SSTI and Remote Code Execution Attack Chain
In this lab, you'll learn how to identify and exploit a Server Side Request Forgery (SSRF) vulnerability, in order to escalate to Remote Code Execution (RCE) via Server Side Template Injection (SSTI). When you've finished with this lab, you'll know how to exploit a vulnerable endpoint to obtain code execution on a remote system.
Terms and conditions apply.
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Challenge
Exploiting Server Side Request Forgery (SSRF)
In this challenge, you will access a web application and identify a Server Side Request Forgery (SSRF) vulnerability by modifying application parameters. Once identified, the SSRF can be used to read local files (including the application source code) to identify additional application vulnerabilities.
Challenge
Exploiting Server Side Template Injection (SSTI)
In this challenge, you will analyze the application source code obtained in the previous challenge. The analysis will identify a Server Side Template Injection (SSTI) in the source code, which can be abused to obtain Remote Code Execution (RCE) on the host.
Challenge
The Last Challenge
Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- Using a Linux operating system
- Linux file system and common file locations
- High-level understanding of Python code