I’m working on an Identifying SSRF exercise and have successfully identified an open port (80) using fuzzing, so everything is progressing well so far. However, I’m having trouble locating the flag. I tried accessing http://127.0.0.1:80/flag.txt, but I receive a “404 Not Found” response.
Fuzzing Ports:
Use the following ffuf command to fuzz the ports: ffuf -w ports.txt -u http://10.129.94.22/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "dateserver=http://127.0.0.1:FUZZ/&date=2024-01-01" -fr "Failed to connect"
Finding the Flag:
You’ll get responses for three ports. Try connecting to each of them to locate the flag.
I did manage to find those 3 ports. I tend moved to BURP and use the http://IP:PORT when I use port 3306 I receive an error “Received HTTP/0.9 when not allowed” .
Can you help? Possibly provide more context on what you mean by connecting to those ports in number 2.