CVE-2023-27163

Hack-The-Box-Sau WP

HTB-Sau 评级为easy，这个赛季打的第一个盒子。回顾来看确实很easy，但是在reverse shell的时候卡了很久。sh反向shell不行的时候就换一下其他的语言的反向shell。 拿到ip后nmap扫一下： nmap -sS -p- -Pn --open --min-hostgroup 1024 --min-parallelism 1024 -T4 -v 101011224 -sS SYN半连�

Poc of SSRF for Request-Baskets (CVE-2023-27163)

CVE-2023-27163 Poc of SSRF for Request-Baskets (CVE-2023-27163) based on this code from entr0pie The PoC is expanded to fuzz the content of another web service (local or otherwise) and return the content of the files found Usage python3 CVE-2023-27163py <BaseURL>:<Port> -t <Target>:<Port> -w <wordli

CVE-2023-27163 SSRF for Requests Baskets 121 This repository contains a Proof-of-Concept for CVE-2023-27163, a Server-Side Request Forgery (SSRF) vulnerability discovered in request-baskets up to version 121 Getting Started Executing program SSRF Execution python3 exploitpy -u 'requestsbasket/' -w wordlisttxt -s 'localhost/'

CVE-2023-27163 Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

CVE-2023-27163 Request-Baskets v121 - Server-side request forgery (SSRF) request-baskets up to v121 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name} This vulnerability allows attackers to access network resources and sensitive information via a crafted API request Installation git clone githubcom/0xFTW/CVE-202

To assist in enumerating the webserver behind the webserver SSRF CVE-2023-27163

Thank you to @beet1e(githubcom/b33t1e) from Shanghai Jiao Tong University and @chenlibo147 , @houqinsheng, 202037049@mailsdueducn from Shandong University Please review notessjtueducn/s/MUUhEymt7# for indepth information about the SSRF vulnerability (CVE-2023-27163) This code is for enumerating the internal server using the SSRF in request-baskets If a

PoC CVE-2023-27163, SSRF, request-baskets hasta v1.2.1

CVE-2023-27163 PoC CVE-2023-27163, SSRF, request-baskets hasta v121 Ejemplo de uso my_scriptsh -i 101011111 -f 'localhost:80' -t 10101427 -i ip de servidor victima -f ip o dirección a donde dirigir las conexiones producidas por el SSRF -t en esta opción va su ip local o la ip atacante, para generación del archivo revsh, exponer el archiv

Golang PoC for CVE-2023-27163 Mailtrail Exploit

CVE-2023-27163 This code is meant for educational and white-hat purposes only The author takes no responsibility for anything you do with this YOUR ACTIONS ARE YOUR OWN

Python implementation of CVE-2023-27163

CVE-2023-27163 Python implementation of CVE-2023-27163 Installation To install the project dependencies, follow these steps: Clone the repository: git clone githubcom/your_username/your_repositorygit` Navigate into the project directory: cd your_repository Install the dependencies usi

Proof-of-Concept for Server Side Request Forgery (SSRF) in request-baskets (<= v.1.2.1)

PoC of SSRF on Request-Baskets (CVE-2023-27163) This repository contains a Proof-of-Concept (PoC) for CVE-2023-27163, a Server-Side Request Forgery (SSRF) vulnerability discovered in request-baskets up to version 121 This vulnerability allows attackers to access network resources and sensitive information by exploiting the /api/baskets/{name} component through a crafted API

Requests Baskets (CVE-2023-27163) and Mailtrail v0.53

Automatic Exploit Summary The following exploit abuses Requests Baskets v121 SSRF vulnerability to forward the internal application running at 127001:80 to the external application at /pwned Once the Mailtrail v053 application has been forwarded it will execute a reverse shell command against it and within a few seconds the user should obtain a reverse shell onto the mac

CVE-2023-27163 - Request Baskets SSRF

CVE-2023-27163 - Request Baskets SSRF Request Baskets SSRF PoC Request Baskets versions &lt;121 are vulnerable to Server Side Request Forgery (SSRF) attacks via the /api/baskets/{name} component usage git clone githubcom/rvizx/CVE-2023-27163 cd CVE-2023-27163 chmod +x exploitsh /exploitsh &lt;target_url&gt; &a

A tool to perform port scanning using vulnerable Request-Baskets

CVE-2023-27163-InternalProber CVE-2023-27163-InternalProber is a powerful tool designed to help you to create a request basket and perform port scanning It automates the creation of new basket and then change the configuration for each port to perform port scanning on the internal IP address By leveraging this tool, you can efficiently discover potential security vulnerabili

Writeup of the room called "Sau" on HackTheBox done for educational purposes.

Sau First I started a scan with nmap to discover the open services on the target host $ sudo nmap -sS -Pn --max-retries 1 --min-rate 20 -p- 101011224 [sudo] password for kali: Starting Nmap 793 ( nmaporg ) at 2023-09-11 14:25 CEST Warning: 101011224 giving up on port because retransmission cap hit (1) Nmap scan report for 101011224 Host is up (0059s laten

CVE-2023-27163

CVE-2023-27163 CVE-2023-27163

Proof of Concept for Server Side Request Forgery (SSRF) in request-baskets (V<= v.1.2.1)

Proof Of Concept of SSRF on Request-Baskets (CVE-2023-27163) This repository contains a Proof-of-Concept (PoC) for CVE-2023-27163, a Server-Side Request Forgery (SSRF) vulnerability discovered in request-baskets up to version 121 This vulnerability allows attackers to access network resources and sensitive information by exploiting the /api/baskets/{name} component through a

PoC for SSRF in request-baskets v1.2.1 (CVE-2023-27163)

CVE-2023-27163 This is a PoC for CVE-2023-27163 which is a SSRF vulnerability present in request-baskets upto v121 This vulnerability allows attackers to access sensitive network resources via /api/baskets/{name} The request-baskets contains a functionality where a user can specify another server to forward the requests The issue here is that the user can also specify unin

Walkthrough for the retired HTB machine 'Sau'

sau HTB retired machine | Linux (easy) First, we perform an nmap scan to detect various services 22/tcp open ssh OpenSSH 82p1 Ubuntu 4ubuntu07 (Ubuntu Linux; protocol 20) | ssh-hostkey: | 3072 aa8867d7133d083a8ace9dc4ddf3e1ed (RSA) | 256 ec2eb105872a0c7db149876495dc8a21 (ECDSA) |_ 256 b30c47fba2f212ccce0b58820e504336 (ED25519) 80/tcp filtered http 8338/

Server-Side Request Forgery exploit for Request Baskets up to version 1.2.1

SSRF Vulnerability Exploit for Request-Baskets (CVE-2023-27163) This repository presents an exploit demonstrating the Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2023-27163 in the request-baskets project, up to version 121 Exploiting this vulnerability enables attackers to forward HTTP requests to an internal/private HTTP service How It Operates ? Thi

A exploit for the CVE-2023-27163 (SSRF) vulnerability in the web application request-baskets (<= v.1.2.1)

CVE-2023-27163 WarningThis is an educational project, I am not responsible for any use Exploit Exploit for CVE-2023-27163, an SSRF vulnerability discovered in request-baskets in all versions below 121 This vulnerability allows attackers to exploit the /api/baskets/{name} component via a manipulated API request What is it and how does it work? Request-baskets is a web appli

HackTheBox-Sau Reconnaissance First, we use nmap to see what services and at what ports are open/active in the server As we can see, we found 4 ports 2 that are open which are 22 (SSH) and 55555 (Unknown), and then 2 that are filtered which are 80 (HTTP) and 8338 (Unknown) First i'd like to check if the open port other than SSH is a web or not And it is a web, and the

this is a script that exploits the CVE-2023-27163 vulnerability which is request-basket SSRF

basketcraft this is a script that exploits the CVE-2023-27163 vulnerability which is an SSRF in the request-baskets version 121 SSRF on Request-Baskets (CVE-2023–27163) CVE-2023–27163 represents a critical Server-Side Request Forgery (SSRF) vulnerability that was identified in Request-Baskets, affecting all versions up to 121 This particular vulnerability grant