The Advent of Cyber: Day 5: XXE - SOC-mas XX-what-ee? (TryHackMe)

J3bitokJ3bitok
1 min read

In this article, we’ll cover the XXE - SOC-mas XX-what-ee? write-up as the Day 5 challenge of the Advent of Cyber event challenge. It was interesting to navigate Web Security for an e-commerce gifting site using PortSwigger’s XML external entity (XXE) injection. We’re still at Wareville for SOC-mas!

  1. What is the flag discovered after navigating through the wishes? THM{Brut3f0rc1n6_mY_w4y}

  2. What is the flag seen on the possible proof of sabotage? THM{m4y0r_m4lw4r3_b4ckd00rs}

  3. If you want to learn more about the XXE injection attack, check out the XXE room!

  4. Following McSkidy's advice, Software recently hardened the server. It used to have many unneeded open ports, but not anymore. Not that this matters in any way.

Thank you for reading this article. Please leave a comment with your thoughts, areas for improvement, other suggestions, and questions. Stay secure until the next one!

0
Subscribe to my newsletter

Read articles from J3bitok directly inside your inbox. Subscribe to the newsletter, and don't miss out.

xxeportswiggertryhackmeAdventOfCyber2024Write Up

Written by

J3bitok
J3bitok

Software Developer Learning Cloud and Cybersecurity Open for roles * If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship you can book a session with me on Mentorlst.com.