Server-side Attacks Blind SSRF port scanning

SanBot · July 27, 2024, 10:27pm

I have only discovered port 80 as open so far. I tried using Burp Suite and also created my own Python script, but it still shows only port 80 as open.

Am I misunderstanding the task?

Example POST request used:

POST /index.php HTTP/1.1
Host: 10.129.143.34
Content-Length: 51
Content-Type: application/x-www-form-urlencoded
dateserver=http://10.129.143.34:{port}/index.php

cellecram · August 13, 2024, 8:11pm

Hey @SanBot,
you can just use ffuf the same way it was used in the “Identifying SSRF” section.

Make sure you change the value of the filter regex -fr to the new response you get for accessing an invalid open port during the Blind SSRF

Kind regards,
Cel

Topic		Replies	Views
HTB Academy - Server-side Attacks Blind SSRF Academy noob , server-side-attack , academy	3	93	October 9, 2024
Blind SSRF Exploitation Example Off-topic server-side-attack	0	61	July 15, 2024
Blind SSRF Exploitation Example Academy academy , htb-academy	1	1674	February 6, 2023
Help Needed with Identifying SSRF Flag Location Academy	3	41	October 30, 2024
Web service & api attacks Academy	6	984	March 4, 2024

Server-side Attacks Blind SSRF port scanning

Related topics