Skip to content

ClearLotus-git/backfire.htb-SSRF-RCE-Exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 

Repository files navigation

backfire.htb SSRF + RCE Exploit

This Python script targets the backfire.htb box on Hack The Box and demonstrates a chained SSRF and RCE attack against the Havoc Teamserver exposed internally.

Description

  • Registers a fake agent with the teamserver
  • Opens a socket
  • Authenticates using WebSocket
  • Creates a listener
  • Injects an SSRF payload that results in Remote Code Execution (RCE)

Key Features

  • AES encryption/decryption support for teamserver communication
  • WebSocket handshake and payload framing
  • Custom socket message formatting for Havoc communication
  • SSRF + command injection payload delivery

Based On

  • Internal mechanics of the Havoc framework
  • Techniques observed during enumeration of the backfire.htb machine

Tested On

  • Python 3.9+

How to Run:

Install dependencies:

pip install -r requirements.txt

Run:

python3 backfire-exploit.py -t https://backfire.htb:8443 -i 127.0.0.1 -p 40056

About

Custom exploit script developed for the Hack The Box 'Backfire' machine, demonstrating an SSRF vulnerability leading to remote code execution

Topics

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages