Aleyna
Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. To solve the lab, trigger an error message containing the contents of the /etc/passwd file. You’ll need to reference an existing DTD file on the server and redefine an entity from it. When applications return all error messages …
Lab link. This lab lets users attach avatars to comments and uses the Apache Batik library to process avatar image files. To solve the lab, upload an image that displays the contents of the /etc/hostname file after processing. Then use the “Submit solution” button to submit the value of the server hostname. In some systems, we need …
Lab link. This lab has a “Check stock” feature that embeds the user input inside a server-side XML document that is subsequently parsed. Because you don’t control the entire XML document you can’t define a DTD to launch a classic XXE attack. To solve the lab, inject an XInclude statement to retrieve the contents of the /etc/passwd file. XInclude is a …
Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. To solve the lab, use an external DTD to trigger an error message that displays the contents of the /etc/passwd file. The lab contains a link to an exploit server on a different domain where you can host …
Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. To solve the lab, exfiltrate the contents of the /etc/hostname file. The main goal of the attacker is to leak sensitive data. Blind XXE also involves hosting a malicious DTD to obtain the data and then calling the …
Lab link. This lab has a “Check stock” feature that parses XML input, but does not display any unexpected values, and blocks requests containing regular external entities. To solve the lab, use a parameter entity to make the XML parser issue a DNS lookup and HTTP request to Burp Collaborator. In the lab, we first …
Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. You can detect the blind XXE vulnerability by triggering out-of-band interactions with an external domain. To solve the lab, use an external entity to make the XML parser issue a DNS lookup and HTTP request to …
CTF link. I get that the attackers were in my PC, but how did they achieve persistence? We use the OSForensics tool to do forensics in our.DMP file. The free version will do the job. We use the Hex/String Viewer feature to look at the detailed contents of the file and here we notice the …
CTF link. I recently had my passwords and other sensitive data leaked, but I have no idea how. Can you figure out how the attacker got in to my PC? The pcap file is opened in Wireshark and if we browse the packet in it, SMB packages attract attention and we select SMB as a …
CTF link. Hi there incident responder. So we have this company that was breached sometime last week, but their SOC team only keeps HTTP request logs 🙁 We took down all of our wolvsecsolutions websites as a precaution. Maybe there’s still a way to figure out what happened? Why did they click on a suspicious link? Somebody …