TUTORIAL HTB Forge [Discussion]
by pheonix2021 - September 11, 2021 at 06:03 PM
#13
(September 11, 2021 at 09:41 PM)mobile1 Wrote:
(September 11, 2021 at 09:38 PM)v3c70r Wrote:
(September 11, 2021 at 09:37 PM)mobile1 Wrote: I tried on admin.forge.htb this on admin.forge.htb
X-Originating-IP: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1 but not working, anyone?

Maybe we need this later. It only runs with localhost so maybe this is for root???

So how can we get user?
SSRF from admin subdomain???
#14
(September 11, 2021 at 09:49 PM)v3c70r Wrote:
(September 11, 2021 at 09:41 PM)mobile1 Wrote:
(September 11, 2021 at 09:38 PM)v3c70r Wrote:
(September 11, 2021 at 09:37 PM)mobile1 Wrote: I tried on admin.forge.htb this on admin.forge.htb
X-Originating-IP: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1 but not working, anyone?

Maybe we need this later. It only runs with localhost so maybe this is for root???

So how can we get user?
SSRF from admin subdomain???

How?
#15
No. Ssrf from forge.htb to a subdomain found by fuzzing subdomains.
#16
(September 11, 2021 at 09:53 PM)Ro0ted Wrote: No. Ssrf from forge.htb to a subdomain found by fuzzing subdomains.

What?
__________________
#17
so, please any tips from anybody ...
#18
any idea for root ????????????????????????????????/
#19
(September 11, 2021 at 10:36 PM)trustedsellx Wrote: any idea for root ????????????????????????????????/

what did you do for user? I'm on a subdomain but it's only localhost
#20
(September 11, 2021 at 10:36 PM)trustedsellx Wrote: any idea for root ????????????????????????????????/

Tutorial for user please?
#21
(September 11, 2021 at 10:36 PM)trustedsellx Wrote: any idea for root ????????????????????????????????/

DM me please how u work with second part and FTP ? Thanks!
#22
It's wired reaction from server if i try to manipulate the host header and access a /static

1. Target: forge.htb

GET /static/ HTTP/1.1
Host: admin.forge.htb
Content-Length: 6

HTTP/1.1 200 OK
Date: Sat, 11 Sep 2021 21:54:45 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 1118
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /static</title>
</head>
[..snip..]


2. Target: forge.htb

GET / HTTP/1.1
Host: admin.forge.htb
Content-Length: 6

HTTP/1.1 200 OK
Date: Sat, 11 Sep 2021 21:56:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 27
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8

Only localhost is allowed!
#23
(September 11, 2021 at 10:43 PM)imbus2 Wrote: It's wired reaction from server if i try to manipulate the host header and access a /static

1. Target: forge.htb

GET /static/ HTTP/1.1
Host: admin.forge.htb
Content-Length: 6

HTTP/1.1 200 OK
Date: Sat, 11 Sep 2021 21:54:45 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 1118
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
  <title>Index of /static</title>
</head>
[..snip..]


2. Target: forge.htb

GET / HTTP/1.1
Host: admin.forge.htb
Content-Length: 6

HTTP/1.1 200 OK
Date: Sat, 11 Sep 2021 21:56:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 27
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8

Only localhost is allowed!
Get any further? I'm in the same spot
#24
this some get user.txt, and don't know root
how make ssrf?

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB Unicode [Discussion] TDis7 74 7,193 1 minute ago
Last Post: morningstarx
TUTORIAL HTB Bolt [Discussion] pheonix2021 106 41,701 Yesterday at 05:26 AM
Last Post: CRY3PTR
TUTORIAL HTB Stacked [Discussion] pheonix2021 82 27,375 November 27, 2021 at 06:04 AM
Last Post: lowkeylokii

 Users browsing this thread: 1 Guest(s)