没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Warning
All content was taken from the internet and has the credits of their respective researchers
and owners, just access the links. The most I did was gather the information based on my
studies for OSWE together with a friend to help the community. There is no owner of the
material, mainly there was no revision or formatting of the lyrics, as it is something done in a
hurry and taken from a notepad for a document.
Sumário
Warning ......................................................................................................................................... 2
Lab Simulation .............................................................................................................................. 3
Web Traffic Inspection – Burp Suite ............................................................................................ 6
Web Listerning with Python ....................................................................................................... 24
Ruby HTTP Server ....................................................................................................................... 26
dnSpy........................................................................................................................................... 34
ILSpy ............................................................................................................................................ 37
Reverse Engineering by Valdemar Caroe ................................................................................... 40
Analyze Encryption and Decryption using DNSPY ..................................................................... 58
DotNetNuke Vulnerabilities ....................................................................................................... 63
DotNetNuke 07.04.00 - Administration Authentication Bypass ............................................... 66
Decompiling Java Classes ........................................................................................................... 68
Studying Java Programming ....................................................................................................... 75
Vulnerability Challenges ............................................................................................................. 76
Atmail Email Server Appliance 6.4 Remote Code Execution..................................................... 76
XXE Injection ............................................................................................................................... 86
Manual SQL Injection ............................................................................................................... 117
Session Riding and Hijacking .................................................................................................... 135
JavaScript and NodeJS Studying ............................................................................................... 140
JavaScript Prototype Pollution ................................................................................................. 140
Cross-Origin Resource Sharing (CORS) ..................................................................................... 145
Relaxation of the same-origin policy .......................................................................... 145
CSRF and OAUTH ................................................................................................................... 154
XMLHttpRequest ...................................................................................................................... 155
PHP Programming ..................................................................................................................... 178
PHP Type Juggling ..................................................................................................................... 178
Cross Site Scripting ................................................................................................................... 185
Regex ......................................................................................................................................... 189
Server Side Template Injection ................................................................................................ 190
File Upload Restrictions ............................................................................................................ 207
SQL Injection and Blind SQL Injection ...................................................................................... 208
Local File Inclusion .................................................................................................................... 212
Remote Code Execution ........................................................................................................... 220
Insecure Deserialization ........................................................................................................... 224
Server Side Request Forgery .................................................................................................... 226
OSWE Exam Preparation .......................................................................................................... 229
Lab Simulation
https://pentesterlab.com/
https://www.hackthebox.eu/
https://portswigger.net/academy/labs
https://vulnhub.com/
FALAFEL AND POPCORN
• Challenges
o Bypass File Upload Restrictions
• Source code analysis requirments
o Nope
VAULT
• Challenges
o Enumeration
o Port forwarding
o File sharing with netcat
o Use of PGP
• Source code analysis requirments
o Nope
BLOCKY
• Challenges
o Use JD-GUI
o Adapt CVEs Exploits
o Vulnerability Chaining
o Webshells
o Use of PGP
• Source code analysis requirments
o Locate credentials within Jar file (1 file)
o Decompile JAR files
• 2 methods to gain root, the preferred for me is:
o Use the creds to access phpmyadmin
o change user and password
o Access Wordpress and upload a crafted plugin
o Escalate from www-data to root
ARKHAM
• Challenges
o Use cryptsetup to dump/decrypt LUKS disks
o Read Web Application’s Documentation
o Know how to use crypto utility to encrypt a payload
o Know how to use ysoserial to generate an RCE payload via insecure
deserialsiation
• Source code analysis requirments
o Documentation reading
VulnHub
PIPE
• Challenges
o Know how to exploit PHP insecure deserialisation to achieve RCE
• Source code analysis requirements
o Source Code Analysis of 3 PHP files (Boringly simple)
• OSWE Style Walkthrough:
o Pipe
RAVEN2
• Challenges
o Detect missing input validation
o Debug PHP app via code augmentation [big word, small task]
• Source code analysis requirements
o Source Code Analysis of PHPMailer (Important files: 2)
• OSWE Style Walkthrough:
o Raven
HOMELESS
• Challenges
o Know a bit of hashing functions
• Source code analysis requirements
o Source Code Analysis of 3-4 PHP files
• OSWE Style Walkthrough:
o Homeless
TED
• Challenges
o Know how to exploit PHP Local File Inclusion to achieve RCE
• Source code analysis requirements
o Source Code Analysis of a few PHP files
• OSWE Style Walkthrough:
o Ted
FLICK2
• Challenges
o Understand how APIs work
o Know how to decompile/recompile an APK
o A bit of enumeration
• Source code analysis requirements
o Little APK decompiled code analysis
剩余232页未读,继续阅读
资源评论
网络研究观
- 粉丝: 7007
- 资源: 2291
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功