Exam Objective:

Session 01: Introduction

Session 02: Tools & Methodologies

Session 03: Atmail Mail Server Appliance: from XSS to RCE

Session 04: ATutor Authentication Bypass and RCE

Session 05: ATutor LMS Type Juggling Vulnerability

Session 06: ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE

Session 07: Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability

Session 08: DotNetNuke Cookie Deserialization RCE

Detailed Syllabus:

Session 01: Introduction

Session 02: Tools & Methodologies

Web Traffic Inspection
Interacting with Web Listeners with Python
Source Code Recovery

Session 03: Atmail Mail Server Appliance: from XSS to RCE

Getting Started
Atmail Vulnerability Discovery
Session Riding
Gaining Remote Code Execution

Session 04: ATutor Authentication Bypass and RCE

Getting Started
Initial Vulnerability Discovery
A Brief Review of Blind SQL Injections
Digging Deeper
Data Exfiltration
Subverting the ATutor Authentication
Authentication Gone Bad
Bypassing File Upload Restrictions
Gaining Remote Code Execution

Session 05: ATutor LMS Type Juggling Vulnerability

Getting Started
PHP Loose and Strict Comparisons
PHP String Conversion to Numbers
Vulnerability Discovery
Attacking the Loose Comparison

Session 06: ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE

Getting Started
Vulnerability Discovery
Bypassing Character Restrictions
Blind Bats
Accessing the File System
PostgreSQL Extensions
UDF Reverse Shell
More Shells!!!

Session 07: Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability

Getting Started
Vulnerability Discovery
Triggering the Vulnerability
Obtaining a Reverse Shell

Session 08: DotNetNuke Cookie Deserialization RCE

Introduction
Serialization Basics
DotNetNuke Vulnerability Analysis
Payload Options
Putting it All Together
Ysoserial.net

If You Like What We Do Here On PentesterWorld, You Should Consider:

Stay Connected to: Twitter | Facebook

Subscribe to our email updates: Sign Up Now

 

We are thankful for your support.