc7fc119e67af40dba1a94c | https://github.com/atutor/ATutor/commit/2eed42a74454355eddc7fc119e67af40dba1a94c | ||
+ | |||
+ | |||
**Reference: PHP Type Juggling** | **Reference: PHP Type Juggling** | ||
+ | |||
https://www.youtube.com/watch?v=ASYuK01H3Po | https://www.youtube.com/watch?v=ASYuK01H3Po | ||
+ | |||
https://www.netsparker.com/blog/web-security/type-juggling-authentication-bypass-cms-made-simple/ | https://www.netsparker.com/blog/web-security/type-juggling-authentication-bypass-cms-made-simple/ | ||
+ | |||
**ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE CVE-? | **ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE CVE-? | ||
- | Install:** http://archives.manageengine.com/applications_manager/12900 | + | |
+ | Install:** | ||
+ | |||
+ | http://archives.manageengine.com/applications_manager/12900 | ||
https://manageenginesales.co.uk/2018/05/manageengine-applications-manager-build-13730-released/ | https://manageenginesales.co.uk/2018/05/manageengine-applications-manager-build-13730-released/ | ||
+ | |||
https://www.postgresql.org/docs/9.4/functions-binarystring.html | https://www.postgresql.org/docs/9.4/functions-binarystring.html | ||
+ | |||
https://www.mulesoft.com/tcat/tomcat-jsp | https://www.mulesoft.com/tcat/tomcat-jsp | ||
- | Extra: Deserialization Vulnerability | + | |
+ | **Extra: Deserialization Vulnerability** | ||
https://www.geeksforgeeks.org/serialization-in-java/ | https://www.geeksforgeeks.org/serialization-in-java/ | ||
+ | |||
https://github.com/frohoff/ysoserial | https://github.com/frohoff/ysoserial | ||
+ | |||
https://blog.jamesotten.com/post/applications-manager-rce/ | https://blog.jamesotten.com/post/applications-manager-rce/ | ||
+ | |||
+ | https://www.youtube.com/watch?v=HaW15aMzBUM | ||
+ | |||
+ | https://www.youtube.com/watch?v=fHZKSCMWqF4 | ||
+ | |||
+ | |||
+ | **Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability (1.5.1) CVE-2014-7205 | ||
+ | |||
+ | Install:** | ||
+ | |||
+ | npm install bassmaster@1.5.1 | ||
+ | |||
+ | https://www.npmjs.com/package/bassmaster | ||
+ | |||
+ | https://www.rapid7.com/db/modules/exploit/multi/http/bassmaster_js_injection | ||
+ | |||
+ | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/bassmaster_js_injection.rb | ||
+ | |||
+ | https://www.exploit-db.com/exploits/40689 | ||
+ | |||
+ | https://vulners.com/nodejs/NODEJS:337 | ||
+ | |||
+ | **DotNetNuke Cookie Deserialization RCE (<9.1.1) CVE-2017-9822 | ||
+ | |||
+ | Install:** | ||
+ | |||
+ | https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v9.1.0 | ||
+ | |||
+ | https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf | ||
+ | |||
+ | https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf | ||
+ | |||
+ | https://gist.github.com/pwntester/72f76441901c91b25ee7922df5a8a9e4 | ||
+ | |||
+ | https://paper.seebug.org/365/ | ||
+ | |||
+ | https://www.youtube.com/watch?v=oUAeWhW5b8c | ||
+ | |||
+ | https://vulners.com/seebug/SSV:96326 | ||
+ | |||
+ | https://www.slideshare.net/MSbluehat/dangerous-contents-securing-net-deserialization | ||
+ | |||
+ | https://www.exploit-db.com/docs/english/44756-deserialization-vulnerability.pdf | ||
+ | |||
+ | |||