XML External Entity Injection Demonstration

We covered a demo of XML External Entity Injection along with privilege escalation through exploiting Python eval function. This was part of HackTheBox BountyHunter CREST CRT Track.

BountyHunter is an easy Linux machine that uses XML external entity injection to read system files. Being able to read a PHP file where credentials are leaked gives the opportunity to get a foothold on system as development user. A message from John mentions a contract with Skytrain Inc and states about a script that validates tickets. Auditing the source code of the python script reveals that it uses the eval function on ticket code, which can be injected, and as the python script can be run as root with sudo by the development user it is possible to get a root shell.

Get OSCP Notes

Video Walkthrough

CREST CRT track, CTF Writeups, HackTheBox, HackTheBox BountyHunter

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

XML External Entity Injection Demonstration | HTB BountyHunter | CREST CRT Track

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Press ESC to close

XML External Entity Injection Demonstration | HTB BountyHunter | CREST CRT Track

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

Penetration Testing 101 | TryHackMe Pentesting Fundamentals

HackTheBox EvilCUPS Walkthrough | Exploiting Linux CUPS Printers

Windows Forensics With Autopsy & Registry Explorer | TryHackMe Unattended