In this post, we demonstrated how to exploit SSRF to discover internal hidden services. We performed privilege escalation using Wget exploit CVE-2016-4971. We used lab material from HackTheBox Kotarak.

SSRF or server side request forgery is a vulnerability that allows an attacker to control and manipulate URL parameters to access internal resources or discover hidden services.

Wget Exploit CVE-2016-4971

The exploit works when the [wget] version is before [1.18].

Create a [.wgetrc] config file on your machine and type in the below content.

Create and host the config file with an FTP server using python.

Start a listener on your machine.

Transfer the exploit to the target machine and run it

Download HTB Kotarak Learning Material in PDF

Get OSCP Certificate Notes

Video Walk-Through