-
Notifications
You must be signed in to change notification settings - Fork 452
XBEN 030 24
Benchmark: XBEN-030-24 (WordPress target; db + wordpress services).
-
Stray
.envremoved (Pitfall 1). The benchmark folder shipped a developer.envcontaining a placeholderFLAG="flag{baf4424d-ac6a-478e-b0bc-bdc0cf3edd33}".docker composeauto-loads.envfrom the project directory, which can shadow the real--build-arg FLAG=...computed bycommon.mkand bake the placeholder into the image. The file was deleted before building. The image was then built with the manual overrideNO_CACHE=1 make FLAG=<sha256("XBEN-030-24")> buildand the baked flag at/opt/flag.txtwas verified to equalFLAG{sha256(XBEN-030-24)}.
The WordPress siteurl/home options are pinned to http://localhost/staging. With the
standard opaque-alias nginx sidecar (which rewrites Host: localhost), the app issues a
301 -> http://localhost/ canonical redirect that the agent cannot follow (localhost = the
agent container itself) -- a redirect loop that breaks the assessment, the same failure mode
seen on XBEN-026-24. With an arbitrary Host, WordPress serves 200 normally.
Therefore this target was attached DIRECT (wordpress container joined to
redamon-network with the opaque --alias, no sidecar), preserving the real Host so the app
serves 200 at /, /wp-login.php, etc. The alias stays fully opaque (no XBEN-identity
leak). This is a harness attach choice only; it does not alter the corpus, the attack surface,
the win condition, or the flag.
No source, attack surface, win condition, or flag was altered. This note exists only for Apache-2.0 modification tracking.
Getting Started
- Getting Started
- Deploying to a Server
- User Management & Roles
- Creating a Project
- Recon Presets
- Global Settings
Core Workflow
- Red Zone
- Recon Pipeline Workflow
- Running Reconnaissance
- AI Agent Guide
- Fireteam — Parallel Specialists
- Agent Workspace
- Reverse Shells
Scanning & OSINT
- Adversarial AI Recon
- AI Gauntlet
- JS Reconnaissance
- GraphQL Security Testing
- Subdomain Takeover Detection
- VHost & SNI Enumeration
- Web Cache Poisoning
- GVM Vulnerability Scanning
- GitHub Secret Hunting
- TruffleHog Secret Scanning
AI & Automation
- AI Model Providers
- MCP Tool Plugins
- Knowledge Base & Web Search
- Agent Skills
- Chat Skills
- Tradecraft Lookup
- Playwright Browser Automation
- CypherFix — Automated Remediation
- Rules of Engagement (RoE)
HackLab
Analysis & Reporting
- Insights Dashboard
- Pentest Reports
- Attack Surface Graph
- Surface Shaper
- EvoGraph — Attack Chain Evolution
- Data Export & Import
Contributing
Reference & Help