Web - Server
Friday 26 June 2020, 02:00 #1
Web - Server - Server Side Request Forgery
Hi all!
I’m trying to solve the SSRF challenge. Without spoiling it, I could exploit the SSRF to run commands as Apache. But I’m not able to escalate privileges to root to read /passwd.
Is privilege escalation part of the challenge or did I miss something?
Saturday 27 June 2020, 01:13 #3
Web - Server - Server Side Request Forgery
Yes, I know it sounds weird considering the words I used... But I was able to leverage the SSRF to get a shell that runs as Apache. I can execute commands, but don’t have the right permissions to get the flag by reading /passwd.
I sent you a DM with more details :)