Day 22

SSRF Jingle Your SSRF Bells: A Merry Command & Control Hackventure

Learning Objectives

• Understanding server-side request forgery (SSRF)

• Which different types of SSRF are used to exploit the vulnerability

• Prerequisites for exploiting the vulnerability

• How the attack works

• How to exploit the vulnerability

• Mitigation measures for protection

This room is again a very straightforward one with all commands and instructions already given. We just need to follow along and run them.

Is SSRF the process in which the attacker tricks the server into loading only external resources (yea/nay)? 
[REDACTED]

What is the C2 version?
[REDACTED]

What is the username for accessing the C2 panel?
[REDACTED]

What is the flag value after accessing the C2 panel?
[REDACTED]

This is shown upon logging in to the C2 panel.

What is the flag value after stopping the data exfiltration from the McSkidy computer?
[REDACTED]

This can be found after removing the correct agent.