Thursday, December 28, 2023

TRYHACKME’S ADVENT OF CYBER 2023 ( DAY 22 )

 

Day 22 - "Jingle Your SSRF Bells: A Merry Command & Control Hackventure"

The learning objectives for day 22 were:

  • Understanding server-side request forgery (SSRF)
  • Which different types of SSRF are used to exploit the vulnerability
  • Prerequisites for exploiting the vulnerability
  • How the attack works
  • How to exploit the vulnerability
  • Mitigation measures for protection

In this task we learned what server-side request forgery is, what the different types of ssrf attacks are, how it works and how to hack the c2 server using ssrf and mitigation measures.

we found a link to an endpoint in the login page and used ssrf to gain access.

Click here to see the tutorial.


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

MY EXPERIENCE ON ADVENT OF CYBER 2023

  Tryhackme’s advent of cyber 2023 was a great experience, it was very beginner friendly and they provided well setup labs with a storyline ...