Skip to main content

One post tagged with "XXE Injection"

XXE (XML eXternal Entity) injection is a web application vulnerability that allows an attacker to inject malicious XML entities into a vulnerable application's parsing process. By exploiting this flaw, attackers can read and disclose sensitive local files, execute system commands, or even escalate privileges. XXE injection typically occurs when user-inputted data is not properly sanitized or validated, allowing attackers to manipulate the XML parser and achieve unauthorized access.

View All Tags

HTB | Markup | Write-Up

· 15 min read

Summary:

We test connectivity to the target and scan it, then enumerate its website and login with some default credentials. Once we have user access, we continue enumerating the site. Analyzing the page source code reveals the used XML version and a potential username.

We exploit the found XXE vulnerability to leak the user's private SSH key, allowing us to access the target machine via SSH and gain user-level access. Next, we grab the user flag. With our foothold established, we enumerate the machine with user-level access until we find a job.bat file that runs with administrator privileges. We exploit this by modifying the scheduled job to run our reverse shell, wait for it to execute, and catch the connection to gain administrative access to the target machine. Finally, we grab the root flag.

Machine Name: Markup | Difficulty: Easy | OS: Windows