XXE Valid use case This is a non-malicious example of how external entities are used: <?xml version="1.0" standalone="no" ?> <!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM "http://www.xmlwriter.net/copyright.xml"> ]> <copyright>&c;</copyright> Resource: https://xmlwriter.net/xml_guide/entity_declaration.shtml Testing methodology Once you’ve intercepted the POST to the vulnerable page, see if you can get the system to do what it would normally, but with entities: <?xml version="1.0"?> <!DOCTYPE a [ <!ENTITY test "THIS IS A STRING!">] > <methodCall><methodName>&test;</methodName></methodCall> If that worked, let’s see if you can read files off of the system: ...

Powershell Enable ISE using powershell In the few months that I’ve been developing powershell, I’ve found the ISE to be incredibly useful. If you get on a new machine and the ISE isn’t there, here’s how you can get it going in the powershell terminal: Import-Module ServerManager Add-WindowsFeature Powershell-ISE Securely store credentials in XML for Import Start out by storing your username and password (in a SecureString format) in a PSCredential object: ...