Open in app

Sign in

Write

Sign in

10.2 Lab: Basic SSRF against another back-end system | 2023

This lab has a stock check feature that fetches data from the internal system. Use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete Carlos to solve lab | Karthikeyan Nagaraj

Karthikeyan Nagaraj
2 min readSep 30, 2023

Description

This lab has a stock check feature which fetches data from an internal system.

To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete theuser carlos.

Pre-Requisite:

10.1 Lab: Basic SSRF against the local server | 2023

This lab has a stock check feature which fetches data from an internal system.To solve the lab, change the stock check…

cyberw1ng.medium.com

Solution

  1. Click a Product and Check out the Stock Checking Functionality
  2. Capture the request, you can see that there is a parameter called stockAPI which has an encoded string
  3. Send the request to the decoder and click smart decode to decode the string and know that it is directing to a internal page
  4. Here, instead of adding http://localhost/admin, we have to add the IP Address which ranges from 192.168.0.0 to 192.168.0.255 like http://192.168.0.X:8080/admin
  5. So, send the request to Intruder, clear the payloads, then select the X in Ip address and click add.
  6. Move to payloads tab, choose numbers in payload
  7. Then set the start value to 1 , then end to 255 and step by 1
  8. Now, start the attack then you can able to see a 200 status code in response
  9. View the response of that request and note the IP address is http://192.168.0.24:8080/admin
  10. Now send that request with the IP we found in the repeater
  11. Now you can able to see that the response is successful and on inspecting the code you can get the URL to delete user Carlos
  12. If you are using a professional version, you can render the response for a better result
  13. Copy the URL that we found on 4th step’s response
  14. Now Paste it on the stock API Parameter to solve the Lab

Cyberw1ng

Learn Cyber Security and Create Awareness ~ cyberwing Stay tuned with me, Subscribe and Like the Videos... Ask Doubts…

www.youtube.com

If you would like to support me so that I could create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials

Cybersecurity
Hacking
Penetration Testing
Bug Bounty
Careers

--

--

Karthikeyan Nagaraj

Written by Karthikeyan Nagaraj

8.3K Followers

Security Researcher | Bug Hunter | Web Pentester | CTF Player | TryHackme Top 1% | AI Researcher | Blockchain Developer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams