TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

XML External Entity – Beyond /etc/passwd (For Fun & Profit)

BHIS · 2017-04-27 · Read original ↗

ATT&CK techniques detected

3 predictions
T1190Exploit Public-Facing Application
93%
"##nod and a backpipe. so let ’ s trigger the exploit on 10. 0. 0. 4 via the xxe vulnerability. on the attack pc create a netcat listener and execute! looks like a reverse shell! so there you have it. a small tutorial on taking an xml external entity vulnerability from an external…"
T1190Exploit Public-Facing Application
82%
"10610 / since we are getting an index. pl ( perl ) file, i ’ m going to assume cgi is enabled, so this exploit could work. and it works by passing the parameters in a get request, so we can exploit it through the xxe vulnerability on the external facing host. after decrypting the…"
T1190Exploit Public-Facing Application
40%
"the echoed response. so the “ application ” is up and running. good. now we can mess with the parser. let ’ s call some external entities modify “ send. txt ” to be the following. this is a typical xxe attack against a linux system and is a good way to prove the vulnerability exi…"

Summary

<p><img alt="" class="attachment-full size-full wp-post-image" height="857" src="https://www.blackhillsinfosec.com/wp-content/uploads/2017/04/ahhh_pivot.png" width="742" /></p> <p>Robert Schwass*// &#160; Last week I was asked twice in one day if I knew what XML External Entity (XXE) Vulnerabilities&#160;were. Maybe they are making a comeback in mainstream security [&#8230;]</p> <p>The post <a href="https://www.blackhillsinfosec.com/xml-external-entity-beyond-etcpasswd-fun-profit/">XML External Entity &#8211; Beyond /etc/passwd (For Fun &#038; Profit)</a> appeared first on <a href="https://www.blackhillsinfosec.com">Black Hills Information Security, Inc.</a>.</p>