$$ RED55 $$

Download the VM HERE

Lab Objectives:

Many Capture The Flag (CTF) challenges on platforms like https://ctftime.org include XML External Entity (XXE) exploitation tasks requiring knowledge of general and parameter entities.
In this lab, you’ll uncover a string of the form Flag-SomeValue

First Steps:

You will not have the login credentials to the machine.
Before you power it on, go to the machine settings and give the network adapter a custom MAC address.
- This way you can locate it with the *arp-scan* utility within Kali.
- Don’t use the MAC address I have below. Everyone in the class needs something different.
  - Manually randomize the MAC Address you give your machine!

Once you have started the CTF machine, do the following to determine the IP Address of the target:

arp-scan --localnet | grep -i aa:bb:cc 
#Comment grep for the MAC address you gave your machine in the previous step.
#You should grep for the entire MAC address, not just the first 6 characters.

You should grep for the entire MAC Address!
- Use all 12 Hex characters in your grep

Untitled

An initial NMAP scan shows we have a website on port 80.

nmap -sC -sV IP_OF_TARGET_VM

The webpage allows us to upload a `.xml` file and provides a template we can use to get started.

Click on the template.

View the page source and copy the template provided.