webPromedium

Lab 6 — HookRelay — SSRF via IPv6-Mapped-IPv4 Bypass

hackadvisor

Task: Webhook management platform with URL validation blocking internal IPv4 addresses (SSRF filter). Solution: Bypass the blocklist using IPv6-mapped IPv4 address [::ffff:127.0.0.1] to reach an internal metadata service on port 3001 and exfiltrate secrets via webhook delivery logs.

ssrf nodejs express internal_service webhook ipv6 url_validation blocklist_bypass ipv6_mapped_ipv4 metadata_endpoint

ssrf_via_webhookipv6_mapped_ipv4_bypassurl_validation_bypassinternal_service_enumerationwebhook_delivery_log_exfiltration

$ ls tags/ techniques/

ssrf nodejs express internal_service webhook ipv6 url_validation blocklist_bypass ipv6_mapped_ipv4 metadata_endpoint

ssrf_via_webhookipv6_mapped_ipv4_bypassurl_validation_bypassinternal_service_enumerationwebhook_delivery_log_exfiltration

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ cat writeup.md…

Sign in to access full writeups

Sign in to access full writeups

Similar writeups