https://gcpgoat.joshuajebaraj.com/
Scenario-1 Attacking Compute Engine
- Deployment
./create-scenario-1.sh
Web Server: 35.194.173.109
2. Enumerating web server and finding ssrf-
a. This web app loads websites and shows http responses-
b. Intercept the http traffic in burp proxy and submit collaborator domain in url we got HTTP interaction from IP 35.194.173.109 validating the SSRF-
3. Exploiting SSRF-
Header- Metadata-Flavor: Google
Note: “Metadata-Flavor: Google” http header is required with ssrf request in GCP.
URL- http://169.254.169.254/computeMetadata/v1/?recursive=true&alt=text