Skip to content
/ backfire.htb-SSRF-RCE-Exploit Public

Custom exploit script developed for the Hack The Box 'Backfire' machine, demonstrating an SSRF vulnerability leading to remote code execution

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ClearLotus-git/backfire.htb-SSRF-RCE-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
SSRF_RCE.py
SSRF_RCE.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

backfire.htb SSRF + RCE Exploit

This Python script targets the backfire.htb box on Hack The Box and demonstrates a chained SSRF and RCE attack against the Havoc Teamserver exposed internally.

Description

  • Registers a fake agent with the teamserver
  • Opens a socket
  • Authenticates using WebSocket
  • Creates a listener
  • Injects an SSRF payload that results in Remote Code Execution (RCE)

Key Features

  • AES encryption/decryption support for teamserver communication
  • WebSocket handshake and payload framing
  • Custom socket message formatting for Havoc communication
  • SSRF + command injection payload delivery

Based On

  • Internal mechanics of the Havoc framework
  • Techniques observed during enumeration of the backfire.htb machine

Tested On

  • Python 3.9+

How to Run:

Install dependencies:

pip install -r requirements.txt

Run:

python3 backfire-exploit.py -t https://backfire.htb:8443 -i 127.0.0.1 -p 40056

About

Custom exploit script developed for the Hack The Box 'Backfire' machine, demonstrating an SSRF vulnerability leading to remote code execution

Topics

htb hackthebox rce-exploit backfire

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages