Open in app

Sign in

Write

Sign in

Advent of Cyber 2024: Day 5 SOC-mas XX-what-ee?

Ansul Kotadia
3 min readDec 6, 2024

--

Welcome to Day 5 of TryHackMe’s Advent of Cyber 2024! Today’s challenge takes us through the process of exploiting an XXE (XML External Entity) vulnerability in a web application. Let’s dive into the details.

Learning Objectives

  • Understand the basic concepts related to XML
  • Explore XML External Entity (XXE) and its components
  • Learn how to exploit the vulnerability
  • Understand remediation measures

The Challenge

In this challenge, we’re presented with a “Christmas wishlist” webpage for Wareville. Users can submit gifts to the wishlist, but these submissions are restricted to the elves (403 — Forbidden). The goal is to bypass this restriction by exploiting the XXE vulnerability.

Using Burp Suite, we can intercept the request, modify it, and inject malicious XML code to exploit the vulnerable parser.

Crafting the Exploit

We first intercept the request using Burp Suite, then inject the following XML payload:

This payload tries to access the system’s /etc/passwd file, a common file to check when testing for XXE vulnerabilities. After sending the modified request, we receive a response with information about the local system, confirming that the XXE vulnerability exists.

Navigating the Wishes

The next task is to find the flag hidden among the “wishes.” We’re told to iterate through up to 20 wishes to locate the flag. By modifying our payload to access the wishlist data, we proceed with the iterations. After reviewing the first few wishes, on the 15th one, we find the following flag:

THM{Brut3f0rc1n6_mY_w4y}

Locating the Proof of Sabotage Flag

Now that we have our first flag, the challenge directs us to investigate the /changelog directory on the website for another potential flag related to sabotage. After forwarding the request through Burp Suite, we access the changelog and discover the second flag:

THM{m4y0r_m4lw4r3_b4ckd00rs}

Questions

#1. What is the flag discovered after navigating through the wishes?
Answer: THM{Brut3f0rc1n6_mY_w4y}

#2. What is the flag seen on the possible proof of sabotage?
Answer: THM{m4y0r_m4lw4r3_b4ckd00rs}

Conclusion

This challenge was a great opportunity to learn about XXE vulnerabilities and practice exploiting them using Burp Suite. By modifying XML requests, we were able to extract sensitive data and uncover hidden flags. If you enjoyed this challenge, I highly recommend checking out TryHackMe’s XXE room for more hands-on experience with this type of vulnerability.

Thank you!

Tryhackme
Tryhackme Walkthrough
Tryhackme Writeup
Advent Of Cyber 2024
Advent Of Cyber Day 5

--

--

Ansul Kotadia
Ansul Kotadia

Written by Ansul Kotadia

75 Followers
90 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams