OSWE Preparation Lab 1

Good luck

After doing the AWAE course, I felt like I needed to do more practice. There are other materials such as the HTB boxes similar to OSWE. I am just adding to the collection.

Recently, there was a vulnerability reported in Zentao Pro 8.8.2 that can result in remote command execution.

This blog will just guide you through how to set up the lab and it will have some tips for you to get you going. I would rank this vulnerability as EASY.

Lab Set Up:

  1. Create a Windows VM
  2. Download and install Zentao Pro 8.8.2
  3. Install git ( you will need this to go through one of the use cases).
  4. Install a text editor of your choice, this will help you go through the files.
  5. Log in with admin:123456 and change the password so its ready.
  6. Set up the attacker VM and lab VM on a host only/internal network and make sure they can connect.

After this, you’re ready to go.

Master List / Questions to ask to get you going:

  • What is the purpose of the application.
  • What features are there.
  • Go through the different use cases for the application.
  • What sensitive functions are there related to the technologies used.
  • If you’re really stuck, you can go through the exploit on exploitdb to guide you.

The next blog will describe the process / decision making I used for finding the vulnerability.

Good luck on this challenge.





Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

2021 Might Haunt You into the New Year Unless You Address These Vulnerabilities

Vulnerability Management and Penetration Testing on AWS Cloud

{UPDATE} Anger Of Stick 4 Hack Free Resources Generator

Alternative Risk Financing: Rise of the Captives

Journey To Networking [Part:4]

Come join us at Bignite and win some free cash.

{UPDATE} 逃脱者2 - The Escapists 2 口袋版 Hack Free Resources Generator

ZKCHAOS Dual IDO Re-launch Announcement

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam C

Adam C


More from Medium

SOC167 — LS Command Detected in Requested URL

All About CEH Practical/Experience

A Guide to the OSWE Certification — Feraverse Security

Zero-Day Vulnerability Explained