A simple Data Exfiltration!

Yes, another XXE attack but with the help of a Microsoft Excel file. Without any further due, let’s get started! XXE Attack: I precisely copied what is XXE from the internet and pasted it in my previous blog post, “A journey from XML External Entity (XXE) to NTLM hashes!“. If you want to know about…

Read More

A journey from XML External Entity (XXE) to NTLM hashes!

We will start this blog post with an XML External Entity attack. Furthermore, we will discuss how I was able to capture NTLM v2 hashes using responder and evil-ssdp with the help of that XXE vulnerability. XXE Attack: There is a web security vulnerability that allows an attacker to mess with an application’s XML processing….

Read More