Day 22

SSRF Jingle Your SSRF Bells: A Merry Command & Control Hackventure

Learning Objectives

Understanding server-side request forgery (SSRF)
Which different types of SSRF are used to exploit the vulnerability
Prerequisites for exploiting the vulnerability
How the attack works
How to exploit the vulnerability
Mitigation measures for protection

This room is again a very straightforward one with all commands and instructions already given. We just need to follow along and run them.

Is SSRF the process in which the attacker tricks the server into loading only external resources (yea/nay)? 
[REDACTED]

What is the C2 version?
[REDACTED]

What is the username for accessing the C2 panel?
[REDACTED]

What is the flag value after accessing the C2 panel?
[REDACTED]

This is shown upon logging in to the C2 panel.

What is the flag value after stopping the data exfiltration from the McSkidy computer?
[REDACTED]

This can be found after removing the correct agent.

PreviousDay 21 NextDay 23

Last updated 2 years ago