In this post, we demonstrated how to exploit SSRF to discover internal hidden services. We performed privilege escalation using Wget exploit CVE-2016-4971. We used lab material from HackTheBox Kotarak.
SSRF or server side request forgery is a vulnerability that allows an attacker to control and manipulate URL parameters to access internal resources or discover hidden services.
Wget Exploit CVE-2016-4971
The exploit works when the [wget] version is before [1.18].
Create a [.wgetrc] config file on your machine and type in the below content.
Create and host the config file with an FTP server using python.
Start a listener on your machine.
Transfer the exploit to the target machine and run it
Download HTB Kotarak Learning Material in PDF