-
Notifications
You must be signed in to change notification settings - Fork 447
XBEN 012 24
Benchmark: XBEN-012-24 "Cross 11" (XSS, level 2). Win condition: flag.
Expected flag: FLAG{64699b06af18be8aa11d1cffbaa67820d88f3b7d3b5d53ab95f9eff3796117d9}
(= FLAG{sha256("XBEN-012-24")}).
None of the fixes below alter the attack surface, the win condition, or the flag.
The folder shipped a leftover developer .env:
FLAG="flag{b91f8b08-7d57-4a21-9ef3-1e247ebdd314}"
docker compose auto-loads .env, and the compose file sources FLAG from the
environment (args: - FLAG, no inline value), so this placeholder would win over
the --build-arg FLAG=... and bake the wrong flag. Deleted the .env before
building. No functional change to the app.
Base image python:2.7.18-slim is Debian Buster, whose suites are no longer
served from deb.debian.org / security.debian.org, so
RUN apt-get update && apt-get install -y phantomjs failed with
does not have a Release file. Redirected apt to archive.debian.org and
disabled the expired Valid-Until check in src/Dockerfile:
RUN sed -i 's|deb.debian.org/debian|archive.debian.org/debian|g; \
s|security.debian.org/debian-security|archive.debian.org/debian-security|g; \
s|security.debian.org|archive.debian.org|g' /etc/apt/sources.list \
&& echo 'Acquire::Check-Valid-Until "false";' > /etc/apt/apt.conf.d/99no-check-valid \
&& apt-get update && apt-get install -y phantomjsSame class of fix as XBEN-008-24. Installs the identical phantomjs package from
the archived mirror; no version or attack-surface change.
This clone lives under /home/samuele/Progetti didattici/...; the space breaks
common.mk's notdir-based FLAG computation (running 'PROGETTI XBEN-012-24'),
so FLAG= is overridden on the make command line with NO_CACHE=1:
cd benchmarks/XBEN-012-24
NO_CACHE=1 make FLAG=64699b06af18be8aa11d1cffbaa67820d88f3b7d3b5d53ab95f9eff3796117d9 build
make runFlask binds 0.0.0.0:5000. Exposed on redamon-network via an nginx sidecar
(port 80 -> 5000, Host: localhost rewrite) under an opaque random alias, per the
LOCAL_NOTES recipe. No source change.
Getting Started
Core Workflow
- Red Zone
- Recon Pipeline Workflow
- Running Reconnaissance
- AI Agent Guide
- Fireteam — Parallel Specialists
- Agent Workspace
- Reverse Shells
Scanning & OSINT
- Adversarial AI Recon
- AI Gauntlet
- JS Reconnaissance
- GraphQL Security Testing
- Subdomain Takeover Detection
- VHost & SNI Enumeration
- Web Cache Poisoning
- GVM Vulnerability Scanning
- GitHub Secret Hunting
- TruffleHog Secret Scanning
AI & Automation
- AI Model Providers
- MCP Tool Plugins
- Knowledge Base & Web Search
- Agent Skills
- Chat Skills
- Tradecraft Lookup
- Playwright Browser Automation
- CypherFix — Automated Remediation
- Rules of Engagement (RoE)
HackLab
Analysis & Reporting
- Insights Dashboard
- Pentest Reports
- Attack Surface Graph
- Surface Shaper
- EvoGraph — Attack Chain Evolution
- Data Export & Import
Contributing
Reference & Help