Try Hack Me: OWASP Top 10 Room Day 4 of 10

This is a FREE (meaning you don’t have to pay for subscription, just create an account) room on Try Hack Me that contains challenges with a goal to teach one of the OWASP vulnerabilities everyday for 10 days in a row. The challenges are:

Day 1: Injection

Day 2: Broken Authentication

Day 3: Sensitive Data Exposure

Day 4: XML External Entity

Day 5: Broken Access Control

Day 6: Security Misconfiguration

Day 7: Cross-site Scripting

Day 8: Insecure Deserialization

Day 9: Components with Known Vulnerabilities

Day 10: Insufficient Logging & Monitoring

Today’s challenge is Day 4: XML External Entity. I blurred the answers so you will have to do the steps yourself to reveal them.

Below are the challenge questions: (I was assigned a web server IP of 10.10.58.47. Check your assigned IP address, yours will be different from mine). This is a short challenge, only 3 questions in [Task 17] [Day 4] that require your hands to get dirty to retrieve the answers:

• See if you can read the /etc/passwd by using the payload below:

<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY read SYSTEM 'file:///etc/passwd'>]>
<root>&read;</root>

Here’s pasting the payload in the input field

The payload worked and you can read the content of /etc/passwd

1. What is the name of the user in /etc/passwd?

Arrow pointing to the username

2. Where is the user’s SSH key located?

If you have been playing with linux, you should know where SSH keys are located

This payload will also provide us the answer to the next question

3. What are the first 18 characters for the user’s private key?

First 18 characters are blurred

I got all the correct answers

I highly recommend https://tryhackme.com!