Skip to content

Commit 4ae8c29

Browse files
committed
Add entity-smuggler service for XXE lab and update documentation
- Introduced a new service `entity-smuggler` in `docker-compose.yml` for the XML External Entity (XXE) lab, configured with specific network settings and port mappings. - Updated `README.md` to include details about the new lab, including its IP address and port. - Enhanced `additional-labs/README.md` with information on the XXE lab's objectives and setup instructions. - Added Dockerfile, application code, and requirements for the XXE lab in the `additional-labs/XXE` directory, providing a complete educational resource for practicing XXE vulnerabilities.
1 parent 38fa8b4 commit 4ae8c29

7 files changed

Lines changed: 1476 additions & 4 deletions

File tree

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,7 @@ Custom-built labs focusing on specific vulnerability categories (built from `./a
7777
| **sqli-breach** | 10.6.6.33 | 5001 | SQL Injection |
7878
| **shell-inject** | 10.6.6.34 | 5002 | OS Command Injection |
7979
| **maze-walker** | 10.6.6.35 | 5003 | Path/Directory Traversal |
80+
| **entity-smuggler** | 10.6.6.36 | 5013 | XML External Entity (XXE) Injection |
8081

8182
> See [`additional-labs/README.md`](additional-labs/README.md) for detailed documentation on these labs.
8283
@@ -131,6 +132,7 @@ docker compose build --no-cache [container_name]
131132
│ │ dc30_02 .25 sqli-breach .33 │ │
132133
│ │ y-wing .26 shell-inject .34 │ │
133134
│ │ maze-walker .35 │ │
135+
│ │ entity-smuggler.36 │ │
134136
│ └─────────────────────────────────────────────────────────────────────┘ │
135137
│ │
136138
│ ┌─────────────────────────────────────────────────────────────────────┐ │

additional-labs/README.md

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ This directory contains an additional collection of vulnerable web applications
1414
| **sqli-breach** | SQL Injection (Login Bypass) | `http://localhost:5001` | `10.6.6.33` |
1515
| **shell-inject** | OS Command Injection | `http://localhost:5002` | `10.6.6.34` |
1616
| **maze-walker** | Directory/Path Traversal | `http://localhost:5003` | `10.6.6.35` |
17+
| **entity-smuggler** | XML External Entity (XXE) Injection | `http://localhost:5013` | `10.6.6.36` |
1718

1819
### Container Naming Theme
1920

@@ -25,6 +26,7 @@ The containers follow a sci-fi/cybersecurity naming convention:
2526
- **sqli-breach** — Breaching the database oracle to extract secrets
2627
- **shell-inject** — When user input becomes system commands
2728
- **maze-walker** — Traversing forbidden paths through the file system labyrinth
29+
- **entity-smuggler** — External entities smuggling data through XML parsing
2830

2931
## Getting Started
3032

@@ -43,7 +45,7 @@ These labs are now part of the main WebSploit environment. From the **root direc
4345

4446
2. Or start only the additional labs:
4547
```bash
46-
docker compose up -d hydra-nexus phantom-script trojan-relay sqli-breach shell-inject maze-walker
48+
docker compose up -d hydra-nexus phantom-script trojan-relay sqli-breach shell-inject maze-walker entity-smuggler
4749
```
4850

4951
3. Verify containers are running:
@@ -62,14 +64,14 @@ docker compose down
6264

6365
To stop only the additional labs:
6466
```bash
65-
docker compose stop hydra-nexus phantom-script trojan-relay sqli-breach shell-inject maze-walker
67+
docker compose stop hydra-nexus phantom-script trojan-relay sqli-breach shell-inject maze-walker entity-smuggler
6668
```
6769

6870
### Rebuilding After Changes
6971

7072
If you modify the lab source code:
7173
```bash
72-
docker compose build --no-cache hydra-nexus phantom-script trojan-relay sqli-breach shell-inject maze-walker
74+
docker compose build --no-cache hydra-nexus phantom-script trojan-relay sqli-breach shell-inject maze-walker entity-smuggler
7375
docker compose up -d
7476
```
7577

@@ -83,6 +85,7 @@ docker compose up -d
8385
| **sqli-breach** | A login portal vulnerable to SQL Injection authentication bypass. Practice union-based, error-based, and blind SQLi techniques. |
8486
| **shell-inject** | Network tool simulator that demonstrates OS command injection vulnerabilities. Learn filter bypass and chaining techniques. |
8587
| **maze-walker** | File viewer application with path traversal vulnerabilities. Practice LFI, directory traversal, null byte injection, and filter bypasses. |
88+
| **entity-smuggler** | XML processing gateway vulnerable to XXE injection. Practice file disclosure, SSRF via XML, blind XXE, and entity expansion attacks. |
8689

8790
## Network Architecture
8891

@@ -96,7 +99,8 @@ docker compose up -d
9699
│ ├── trojan-relay 10.6.6.32:5012 │
97100
│ ├── sqli-breach 10.6.6.33:5000 → localhost:5001 │
98101
│ ├── shell-inject 10.6.6.34:5000 → localhost:5002 │
99-
│ └── maze-walker 10.6.6.35:81 → localhost:5003 │
102+
│ ├── maze-walker 10.6.6.35:81 → localhost:5003 │
103+
│ └── entity-smuggler 10.6.6.36:5013 │
100104
└─────────────────────────────────────────────────────────────┘
101105
```
102106

additional-labs/XXE/Dockerfile

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
FROM python:3.9-slim
2+
3+
WORKDIR /app
4+
COPY xxe_app.py .
5+
COPY requirements.txt .
6+
7+
RUN pip install --no-cache-dir -r requirements.txt
8+
9+
EXPOSE 5013
10+
CMD ["python", "xxe_app.py"]
11+

0 commit comments

Comments
 (0)