This article details the solving of the “Anonymous” challenge in the Excel 2025 CTF, showcasing techniques like XXE injection, server bypasses, and remote code execution. The author achieved 24th place by exploiting vulnerabilities, which involved web exploitation, file upload bypasses, and system command execution. #XXE #FileUploadBypass
Keypoints
- The challenge involved exploiting an XXE vulnerability to gain initial access.
- Hidden hosts and configuration files were discovered through system enumeration.
- Bypass techniques included manipulating file extensions and metadata to upload a web shell.
- Successful upload of the PHP shell allowed command execution and flag retrieval.
- The challenge demonstrated a variety of skills including web exploitation, reverse engineering, and OSINT.