XXE Infiltration Lab
Last updated
Last updated
Q1) Knowing which open ports have been discovered by the attacker allows us to understand which services are exposed and potentially targeted. Can you provide the highest numbered port open on the victim web server?
Answer: 3306
Q2) By identifying the vulnerable PHP script, security teams can directly address and mitigate the vulnerability. What's the complete URI of the PHP script vulnerable to XXE Injection?
Answer: /review/upload.php
Q3) To construct the attack timeline and determine the initial point of compromise. What's the name of the first malicious XML file uploaded by the attacker?
Answer: TheGreatGatsby.xml
Q4) Understanding which sensitive files were accessed helps evaluate the breach's potential impact. What's the name of the web app configuration file the attacker read?
Answer: config.php
Q5) Determining the extent of the breach, what's the password of the compromised database user?
Answer: Winter2024
Q6) Following the database user compromise. What's the UTC timestamp of the attacker's first connection with the MySQL server in attempt to utilize the compromised credentials?
The attacker get the username and password for the database at 2024-05-31 12:03:12.
Answer: 2024-05-31 12:08:49
Q7) To eradicate the threat and prevent further unauthorized access, can you identify the name of the web shell the attacker uploaded for remote code execution and persistence?
Answer: booking.php