Skip to content

attacker-codeninja/OSWE-Prep

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits

README.md

README.md

 
 

Repository files navigation

OSWE-Prep

Useful tips and resources for preparing for exam.

Learning Material

Order Name Link
1 A Deep Dive into XXE https://www.synack.com/blog/a-deep-dive-into-xxe-injection/
2 Testing and Exploiting Java Deserialization https://afinepl.medium.com/testing-and-exploiting-java-deserialization-in-2021-e762f3e43ca2
3 Understanding Java Deserialization https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/
4 Exploiting_and_Preventing_Deserialization_Vulnerabilities https://owasp.org/www-chapter-vancouver/assets/presentations/2020-05_Exploiting_and_Preventing_Deserialization_Vulnerabilities.pdf
5 PHP Magic Tricks Type Juggling https://owasp.org/www-pdf-archive/PHPMagicTricks-TypeJuggling.pdf
6 Paul's Security Weekly #572- Type Juggling https://www.youtube.com/watch?v=ASYuK01H3Po
7 Ippsec PHP Deserialization and PHAR Deserialization https://www.youtube.com/watch?v=HaW15aMzBUM, https://www.youtube.com/watch?v=fHZKSCMWqF4
8 Code that gets you pwn(s|'d) - snyff https://www.youtube.com/watch?v=BNHKlj-PMDc
9 Hacktricks SQL Injection https://book.hacktricks.xyz/pentesting-web/sql-injection
10 Understanding PHP Object Injection https://securitycafe.ro/2015/01/05/understanding-php-object-injection/
11 Attacking .NET deserialization - Alvaro Muñoz https://www.youtube.com/watch?v=eDfGpu3iE4Q
12 Hacktricks File Upload https://book.hacktricks.xyz/pentesting-web/file-upload

Practice Labs

Note: Only topics from the course will come up on the exam in most cases with slight variations.

Order Name Type Link
1 SECURECODE VulnHub - Free https://www.vulnhub.com/entry/securecode-1,651/
2 Cryptobank1 VulnHub - Free https://www.vulnhub.com/entry/cryptobank-1,467/
3 PentesterLab - SQLi to Shell - MySQL Pentesterlab - Free https://pentesterlab.com/exercises/from_sqli_to_shell/course
4 PentesterLab - SQLi to Shell 2 - MySQL Pentesterlab - Free https://www.pentesterlab.com/exercises/from_sqli_to_shell_II/course
5 PentesterLab - SQLi to Shell - Postgres Pentesterlab - Free https://pentesterlab.com/exercises/from_sqli_to_shell_pg_edition/course
6 Java Deserialization WebApp GitHub - Free https://github.com/hvqzao/java-deserialize-webapp
7 XSS and MySQL FILE Pentesterlab - Free https://pentesterlab.com/exercises/xss_and_mysql_file/course, https://sarthaksaini.com/2019/awae/xss-rce.html
8 Zors VulnHub - Free https://www.vulnhub.com/entry/tophatsec-zorz,117/
9 XXE-Study GitHub - Free https://github.com/HLOverflow/XXE-study
10 GoSecure - Template Injection Workshop Workshop - Free https://gosecure.github.io/template-injection-workshop/, https://www.youtube.com/watch?v=I7xQZOvZzIw
11 GoSecure - XXE Workshop Workshop - Free https://gosecure.github.io/xxe-workshop/
12 Pwnworks .NET Deserialization Github - Free https://github.com/abhisek/pwnworks/tree/master/challenges/dotnet-deserialization
13 dev/random/pipe PHP Deserialization VulnHub - Free https://www.vulnhub.com/entry/devrandom-pipe,124/

Vulnerability Writeups

Real world examples

Order Name Link
1 Reflected XSS to Account Takeover https://medium.com/a-bugz-life/from-reflected-xss-to-account-takeover-showing-xss-impact-9bc6dd35d4e6
2 dotCMS 5.1.5: Exploiting H2 SQL injection to RCE https://blog.sonarsource.com/dotcms515-sqli-to-rce?redirect=rips

Scripting

Python examples of pocs that can be used for write single click pocs

Order Name Type Link
1 Python requests documentation https://docs.python-requests.org/en/master/
2 HTB Scripts https://github.com/s0j0hn/AWAE-OSWE-Prep
3 OutHackThem - Single Script Exploit https://github.com/wetw0rk/AWAE-PREP/tree/master/Community%20Contributions%20%26%20Enhancements/Code%20Improvements/XSS%20and%20MySQL/OutHackThem%20-%20Single%20Script%20Exploit
4 SQLi scripts https://github.com/wetw0rk/AWAE-PREP/tree/master/Community%20Contributions%20%26%20Enhancements/Challenges/PortSwigger
5 A python based blind SQL injection exploitation script https://github.com/21y4d/blindSQLir

Cheat Sheets

Order Name Link
1 reverse shell cheat sheet https://highon.coffee/blog/reverse-shell-cheat-sheet/
2 Payload All the Things https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files, https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Deserialization
3 sql injection cheat sheet https://portswigger.net/web-security/sql-injection/cheat-sheet
4 Java Deserialization Cheat Sheet https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md
5 Deserialization Cheat Sheet https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Deserialization_Cheat_Sheet.md
6 SQL Injection Cheat Sheet https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/#StringwithoutQuotes
7 PHP Object Injection Cheat Sheet https://nitesculucian.github.io/2018/10/05/php-object-injection-cheat-sheet/

Exam Resources and Reporting

Exam related resources that might be useful

Order Name Link
1 Proctoring Student Manual https://help.offensive-security.com/hc/en-us/articles/360050299352-Proctoring-Tool-Student-Manual
2 OSWE Exam Guide https://help.offensive-security.com/hc/en-us/articles/360046869951l
3 Offsec Report Tempalte Generator https://github.com/noraj/OSCP-Exam-Report-Template-Markdown
4 oswe review - tips and tricks https://www.youtube.com/watch?v=ElZ7fFE9Gr4
5 OSWE Review (AWAE Course) https://stacktrac3.co/oswe-review-awae-course/#Losing_Steam_and_Yolo%E2%80%99ing_It

HTB Writeups

Hackthebox writeups with vulnerabilities and exploitation paths similiar to lab and course content. Video walkthroughs of these writeups can also be found here

Order Machine Name Vulnerability Link
1 Popcorn Insecure File Upload https://0xdf.gitlab.io/2020/06/23/htb-popcorn.html
2 Vault Insecure File Upload https://0xrick.github.io/hack-the-box/vault/
3 Arkham Java Deserialization https://0xrick.github.io/hack-the-box/arkham/
4 Jsonl .NET Deserialization https://0xdf.gitlab.io/2020/02/15/htb-json.html
5 Cereal Authentication Bypass https://0xdf.gitlab.io/2021/05/29/htb-cereal.html
6 Celestial Node Deserialization https://0xdf.gitlab.io/2018/08/25/htb-celestial.html
7 Unattendedl SQL Injection (MySQL) https://0xrick.github.io/hack-the-box/unattended/
8 Ghoul Zip Traversal https://0xrick.github.io/hack-the-box/ghoul/
9 Falafel SQL Injection (MySQL), Type Juggling https://0xdf.gitlab.io/2018/06/23/htb-falafel.html
10 Fighter SQL Injection (MS-SQL) https://fdlucifer.github.io/2020/06/03/fighter/

Pre/Post-AWAE

Good resources to learn before starting AWAE or after finishing your OSWE exam

Order Name Link
1 Exploiting Second Order SQLi Flaws by using Burp & Custom Sqlmap Tamper https://pentest.blog/exploiting-second-order-sqli-flaws-by-using-burp-custom-sqlmap-tamper/
2 Pentesterlab Free https://www.pentesterlab.com/exercises?only=free
3 Portswigger Websecurityacademy https://portswigger.net/web-security/all-labs
4 How to Test Horizontal & Vertical Authorization Issues in Web Application https://pentest.blog/how-to-test-horizontal-vertical-authorization-issues-in-web-application/
5 OWASP Code Review Guide https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf/
6 Security .NET Deserialization https://www.slideshare.net/MSbluehat/dangerous-contents-securing-net-deserialization, https://www.youtube.com/watch?v=oxlD8VWWHE8
7 Friday the 13th: JSON Attacks https://www.youtube.com/watch?v=oUAeWhW5b8c

About

Useful tips and resources for preparing for the AWAE exam.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published