How to exploit a blind SSRF?
HTML-код
- Опубликовано: 1 авг 2024
- 👩🎓👨🎓 Today, we are going to dive deeper into SSRF by exploiting a blind one using ShellShock in an example lab.
Overview:
00:00 Introduction
00:15 Checking out the webshop
00:25 Getting a request in Burp
00:50 Sending request to Repeater
01:10 Referer header
02:00 Getting Burp collaborator link
02:30 Blind SSRF
03:30 How to exploit blind SSRFs
04:00 ShellShock
05:10 Scanning internal network using Intruder
07:30 Getting RCE using ShellShock
09:00 Outro
For more information, check out blog.intigriti.com/hackademy/....
🔗 Portswigger XXS Challenge: portswigger.net/web-security/...
---
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / pinkdraconian ( @PinkDraconian ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com/
THanks so much for this video Intigriti!!!! You guys are awesomee
Our pleasure!
Thanks for another briliant tutorial .Great job
👊
Thanks for sharing. Nice video :)
Thank you!
That's an interesting explanation!!! Thanks
Glad you liked it!
Thnx!
Welcome!
Nice.
Thanks.
On every target ,do we have to try same IP? or where can we get IP?
This is something you'd have to guess. Read up on private IP ranges and then you'll see which to scan!
Awesome as usual ma man 🤩 but why did u put this { foo;} ? and what is his role in this process 🙃
Thank you! The "foo" bit isn't needed, shellshock payloads often just use "() {:;}" to declare the bash function.
@@intigriti i see thanks again ❤
Thanks
Welcome
😍😍😍
😘
i used other commands like id, /etc/passwd .. they are not working.why only whoami command working?
There could be a number of measures in place preventing you from running other commands.
4:14 when you say is any host in the internal network vuln to shellshock, internal network meaning origin server or would you also have to bypass a CDN like CloudFlare or AWS in order to exploit?
Once you've found and exploited the SSRF, it's the web server scanning the internal network which is unlikely to be protected.
This vulnerability is common is websites?
SSRFs have become quite common!
This is it time to shut them down. lol JK
👀 😋
First!
🏎