Course

In this lab, you will explore the Server Side Request Forgery (SSRF) vulnerability, which allows attackers to use a web application's functionality to access internal resources. The goal is to understand how to manipulate the server into making HTTP requests on your behalf, a technique that can be highly effective in various attack scenarios. This challenge is inspired by a presentation at BlackHat titled "Viral Video: Exploiting SSRF In Video Converters."

The application in this challenge uses FFMPEG to encode user-provided videos. By exploiting this functionality, you can leak the content of the file `/app/key.txt` to retrieve the key for the challenge. You can either use the tool `FFmpeg-HLS-SSRF` to get the file's content or build your own exploit. The task is simplified by requiring only the first line of the file to obtain the key.