Web service & api attacks

Can you leverage the SSRF vulnerability to identify port 3002 listening locally on the web server? Answer format: Yes, No

I don’t get it?

dfgdfdfgdfd@htb[/htb]$ echo "http://<VPN/TUN Adapter IP>:<LISTENER PORT>" | tr -d '\n' | base64
dfgdfdfgdfd@htb[/htb]$ curl "http://<TARGET IP>:3000/api/userinfo?id=<BASE64 blob>"

the api is at port 3000, other application are utilizing 3002 and no SSRF on 3002.
So what’s the solution to the question? (obviously not by guessing yes or no. lol.)

Hey, have you figured it out?

Yes, I mean, I got the correct answer on that question by guessing “Yes”.
But I still didn’t get the solution to arrive at that answer.

same ahah