TryHackme’s Advent of Cyber 2023 — Day 22 Writeup

SSRF Jingle Your SSRF Bells: A Merry Command & Control Hackventure

Learning Objectives

- Understanding server-side request forgery (SSRF)

- Which different types of SSRF are used to exploit the vulnerability

- Prerequisites for exploiting the vulnerability

- How the attack works

- How to exploit the vulnerability

- Mitigation measures for protection

Understanding SSRF (Server-Side Request Forgery)

SSRF, short for server-side request forgery, stands as a critical security vulnerability in web applications. This occurs when an attacker manipulates a web application into making unauthorized requests to internal or external resources on behalf of the server. The repercussions of leaving web applications susceptible to SSRF are significant, potentially resulting in unauthorized access to internal systems, remote code execution (RCE), data breaches, or a compromised application.

Types of SSRF Attacks:
1. Basic SSRF: In a basic attack, the assailant sends a crafted request from the vulnerable server to internal or external resources. This could involve attempts to access files on the local file…