OSWE Journey – Module 3

The actual first module of AWAE revolves around an older version of the Atmail e-mail appliance. First we get a brief introduction into Cross-Site Scripting vulnerabilities. First thing you always hear about XSS is “So you can show an alert box, so what?” by people not fully understanding the potential an XSS attack has. Next thing you know, you are abusing the cookies to initiate a Session Riding (CSRF) attack and send e-mails on behalf of your target. Even though the target is none the wiser as you also have to remove both received and sent e-mails eventually.

This is not where the module ends though. As there are other vulnerabilities which can be abused too. So you have to use functions in the Admin portal to change the configuration of the server and use attachments to upload a shell and obtain Remote Code Execution on the server, leading to a shell. Obviously, you can (and should in my opinion) combine the first part of the chapter with the second, and also remove your tracks so that the e-mails are deleted afterwards as can be seen below.

[disclaimer]Offensive Security is very strict about publications, therefore I have been very careful not to include any spoilers or items that cannot be found through the Offensive Security website and syllabus. Please inform me if you think this post is in violation of any of the terms with specifics where you think the violation is at and I will change it accordingly[disclaimer]