SSRF room is another informational room that teaches you about new type of vulnerabilities.
the room is fairly simple so only solutions will be provided, it’s also a part of Jr Penetration Tester path.
What does SSRF stand for?
server-side request forgeryAs opposed to a regular SSRF, what is the other type?
blindFor the next question the answer to the website will be
server.website.thm/flag?id=9&so what happens above is we added our own website and then we added ‘&’ since it means a new variable for the server, so it’ll be ignored and the server will process the first one which is our SSRF.
What is the flag from the SSRF Examples site?
THM{SSRF_MASTER}What website can be used to catch HTTP requests from a server?
requestbin.comWhat method can be used to bypass strict rules?
Open RedirectWhat IP address may contain sensitive data in a cloud environment?
69.254.169.254What type of list is used to permit only certain input?
Allow ListWhat type of list is used to stop certain input?
Deny ListWhat is the flag from the /private directory?
THM{YOU_WORKED_OUT_THE_SSRF}and that would be all for this room, hope you got what you were looking for.
Recent Comments