Aleyna
Lab link. This lab has a “Check stock” feature that embeds the user input inside a server-side XML document that is subsequently parsed. Because you don’t control the entire XML document you can’t define a DTD to launch a classic XXE attack. To solve the lab, inject an XInclude statement to retrieve the contents of the /etc/passwd file. XInclude is a …
Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. To solve the lab, use an external DTD to trigger an error message that displays the contents of the /etc/passwd file. The lab contains a link to an exploit server on a different domain where you can host …
Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. To solve the lab, exfiltrate the contents of the /etc/hostname file. The main goal of the attacker is to leak sensitive data. Blind XXE also involves hosting a malicious DTD to obtain the data and then calling the …
Lab link. This lab has a “Check stock” feature that parses XML input, but does not display any unexpected values, and blocks requests containing regular external entities. To solve the lab, use a parameter entity to make the XML parser issue a DNS lookup and HTTP request to Burp Collaborator. In the lab, we first …
Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. You can detect the blind XXE vulnerability by triggering out-of-band interactions with an external domain. To solve the lab, use an external entity to make the XML parser issue a DNS lookup and HTTP request to …
CTF link. I get that the attackers were in my PC, but how did they achieve persistence? We use the OSForensics tool to do forensics in our.DMP file. The free version will do the job. We use the Hex/String Viewer feature to look at the detailed contents of the file and here we notice the …
CTF link. I recently had my passwords and other sensitive data leaked, but I have no idea how. Can you figure out how the attacker got in to my PC? The pcap file is opened in Wireshark and if we browse the packet in it, SMB packages attract attention and we select SMB as a …
CTF link. Hi there incident responder. So we have this company that was breached sometime last week, but their SOC team only keeps HTTP request logs 🙁 We took down all of our wolvsecsolutions websites as a precaution. Maybe there’s still a way to figure out what happened? Why did they click on a suspicious link? Somebody …
CTF link. We need to search for a social media account, again we do a simple search and discover a Facebook page. When we check his Facebook account, we come across a video. If we pause the video while closing the screen sharing at the end of the video, we find a discord channel. We …
CTF link. A new ransomware group you may have heard about has emerged: WOLPHV There’s already been reports of their presence in articles and posts. NOTE: Wolphv’s twitter/X account and https://wolphv.chal.wolvsec.org/ are out of scope for all these challenges. Any flags found from these are not a part of these challenges This is a start to a 5 part series …