PwnedLabs - Exploit SSRF with Gopher for GCP Initial Access (Cloud Pentesting)

Exploit SSRF with Gopher for GCP Initial Access Target IP Address: 35.226.245.121 ENUMERATION From the initial port scan, ports 22 (SSH) and 80 (HTTP) are open, while ports 1433, 3389, and 5432 are closed. After viewing the landing page and moving onto the shop page, inspecting the elements reveals the site uses a Google Cloud Storage bucket . On the profile.php page, we can test for a Server-Side Request Forgery (SSRF) vulnerability. EXPLOITATION Using the file:///etc/passwd payload, we are able to view the local /etc/passwd file, proving that the application is vulnerable to SSRF. To pivot into the cloud environment, we will gather information about the VM metadata. First, we query for the associated service account using the following Gopher payload: gopher://metadata.google.internal:80/xGET%2520/computeMetadata/v1/instance/service-accounts/%2520HTTP%252f%2531%252e%2531%250AHost:%2520metadata.google.internal%250AAccept:%2520%252a%252f%252a%250aMetadata-Flavor:%2520Google%250d%250a T

PwnedLabs - Exploit SSRF with Gopher for GCP Initial Access (Cloud Pentesting)

Related Articles

The US Military’s GPS Software Is an $8 Billion Mess

The Promise of 'Woke 2' Is Fueling a Leftist Fever Dream

This HP gaming laptop just dropped under $1,000 - a rarity during the RAM-pocalypse

Galaxy Watch users in the US can finally track their blood pressure - here's what you need

Runtime type checking is great (2023)

Related Articles

News
The US Military’s GPS Software Is an $8 Billion Mess
Wired • 11h ago

News
The Promise of 'Woke 2' Is Fueling a Leftist Fever Dream
Wired • 11h ago

News
This HP gaming laptop just dropped under $1,000 - a rarity during the RAM-pocalypse
ZDNet • 12h ago

News
Galaxy Watch users in the US can finally track their blood pressure - here's what you need
ZDNet • 12h ago

News
Runtime type checking is great (2023)
Lobsters • 12h ago