Help Needed with Identifying SSRF Flag Location

Hello everyone, I hope you’re all doing great!

I’m working on an Identifying SSRF exercise and have successfully identified an open port (80) using fuzzing, so everything is progressing well so far. However, I’m having trouble locating the flag. I tried accessing http://127.0.0.1:80/flag.txt, but I receive a “404 Not Found” response.

Does anyone have any hints on where I might find the flag or how I should proceed from here?

Thank you in advance for any guidance!

Try finding using /user.txt

sadly it didn’t work, but thank you for helping!

The problem solved !

Steps:
  1. Fuzzing Ports:
    Use the following ffuf command to fuzz the ports:
    ffuf -w ports.txt -u http://10.129.94.22/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "dateserver=http://127.0.0.1:FUZZ/&date=2024-01-01" -fr "Failed to connect"

  2. Finding the Flag:
    You’ll get responses for three ports. Try connecting to each of them to locate the flag.

Hello,

I did manage to find those 3 ports. I tend moved to BURP and use the http://IP:PORT when I use port 3306 I receive an error “Received HTTP/0.9 when not allowed” .

Can you help? Possibly provide more context on what you mean by connecting to those ports in number 2.

Thx

I figured it out, I was assuming things. They never told us that availability.php was available on whatever endpoint port we found. I tried the root.