In this post, we demonstrated how to exploit SSRF to discover internal hidden services. We performed privilege escalation using Wget exploit CVE-2016-4971. We used lab material from HackTheBox Kotarak.

SSRF or server side request forgery is a vulnerability that allows an attacker to control and manipulate URL parameters to access internal resources or discover hidden services.

Wget Exploit CVE-2016-4971

The exploit works when the [wget] version is before [1.18].

Create a [.wgetrc] config file on your machine and type in the below content.

Create and host the config file with an FTP server using python.

Start a listener on your machine.

Transfer the exploit to the target machine and run it

Download HTB Kotarak Learning Material in PDF

Get OSCP Certificate Notes

Video Walk-Through

 
About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles