Tanuki is a flashcard web app with an XML-based deck export and a JSON-driven restore endpoint. The server secretly round-trips your JSON through an XML template with DTD processing enabled — giving you a path to read arbitrary files off the server without any out-of-band channel. Your goal is to exfiltrate the flag at /app/flag.txt entirely in-band.
Objective: Enumerate the real path to the flag file by testing multiple candidates, recognizing that common paths (/etc/passwd, /proc/self/cmdline) return a deliberate decoy string.
Context: The app returns 'Flag is in a different file' for /etc/passwd and /proc/self/cmdline — these are intentional red herrings. Wrong paths (e.g. /flag.txt) leave the entity reference literal and unresolved. The flag lives at /app/flag.txt.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
Common Linux file paths return misleading content here. Think about where a Node/Express app's working files would actually live inside a container.
Try paths like /app/flag.txt, /var/app/flag.txt, /home/node/flag.txt. A resolved but decoy result means the path exists but is a trap. An unresolved &xxe; means the path doesn't exist. Actual flag content means you found it.
Use the dtd + name injection from the previous step but change the SYSTEM path. Try "file:///app/flag.txt" — a Node app deployed in Docker typically runs from /app. If name returns a bug{...} string, that is the flag.
Chat with a spoiler-safe tutor for this step. It uses only this lab spec and gives the smallest useful nudge first.
Tell the tutor what you tried, where you got stuck, or paste the response/error you are seeing.
Enjoying Hintru? Buy me a coffee ☕ ☕