OSWE-Prep

July 30, 2021 · View on GitHub

Useful tips and resources for preparing for exam.

Learning Material

Order	Name	Link
1	A Deep Dive into XXE	https://www.synack.com/blog/a-deep-dive-into-xxe-injection/
2	Testing and Exploiting Java Deserialization	https://afinepl.medium.com/testing-and-exploiting-java-deserialization-in-2021-e762f3e43ca2
3	Understanding Java Deserialization	https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/
4	Exploiting_and_Preventing_Deserialization_Vulnerabilities	https://owasp.org/www-chapter-vancouver/assets/presentations/2020-05_Exploiting_and_Preventing_Deserialization_Vulnerabilities.pdf
5	PHP Magic Tricks Type Juggling	https://owasp.org/www-pdf-archive/PHPMagicTricks-TypeJuggling.pdf
6	Paul's Security Weekly #572- Type Juggling	https://www.youtube.com/watch?v=ASYuK01H3Po
7	Ippsec PHP Deserialization and PHAR Deserialization	https://www.youtube.com/watch?v=HaW15aMzBUM, https://www.youtube.com/watch?v=fHZKSCMWqF4
8	Code that gets you pwn(s\|'d) - snyff	https://www.youtube.com/watch?v=BNHKlj-PMDc
9	Hacktricks SQL Injection	https://book.hacktricks.xyz/pentesting-web/sql-injection
10	Understanding PHP Object Injection	https://securitycafe.ro/2015/01/05/understanding-php-object-injection/
11	Attacking .NET deserialization - Alvaro Muñoz	https://www.youtube.com/watch?v=eDfGpu3iE4Q
12	Hacktricks File Upload	https://book.hacktricks.xyz/pentesting-web/file-upload

Practice Labs

Note: Only topics from the course will come up on the exam in most cases with slight variations.

Order	Name	Type	Link
1	SECURECODE	VulnHub - Free	https://www.vulnhub.com/entry/securecode-1,651/
2	Cryptobank1	VulnHub - Free	https://www.vulnhub.com/entry/cryptobank-1,467/
3	PentesterLab - SQLi to Shell - MySQL	Pentesterlab - Free	https://pentesterlab.com/exercises/from_sqli_to_shell/course
4	PentesterLab - SQLi to Shell 2 - MySQL	Pentesterlab - Free	https://www.pentesterlab.com/exercises/from_sqli_to_shell_II/course
5	PentesterLab - SQLi to Shell - Postgres	Pentesterlab - Free	https://pentesterlab.com/exercises/from_sqli_to_shell_pg_edition/course
6	Java Deserialization WebApp	GitHub - Free	https://github.com/hvqzao/java-deserialize-webapp
7	XSS and MySQL FILE	Pentesterlab - Free	https://pentesterlab.com/exercises/xss_and_mysql_file/course, https://sarthaksaini.com/2019/awae/xss-rce.html
8	Zors	VulnHub - Free	https://www.vulnhub.com/entry/tophatsec-zorz,117/
9	XXE-Study	GitHub - Free	https://github.com/HLOverflow/XXE-study
10	GoSecure - Template Injection Workshop	Workshop - Free	https://gosecure.github.io/template-injection-workshop/, https://www.youtube.com/watch?v=I7xQZOvZzIw
11	GoSecure - XXE Workshop	Workshop - Free	https://gosecure.github.io/xxe-workshop/
12	Pwnworks	.NET Deserialization Github - Free	https://github.com/abhisek/pwnworks/tree/master/challenges/dotnet-deserialization
13	dev/random/pipe	PHP Deserialization VulnHub - Free	https://www.vulnhub.com/entry/devrandom-pipe,124/

Vulnerability Writeups

Real world examples

Order	Name	Link
1	Reflected XSS to Account Takeover	https://medium.com/a-bugz-life/from-reflected-xss-to-account-takeover-showing-xss-impact-9bc6dd35d4e6
2	dotCMS 5.1.5: Exploiting H2 SQL injection to RCE	https://blog.sonarsource.com/dotcms515-sqli-to-rce?redirect=rips
3	ATutor Authentication Bypass	https://rebraws.github.io/ATutorAuthBypass/

Scripting

Python examples of pocs that can be used for write single click pocs

Order	Name	Type
1	Python requests documentation	https://docs.python-requests.org/en/master/
2	HTB Scripts	https://github.com/s0j0hn/AWAE-OSWE-Prep
3	OutHackThem - Single Script Exploit	https://github.com/wetw0rk/AWAE-PREP/tree/master/Community%20Contributions%20%26%20Enhancements/Code%20Improvements/XSS%20and%20MySQL/OutHackThem%20-%20Single%20Script%20Exploit
4	SQLi scripts	https://github.com/wetw0rk/AWAE-PREP/tree/master/Community%20Contributions%20%26%20Enhancements/Challenges/PortSwigger
5	A python based blind SQL injection exploitation script	https://github.com/21y4d/blindSQLir

Cheat Sheets

Order	Name	Link
1	reverse shell cheat sheet	https://highon.coffee/blog/reverse-shell-cheat-sheet/
2	Payload All the Things	https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files, https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Deserialization
3	sql injection cheat sheet	https://portswigger.net/web-security/sql-injection/cheat-sheet
4	Java Deserialization Cheat Sheet	https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md
5	Deserialization Cheat Sheet	https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Deserialization_Cheat_Sheet.md
6	SQL Injection Cheat Sheet	https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/#StringwithoutQuotes
7	PHP Object Injection Cheat Sheet	https://nitesculucian.github.io/2018/10/05/php-object-injection-cheat-sheet/

Exam Resources and Reporting

Exam related resources that might be useful

Order	Name	Link
1	Proctoring Student Manual	https://help.offensive-security.com/hc/en-us/articles/360050299352-Proctoring-Tool-Student-Manual
2	OSWE Exam Guide	https://help.offensive-security.com/hc/en-us/articles/360046869951l
3	Offsec Report Tempalte Generator	https://github.com/noraj/OSCP-Exam-Report-Template-Markdown
4	oswe review - tips and tricks	https://www.youtube.com/watch?v=ElZ7fFE9Gr4
5	OSWE Review (AWAE Course)	https://stacktrac3.co/oswe-review-awae-course/#Losing_Steam_and_Yolo%E2%80%99ing_It

HTB Writeups

Hackthebox writeups with vulnerabilities and exploitation paths similiar to lab and course content. Video walkthroughs of these writeups can also be found here

Order	Machine Name	Vulnerability	Link
1	Popcorn	Insecure File Upload	https://0xdf.gitlab.io/2020/06/23/htb-popcorn.html
2	Vault	Insecure File Upload	https://0xrick.github.io/hack-the-box/vault/
3	Arkham	Java Deserialization	https://0xrick.github.io/hack-the-box/arkham/
4	Jsonl	.NET Deserialization	https://0xdf.gitlab.io/2020/02/15/htb-json.html
5	Cereal	Authentication Bypass	https://0xdf.gitlab.io/2021/05/29/htb-cereal.html
6	Celestial	Node Deserialization	https://0xdf.gitlab.io/2018/08/25/htb-celestial.html
7	Unattendedl	SQL Injection (MySQL)	https://0xrick.github.io/hack-the-box/unattended/
8	Ghoul	Zip Traversal	https://0xrick.github.io/hack-the-box/ghoul/
9	Falafel	SQL Injection (MySQL), Type Juggling	https://0xdf.gitlab.io/2018/06/23/htb-falafel.html
10	Fighter	SQL Injection (MS-SQL)	https://fdlucifer.github.io/2020/06/03/fighter/

Pre/Post-AWAE

Good resources to learn before starting AWAE or after finishing your OSWE exam

Order	Name	Link
1	Exploiting Second Order SQLi Flaws by using Burp & Custom Sqlmap Tamper	https://pentest.blog/exploiting-second-order-sqli-flaws-by-using-burp-custom-sqlmap-tamper/
2	Pentesterlab Free	https://www.pentesterlab.com/exercises?only=free
3	Portswigger Websecurityacademy	https://portswigger.net/web-security/all-labs
4	How to Test Horizontal & Vertical Authorization Issues in Web Application	https://pentest.blog/how-to-test-horizontal-vertical-authorization-issues-in-web-application/
5	OWASP Code Review Guide	https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf/
6	Security .NET Deserialization	https://www.slideshare.net/MSbluehat/dangerous-contents-securing-net-deserialization, https://www.youtube.com/watch?v=oxlD8VWWHE8
7	Friday the 13th: JSON Attacks	https://www.youtube.com/watch?v=oUAeWhW5b8c
8	Hacker101 - Source Code Review	https://www.hacker101.com/sessions/source_review.html