Download Latest Version
ctf_xxe_ubuntu.vmwarevm.7z (1.9 GB)
Get an email when there's a new version of xxe
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| xxereadme.txt | 2015-03-10 | 671 Bytes | |
| ctf_xxe_ubuntu.vmwarevm.7z | 2015-03-10 | 1.9 GB | |
| Totals: 2 Items | 1.9 GB | 3 |
The VM when unzipped should be loaded in a secure environment with host only networking capabilities. Once loaded one can login with a user account of 'ctf' and a password of 'password' The VM is a Ubuntu distribution that has a vulnerabality in a weakly configured XML parser that allows an attacker to gain access to confidential data. Users who gain access to that data can that attempt to post their finding on a leaderboard on that VM at localhost/polloshermanos/. This vulnerable VM was used in multiple CTF events including the Breaking Bad CTF at the OWASP APPSEC. Spoiler information can be obtained via the OWASP project page for Vicnum.