Oct 24, 2023, 12:20 PM
hello! some any hints
|
challenges ProxyAsAService
by h2m0nRe-d0b1e - Tuesday October 24, 2023 at 12:20 PM
|
|
Oct 24, 2023, 05:52 PM
Actually, the challenge is to get a private url through the vuln of the ssrf type, on a running docker it looks like this:
``` /app # curl localhost:1337/debug/environment {"Environment variables":{"FLAG":"HTB{f4k3_fl4g_f0r_t3st1ng}" ``` But trust only local ip, ofcourse XFF don't work/ I think exploitation proxy redirect in this variable `target_url = f'http://{SITE_NAME}{url}'`. And this need tricks.
Oct 24, 2023, 07:23 PM
(This post was last modified: Oct 24, 2023, 07:45 PM by h2m0nRe-d0b1e.)
Oh, I see log got it ?url=@ , but response block this rules RESTRICTED_URLS = ['localhost', '127.', '192.168.', '10.', '172.']
Upd\ get local address some else and done
Oct 29, 2023, 09:11 PM
Any updates, did you manage to do it?
Oct 30, 2023, 11:44 AM
Oct 30, 2023, 06:05 PM
Oct 31, 2023, 12:10 PM
(Oct 30, 2023, 06:05 PM)nighteliteace Wrote:(Oct 30, 2023, 11:44 AM)h2m0nRe-d0b1e Wrote:(Oct 29, 2023, 09:11 PM)nighteliteace Wrote: Any updates, did you manage to do it? check this out: https://github.com/swisskyrepo/PayloadsA...ombination |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 46 | 3,602 |
45 minutes ago Last Post: fuck_you_bytetobreach |
||
| [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot | 98 | 9,010 |
8 hours ago Last Post: Zacker90 |
||
| SVCHOST Injector 2026 | 0 | 79 |
Yesterday, 01:41 PM Last Post: opsecmaster67 |
||
| Cold Seal 5.6 cracked Sensitive information can be exposed or stolen | 0 | 67 |
Yesterday, 01:38 PM Last Post: opsecmaster67 |
||
| EagleRAT v2.5 Create backdoor access points | 0 | 61 |
Yesterday, 01:37 PM Last Post: opsecmaster67 |
||