AonCyberLabs/xxe-recursive-download AonCyberLabs/xxe-recursive-download

  • Stars
    star
    228
  • Rank 175,267 (Top 4 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 9 years ago
  • Updated about 9 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
AonCyberLabs/xxe-recursive-download
github

AonCyberLabs

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Description

This tool exploits XXE to retrieve files from a target server. It obtains directory listings and recursively downloads file contents.

Usage:

The script has to be slightly modified to work with different web sites / web services:

  • Set HOST and URL according to your target
  • Change the XML data and the URL of your evil.dtd in the REQUEST_BODY
  • Modify the _parse_response() method to parse the file content from the response.
  • For https: Change the _issue_request method to use HTTPSConnection.

Also, make sure you make the DTD evil.dtd available to the server: python -m SimpleHTTPServer 5678

python xxeclient.py -h
usage: xxeclient.py [-h] path [path ...]

Retrieves files via XXE

positional arguments:
  path        path(s) to the retrieve (e.g. /etc/)

optional arguments:
  -h, --help  show this help message and exit

Vulnerable Example Web Service

The files in xxe-example/ contain a sample vulnerable RESTful web service written in Java using Jersey (inspired by [1]).

To compile and run it using maven run: mvn jetty:run

Debugging:

The JSON and XML files in sample-payloads/ can be used to debug the web service with curl:

curl -v -H "Content-Type:application/json" --upload-file initial.json http://localhost:8080/api/user
curl -v -H "Content-Type:application/xml" --upload-file cdata.xml http://localhost:8080/api/user

[1] https://github.com/rgerganov/xxe-example

More Repositories

1

Windows-Exploit-Suggester

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
Python
3,910
star
2

PadBuster

Automated script for performing Padding Oracle attacks
Perl
736
star
3

Docker-Secure-Deployment-Guidelines

Deployment checklist for securely deploying Docker
599
star
4

EvilAbigail

Automated Linux evil maid attack
Python
419
star
5

Cexigua

Linux based inter-process code injection without ptrace(2)
Shell
238
star
6

SSH-Weak-DH

Python
102
star
7

D-Modem

A software SIP modem
C
96
star
8

Nmap-Scripts

Lua
46
star
9

Fizzer

Fizzer is an assessment tool for fuzzing FIX messages.
C#
28
star
10

mbedtls-fuzz

C
26
star
11

BadSamba

This module is used to exploit startup script execution through Windows Group Policy settings when configured to run off of a remote SMB share.
Ruby
22
star
12

MAM-Security-Checklist

Checklist intended to be used as a baseline for assessing, designing, and testing the security of a MAM (Application Wrapping) solution
19
star
13

BlazorTrafficProcessor

Java
15
star
14

DUALITY

C#
13
star
15

FastInfoset-Burp-Plugin

Burp plugin to convert fast infoset (FI) to/from the text-based XML document format allowing easy editing
Java
12
star
16

LowDLL

C#
7
star
17

aon-password-research

Python
4
star